[Pdns-users] Sinkhole with whitelisting by using RPZ
Greg Owen
gowen at swynwyr.com
Sat Apr 9 17:26:11 UTC 2022
>I am new to powerdns and wanted to implement a kind of extended
>sinkhole by whitelisting some domains by using a RPZ file.
>
>The aim is
>
>- to allow only certain domain(s) for a certain IP but drop all other
>domains
>- and allow all domains for all other clients
You might try dnSentry[1], a tool I wrote, which acts as an allowlist
based DNS firewall for PowerDNS Recursor. It's a Lua-based application
rather than RPZ.
It works the same for all clients (allowing if config allows, denying if
not) but you could probably add source IP discrimination without too
much trouble.
I think, but am not sure, that it'll cache the way you'd like.
HTH,
gowen
[1] https://github.com/gowenfawr/dnSentry
--
gowen -- Greg Owen -- gowen at swynwyr.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20220409/c47bc3fa/attachment.htm>
More information about the Pdns-users
mailing list