[Pdns-users] Recursor: Black list
curtis at maurand.com
Mon Oct 20 14:54:21 UTC 2014
On 10/20/2014 9:40 AM, Ciro Iriarte wrote:
> 2014-10-17 13:35 GMT-03:00 ktm at rice.edu <ktm at rice.edu>:
>>>> Hi Ciro,
>>>> We used a CDB key value store. It was easy to use/update and had
>>>> very good performance. "grepping" is O(n*n) so it will tank as
>>>> your list grows and you really don't want to slow down your DNS
>>> Hi Ken, I'll look at the LUA+CDB mix given it seems more elegant, any
>>> document specific for PDNS you can point me to?
>> No PDNS specific documentation, we used the CDB map to allow the
>> blacklist to be update without needing to restart the recursor
>> and lose all the cached DNS lookups. We wrote a function similar
>> to the example Lua script using a CDB map instead.
> Hi Ken!, would you be willing to publish/share your implementation?.
> Having two different rules (two groups, each group with different
> answers), do you think it's best to use two scripts?, or just push
> more data to the CDB (A record expected + answer) and use one script?
I've been looking for a way to do this as well. I would think that a
separate pdns instance on a different server than your main dns would do
the trick or have one bound to one address and a second instance bound
to another using separate databases. I tried setting up a zone and
delegating it to the current DNS and that doesn't work. It's an
interesting problem. Currently I'm using iptables on my mail servers,
but that get's unwieldy and unmanageable in a hurry. I've also done it
with spamassassin rules, but that also get's to be unmanageable, too.
curtis at maurand.com <mailto:curtis at maurand.com>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pdns-users