On Fri, Feb 14, 2020 at 03:34:37PM +0100, Otto Moerbeek via Pdns-users wrote:
> On Fri, Feb 14, 2020 at 03:06:10PM +0100, Steinar Haug via Pdns-users wrote: > > > >> I have previously used PowerDNS recursor and RPZ while treating all > > >> query sources equally. This works fine. > > >> > > >> I'm now trying to use RPZ to block copyright type domains selectively > > >> based on source IP from the query, by using Lua discardPolicy. I'm > > >> seeing an unexpected interaction with the packet cache. > > > > ... > > > > >> My question is basically: Is this behavior expected? I find it highly > > >> surprising, since it basically means that the RPZ functionality (and > > >> whether it works or not) depends on packetcache contents. > > > > > > Yes, this is expected. Look at > > > > > > https://docs.powerdns.com/recursor/lua-scripting/dq.html#DNSQuestion.variable > > > > > > for the solution. > > > > Thank you, that got me a bit further. But I'm not where I want to be > > yet. DNSQuestion.variable will let me decide whether an answer should > > be inserted into the packet cache or not. But using this in the prerpz > > hook I have (so far) not found a way to make insertion in the packet > > cache dependent on the *policy name* - which is what I'm trying to > > achieve here. > > in preresolve(dq) dq.appliedPolicy.policyName should be available. > prerpz(dq) is too early in the process. To elaborate: name or client ip based policies will be set in preresolve(dq). For policies that are applied post resolve, you can add code in postresolve(dq). > > -Otto > > > > If I have > > > > rpzFile("/usr/local/etc/pdns/a.zone", {policyName="a"}) > > rpzFile("/usr/local/etc/pdns/b.zone", {policyName="b"}) > > rpzFile("/usr/local/etc/pdns/c.zone", {policyName="c"}) > > > > is there a way to excempt *only* policy "c" from the packet cache? > > > > Steinar Haug, AS2116 > > _______________________________________________ > > Pdns-users mailing list > > Pdns-users@mailman.powerdns.com > > https://mailman.powerdns.com/mailman/listinfo/pdns-users > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users