[Pdns-users] scripting the recursor

Aaron Sinclair aaron at sinclairs.co.nz
Wed Jun 14 04:58:56 UTC 2017

Hi All.. Hope someone can give a pointer to get me moving forward.  

I have a RPZ file loaded, and would like to allow certain users to bypass the RPZ default policy.   

This is working and the correct answer is given, however it's stored in cache and any subsequent request get the answer directly from the packet cache.  This means if a client that is not in the exlusion list queries the domain shortly after then they will get the cached response.

I'd like do something like check in prerpz() whether the domain is in the rpz zone, and not cache it.  
The problem is 
1. I don't know how to check for/find a domain within a RPZ Policy
2. and more importantly, dq.variable doesn't seem to have any affect in prerpz()

Any help, pointers or hints would be GREATLY appreciated. 

PowerDNS Recursor 4.0.5


rpzMaster("", "somedrop.rpz.com",{defpol=Policy.Custom, defcontent='block.mydomain.com', policyName='blocklist'})



allowBlockAccess = newCAS()

function prerpz(dq)
	 if allowBlockAccess:check(dq.remoteaddr) then
  return false


More information about the Pdns-users mailing list