On 10/20/2014 9:40 AM, Ciro Iriarte wrote:
2014-10-17 13:35 GMT-03:00 k...@rice.edu <k...@rice.edu>:
Hi Ciro,
We used a CDB key value store. It was easy to use/update and had
very good performance. "grepping" is O(n*n) so it will tank as
your list grows and you really don't want to slow down your DNS
lookups.
Regards,
Ken
Hi Ken, I'll look at the LUA+CDB mix given it seems more elegant, any
document specific for PDNS you can point me to?
Regards,!
Hi,
No PDNS specific documentation, we used the CDB map to allow the
blacklist to be update without needing to restart the recursor
and lose all the cached DNS lookups. We wrote a function similar
to the example Lua script using a CDB map instead.
Regards,
Ken
Hi Ken!, would you be willing to publish/share your implementation?.
Having two different rules (two groups, each group with different
answers), do you think it's best to use two scripts?, or just push
more data to the CDB (A record expected + answer) and use one script?
Regards,
I've been looking for a way to do this as well. I would think that a
separate pdns instance on a different server than your main dns would do
the trick or have one bound to one address and a second instance bound
to another using separate databases. I tried setting up a zone and
delegating it to the current DNS and that doesn't work. It's an
interesting problem. Currently I'm using iptables on my mail servers,
but that get's unwieldy and unmanageable in a hurry. I've also done it
with spamassassin rules, but that also get's to be unmanageable, too.
--Curtis
--
Curtis Maurand
cur...@maurand.com <mailto:cur...@maurand.com>
207-252-7748
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
