[dnsdist] Large domain list blocking via DNS

Remi Gacogne remi.gacogne at powerdns.com
Mon Dec 13 08:51:24 UTC 2021

Hi Jahanzeb,

On 13/12/2021 08:00, Jahanzeb Arshad via dnsdist wrote:
> We want to implement blocking of large number (3M+) of undesirable 
> domains (adult/malware) via DNS. We have tested using PowerDNS recursor 
> and it is working in test environment. For blocking we have use LUA dns 
> script with domains in sqlite3 DB. Can we do same on DNSDIST as we are 
> using it as load balancer on front of all our resolver DNS. Does DNSDIST 
> support LUA with sqlite3 or other database.

The Lua code would be quite different in dnsdist but you can do 
something similar using a LuaAction [1] and DNSAction.Spoof [2], like we 
do in our regression tests [3].

I would suggest considering different options than a sqlite database if 
you are dealing with a huge number of queries, though. dnsdist provides 
native support for looking into a CDB or LMBD database, for example [4].

[1]: https://dnsdist.org/advanced/luaaction.html
[2]: https://dnsdist.org/reference/constants.html#dnsaction
[4]: https://dnsdist.org/reference/kvs.html

Hope that helps,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20211213/3f681156/attachment.sig>

More information about the dnsdist mailing list