>> I have previously used PowerDNS recursor and RPZ while treating all >> query sources equally. This works fine. >> >> I'm now trying to use RPZ to block copyright type domains selectively >> based on source IP from the query, by using Lua discardPolicy. I'm >> seeing an unexpected interaction with the packet cache.
... >> My question is basically: Is this behavior expected? I find it highly >> surprising, since it basically means that the RPZ functionality (and >> whether it works or not) depends on packetcache contents. > > Yes, this is expected. Look at > > https://docs.powerdns.com/recursor/lua-scripting/dq.html#DNSQuestion.variable > > for the solution. Thank you, that got me a bit further. But I'm not where I want to be yet. DNSQuestion.variable will let me decide whether an answer should be inserted into the packet cache or not. But using this in the prerpz hook I have (so far) not found a way to make insertion in the packet cache dependent on the *policy name* - which is what I'm trying to achieve here. If I have rpzFile("/usr/local/etc/pdns/a.zone", {policyName="a"}) rpzFile("/usr/local/etc/pdns/b.zone", {policyName="b"}) rpzFile("/usr/local/etc/pdns/c.zone", {policyName="c"}) is there a way to excempt *only* policy "c" from the packet cache? Steinar Haug, AS2116 _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users