[Pdns-users] Recursor: Black list

Ciro Iriarte cyruspy at gmail.com
Mon Oct 20 19:00:23 UTC 2014


2014-10-20 15:15 GMT-03:00 bert hubert <bert.hubert at netherlabs.nl>:
> On Mon, Oct 20, 2014 at 01:12:07PM -0500, ktm at rice.edu wrote:
>> > Also, I thought about adding some helpful LUA bits to report date/time
>> > or the client's IP address, but from what I understood, only one LUA
>> > script can be added to the recursor, maybe a super monster script
>> > could be able to achieve all that.
>
> Ciro,
>
> We could allow chaining Lua scripts eventually, but I'm more interested in
> a solution that works for people. Is everyone happy with RPZ for blacklist
> purposes?
>
>> I would use a single Lua script for all of it. I am trying to find my
>> sample using CDB to post.
>
> Hi Ken,
>
> That would be great, perhaps we could ship a version of that as a contrib/.
>
>         Bert
>

Reading a little more about RPZ it seems to be tailored at Bind's
convenience, just define a special zone were you could add FQDNs to
override. That doesn't seem usual for pdns-recursor, I might be wrong.
It would be nice to keep the solution simple, and as clean as it can
fit pdns-recursor. It doesn't need to be with RPZ, unless the use
cases mandate to copy blindly this special zones from the authorities
(it's not the case on my end).


Ref:
http://jpmens.net/2011/04/26/how-to-configure-your-bind-resolvers-to-lie-using-response-policy-zones-rpz/

Regards,

-- 
Ciro Iriarte
http://iriarte.it
--




More information about the Pdns-users mailing list