[Pdns-users] dp.variable when changing RPZ policy action?
MRob
mrobti at insiberia.net
Tue Apr 17 06:29:20 UTC 2018
On 2018-04-17 05:42, MRob wrote:
> PowerDNS blog recommends setting dq.variable when a domain response is
> part of the loaded block list.
> https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/
>
> But this example for modifying policy actions does not set dq.variable:
> https://doc.powerdns.com/md/recursor/scripting/#modifying-policy-decisions
>
> Is that oversight, should I set dq.variable if the policy action is
> liable to changing? After all, it does affect the returned result.
> Though in testing, I find the correct response for both cases of
> client requested blocking or not blocking (how does it respond correct
> with the wrong value in cache?)
I see the reason dq.variable is not used in this example is that there
is not optional function. Never the less I want to pose the question:
If I change policy action, is the original query result cached or the
result after the policy action is considered? Thus should I need to
consider setting dq.variable in this scenarios?
As you read in my last msg above, I see response is correct for both
blocked client and non blocked client when assumedly only one answer is
cached this makes me think that the policy action is not considered when
applying a value to cache. Can you comment?
> PS, when dq.variable is set is this forcing referral to authoritative
> name server on every query? Is there performance implications to
> consider?
And that?
More information about the Pdns-users
mailing list