[Pdns-users] Lua Script to block a list of domains and redirect to a block page

Aki Tuomi cmouse at cmouse.fi
Mon Feb 13 06:49:59 UTC 2023


> On 02/13/2023 8:38 AM EET Clifford Dsouza via Pdns-users <pdns-users at mailman.powerdns.com> wrote:
> 
> 
> Hi,
> 
> 
> I am using powerdns recursor 4.8.2 and the lua version is Lua 5.1.4
> 
> 
> Am trying to achieve the function to block a list of domains via the below lua script and then redirect the request to a local block page
> 
> 
> -- Define new Domain Set
> blocked_domains=newDS()
> -- Load Domain Set from the file. Format of the file is: 'return {"a.com", "b.com", "a.fb.com"}'
> blocked_domains:add(dofile("/etc/pdns-recursor/full_list_13-11-2019.lua"))
> -- blocked_domains:add(dofile("/etc/pdns-recursor/blocked_domains.txt"))
> -- define a preresolve() function which gets called by PowerDNS to determine what to do with a domain
> function preresolve(dq)
> -- If we see that a query name is not part of one of the blocked domains,
> -- or the query is not for an IP(v6) address, we return false and the normal resolution process continues.
> if(not blocked_domains:check(dq.qname) or (dq.qtype ~= pdns.A and dq.qtype ~= pdns.AAAA)) then
> return false
> 
> 
> else
> 
> 
> dq:addAnswer(pdns.A, "192.168.8.48")
> return true
> end
> end
> 
> 
> 
> The thing is that this script only blocks and redirect the user if the site is an http domain, if its a https domain no block page is displayed though the site does not open
> 

You'd also need a **valid** https certificate for your random https domains, which I suppose you won't easily get? 

> 
> how do i improve the script so that the domain is blocked and redirected to the block page even if its a https site, some where on the internet it refered to set the code to nxdomain and then redirect the request to the block page but i cant get the code right, some help will be much appreciated.
> 
> 

DNS does not work like this, it doesn't really involve in anything about what kind of connection you are going to make. It's about finding out values, such as IP addresses, for keys, such as domain names.

> 
> 
> also currently I have redirected the block page to the IP "192.168.8.48" can i also get the code to redirect to a domain name instead of an IP address?
> 
> 

Return 'IN CNAME block.page.com'.

> Thanks you
> 
> 
> Regards,
> Clifford Dsouza
> 

Regards,
Aki


More information about the Pdns-users mailing list