[Pdns-users] Recursor: Black list
Ciro Iriarte
cyruspy at gmail.com
Mon Oct 20 16:42:20 UTC 2014
2014-10-20 11:54 GMT-03:00 Curtis Maurand <curtis at maurand.com>:
> On 10/20/2014 9:40 AM, Ciro Iriarte wrote:
>
> 2014-10-17 13:35 GMT-03:00 ktm at rice.edu <ktm at rice.edu>:
>
> Hi Ciro,
>
> We used a CDB key value store. It was easy to use/update and had
> very good performance. "grepping" is O(n*n) so it will tank as
> your list grows and you really don't want to slow down your DNS
> lookups.
>
> Regards,
> Ken
>
> Hi Ken, I'll look at the LUA+CDB mix given it seems more elegant, any
> document specific for PDNS you can point me to?
>
> Regards,!
>
> Hi,
>
> No PDNS specific documentation, we used the CDB map to allow the
> blacklist to be update without needing to restart the recursor
> and lose all the cached DNS lookups. We wrote a function similar
> to the example Lua script using a CDB map instead.
>
> Regards,
> Ken
>
> Hi Ken!, would you be willing to publish/share your implementation?.
> Having two different rules (two groups, each group with different
> answers), do you think it's best to use two scripts?, or just push
> more data to the CDB (A record expected + answer) and use one script?
>
> Regards,
>
>
> I've been looking for a way to do this as well. I would think that a
> separate pdns instance on a different server than your main dns would do the
> trick or have one bound to one address and a second instance bound to
> another using separate databases. I tried setting up a zone and delegating
> it to the current DNS and that doesn't work. It's an interesting problem.
> Currently I'm using iptables on my mail servers, but that get's unwieldy and
> unmanageable in a hurry. I've also done it with spamassassin rules, but
> that also get's to be unmanageable, too.
>
> --Curtis
>
>
>
>
> --
> Curtis Maurand
> curtis at maurand.com
> 207-252-7748
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
Does that mean that the recursor can only handle one LUA script?.
Regards,
--
Ciro Iriarte
http://iriarte.it
--
More information about the Pdns-users
mailing list