[Pdns-users] wpad filtering

Robert Mortimer robm at scramworks.net
Thu Nov 30 16:59:08 UTC 2017


Hi,

 I did something similar ti implement RPZ like functionality before PDNS had proper RPZ support and didn't notice any significant impact that was with a list of a few thousand records we where checking and seeing a few thousand QPS.

So it'll make a bit of difference but depending on how busy your server is you probably won't notice.

Of course your mileage may vary.

-- 
Robm
873
  "Ask not what I can do for the stupid, 
         but what the stupid can do for me" - Graeme Garden
On 30/11/2017 14:33:38, Mario Caruso <caruso at tiscali.com> wrote:
Il Thu, 30 Nov 2017 14:51:46 +0100
Remi Gacogne ha scritto:

> Hi Mario,

Hi Remi,
Thank you for the reply,

>
> On 11/30/2017 11:52 AM, Mario Caruso wrote:
> > I am trying to write a lua rule to somehow filter/capture
> > the wpad like dq.qname (http://allievi.sssup.it/techblog/archives/81)
> >
> > in my test environment (debian stretch and recursor version
> > 4.1.0~rc3-1pdns.stretch) I have this rule :
> >
> > -- US-CERT TA16-144A.
> > if (dq.qname:isPartOf(newDN("wpad")))
> > then
> > dq.rcode = 0
> > dq:addAnswer(pdns.A, "127.0.0.1")
> > return true;
> > end
> >
> > but this doesn't seem to work, maybe I am misinterpreting
> > the isPartOf method , or maybe I should use :toString and
> > then use lua pattern matching.
>
> isPartOf() returns true if the name is a sub-domain of the one passed in
> parameter, so here it would match any domain under the hypothetic .wpad
> TLD, which is not what you want. Lua pattern matching would be one of
> the various ways to do that, yes.

I switched the expression to this one

queryString=dq.qname:toString()

-- US-CERT TA16-144A.
if (querystring:match('^wpad%.'))
then
dq.rcode = 0
dq:addAnswer(pdns.A, "127.0.0.1")
return true;
end

and this is working in the test environment.

I would like to know what other admins thinks of this
approach, I mean can it affect performances as it is "casting"
to string every query ? Am I the only one doing this ?

thanks to everybody

M.
---------------------------
() ASCII Ribbon Campaign
/\ Against HTML E-Mail
---------------------------
This mail is ubuntu Hostile
---------------------------
_______________________________________________
Pdns-users mailing list
Pdns-users at mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20171130/45cb6613/attachment.html>


More information about the Pdns-users mailing list