[Pdns-users] Recursor: Black list

ktm at rice.edu ktm at rice.edu
Mon Oct 20 18:12:07 UTC 2014


On Mon, Oct 20, 2014 at 02:09:05PM -0300, Ciro Iriarte wrote:
> 2014-10-20 13:29 GMT-03:00 Robert Mortimer <robm at scramworks.net>:
> > Hi,
> >
> > Just to add a bit less light, we implemented this sort of thing about 5 years back
> > and now with the aid of a small script have a solution which is fully RPZ
> > compatable. Using PDNS recursor and LUA, which can hadle an RPZ feed of about four
> > thousand records and around 5,000 QPS. We did stress test briefly with a 11,000 item
> > RPZ feed.
> >
> > As said no need to restart when it updates just do a LUA reload. Hopefully I
> > should be able to release what we did soon - am waiting for permission from our
> > legal types.
> >
> > Really not sure if that helps any, except to say it's very doable and can be
> > quite stable.
> >
> >
> 
> RPZ seem really interesting, and I see there was a request for it in
> the past*. The thing is, we have direct requests from local government
> agencies to ban some domains with legal issues (mandated by a judge
> for example), and we were just approached about being able to block
> sites from the Internet Watch Foundation black list also (with their
> own landing page). Both cases will be redirected to different sites,
> and each has its own data source. Currently on bind we just define the
> domain as authoritative and it's kind of a hassle.
> 
> Also, I thought about adding some helpful LUA bits to report date/time
> or the client's IP address, but from what I understood, only one LUA
> script can be added to the recursor, maybe a super monster script
> could be able to achieve all that.
> 
> 
> Ref:
> * http://mailman.powerdns.com/pipermail/pdns-users/2012-December/009451.html
> 
> 
> Regards,
> -- 
> Ciro Iriarte
> http://iriarte.it
> --

Hi,

I would use a single Lua script for all of it. I am trying to find my
sample using CDB to post.

Regards,
Ken




More information about the Pdns-users mailing list