[Pdns-users] scripting the recursor
Peter van Dijk
peter.van.dijk at powerdns.com
Wed Jun 21 09:33:23 UTC 2017
Hello Aaron,
On 14 Jun 2017, at 6:58, Aaron Sinclair wrote:
> Hi All.. Hope someone can give a pointer to get me moving forward.
>
> I have a RPZ file loaded, and would like to allow certain users to
> bypass the RPZ default policy.
>
> This is working and the correct answer is given, however it's stored
> in cache and any subsequent request get the answer directly from the
> packet cache. This means if a client that is not in the exlusion list
> queries the domain shortly after then they will get the cached
> response.
Yes, the packet cache does not automatically distinguish between
clients.
> allowBlockAccess = newCAS()
> allowBlockAccess:add(dofile("allowBlockIPs"))
>
>
> function prerpz(dq)
> if allowBlockAccess:check(dq.remoteaddr) then
> dq:discardPolicy('blocklist')
> end
> return false
> end
Add ‘dq.variable = true’ right before ‘return false’ (but AFTER
‘end’), to disable the packet cache, or disable the packet cache
completely via recursor.conf.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the Pdns-users
mailing list