[dnsdist] Large domain list blocking via DNS
Remi Gacogne
remi.gacogne at powerdns.com
Mon Dec 13 08:51:24 UTC 2021
Hi Jahanzeb,
On 13/12/2021 08:00, Jahanzeb Arshad via dnsdist wrote:
> We want to implement blocking of large number (3M+) of undesirable
> domains (adult/malware) via DNS. We have tested using PowerDNS recursor
> and it is working in test environment. For blocking we have use LUA dns
> script with domains in sqlite3 DB. Can we do same on DNSDIST as we are
> using it as load balancer on front of all our resolver DNS. Does DNSDIST
> support LUA with sqlite3 or other database.
The Lua code would be quite different in dnsdist but you can do
something similar using a LuaAction [1] and DNSAction.Spoof [2], like we
do in our regression tests [3].
I would suggest considering different options than a sqlite database if
you are dealing with a huge number of queries, though. dnsdist provides
native support for looking into a CDB or LMBD database, for example [4].
[1]: https://dnsdist.org/advanced/luaaction.html
[2]: https://dnsdist.org/reference/constants.html#dnsaction
[3]:
https://github.com/PowerDNS/pdns/blob/7285a16693f67287c0d8151afbcefb7190b63cf3/regression-tests.dnsdist/test_Spoofing.py#L406
[4]: https://dnsdist.org/reference/kvs.html
Hope that helps,
--
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20211213/3f681156/attachment.sig>
More information about the dnsdist
mailing list