[Pdns-users] Are queries towards RPZ domains supposed to use the packet cache?
Otto Moerbeek
otto at drijf.net
Mon Feb 24 09:11:52 UTC 2020
On Mon, Feb 24, 2020 at 08:41:15AM +0100, Steinar Haug via Pdns-users wrote:
> >> > Thank you, that got me a bit further. But I'm not where I want to be
> >> > yet. DNSQuestion.variable will let me decide whether an answer should
> >> > be inserted into the packet cache or not. But using this in the prerpz
> >> > hook I have (so far) not found a way to make insertion in the packet
> >> > cache dependent on the *policy name* - which is what I'm trying to
> >> > achieve here.
> >>
> >> in preresolve(dq) dq.appliedPolicy.policyName should be available.
> >> prerpz(dq) is too early in the process.
> >
> > To elaborate: name or client ip based policies will be set in
> > preresolve(dq). For policies that are applied post resolve, you can
> > add code in postresolve(dq).
>
> Excellent, got that working. Thanks! Now a related question: How can
> I give some queries an extra RPZ policy, based on for instance IP of
> the querier?
>
> Steinar Haug, AS2116
Look at e.g. https://tools.ietf.org/id/draft-vixie-dnsop-dns-rpz-00.html#rfc.section.4.1
-Otto
More information about the Pdns-users
mailing list