2014-10-20 13:29 GMT-03:00 Robert Mortimer <r...@scramworks.net>: > Hi, > > Just to add a bit less light, we implemented this sort of thing about 5 years > back > and now with the aid of a small script have a solution which is fully RPZ > compatable. Using PDNS recursor and LUA, which can hadle an RPZ feed of about > four > thousand records and around 5,000 QPS. We did stress test briefly with a > 11,000 item > RPZ feed. > > As said no need to restart when it updates just do a LUA reload. Hopefully I > should be able to release what we did soon - am waiting for permission from > our > legal types. > > Really not sure if that helps any, except to say it's very doable and can be > quite stable. > >
RPZ seem really interesting, and I see there was a request for it in the past*. The thing is, we have direct requests from local government agencies to ban some domains with legal issues (mandated by a judge for example), and we were just approached about being able to block sites from the Internet Watch Foundation black list also (with their own landing page). Both cases will be redirected to different sites, and each has its own data source. Currently on bind we just define the domain as authoritative and it's kind of a hassle. Also, I thought about adding some helpful LUA bits to report date/time or the client's IP address, but from what I understood, only one LUA script can be added to the recursor, maybe a super monster script could be able to achieve all that. Ref: * http://mailman.powerdns.com/pipermail/pdns-users/2012-December/009451.html Regards, -- Ciro Iriarte http://iriarte.it -- _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
