On Fri, Feb 14, 2020 at 03:06:10PM +0100, Steinar Haug via Pdns-users wrote:
> >> I have previously used PowerDNS recursor and RPZ while treating all > >> query sources equally. This works fine. > >> > >> I'm now trying to use RPZ to block copyright type domains selectively > >> based on source IP from the query, by using Lua discardPolicy. I'm > >> seeing an unexpected interaction with the packet cache. > > ... > > >> My question is basically: Is this behavior expected? I find it highly > >> surprising, since it basically means that the RPZ functionality (and > >> whether it works or not) depends on packetcache contents. > > > > Yes, this is expected. Look at > > > > https://docs.powerdns.com/recursor/lua-scripting/dq.html#DNSQuestion.variable > > > > for the solution. > > Thank you, that got me a bit further. But I'm not where I want to be > yet. DNSQuestion.variable will let me decide whether an answer should > be inserted into the packet cache or not. But using this in the prerpz > hook I have (so far) not found a way to make insertion in the packet > cache dependent on the *policy name* - which is what I'm trying to > achieve here. in preresolve(dq) dq.appliedPolicy.policyName should be available. prerpz(dq) is too early in the process. -Otto > > If I have > > rpzFile("/usr/local/etc/pdns/a.zone", {policyName="a"}) > rpzFile("/usr/local/etc/pdns/b.zone", {policyName="b"}) > rpzFile("/usr/local/etc/pdns/c.zone", {policyName="c"}) > > is there a way to excempt *only* policy "c" from the packet cache? > > Steinar Haug, AS2116 > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users