[Pdns-users] scripting the recursor

Peter van Dijk peter.van.dijk at powerdns.com
Wed Jun 21 09:33:23 UTC 2017

Hello Aaron,

On 14 Jun 2017, at 6:58, Aaron Sinclair wrote:

> Hi All.. Hope someone can give a pointer to get me moving forward.
> I have a RPZ file loaded, and would like to allow certain users to 
> bypass the RPZ default policy.
> This is working and the correct answer is given, however it's stored 
> in cache and any subsequent request get the answer directly from the 
> packet cache.  This means if a client that is not in the exlusion list 
> queries the domain shortly after then they will get the cached 
> response.

Yes, the packet cache does not automatically distinguish between 

> allowBlockAccess = newCAS()
> allowBlockAccess:add(dofile("allowBlockIPs"))
> function prerpz(dq)
> 	 if allowBlockAccess:check(dq.remoteaddr) then
>    	dq:discardPolicy('blocklist')
>   	end
>   return false
> end

Add ‘dq.variable = true’ right before ‘return false’ (but AFTER 
‘end’), to disable the packet cache, or disable the packet cache 
completely via recursor.conf.

Kind regards,
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

More information about the Pdns-users mailing list