On Wed, Jan 19, 2022 at 04:54:25PM +0000, Clint Anderson via Pdns-users wrote:
> Otto & Walter - Thank you for the replies! > > Otto, > > My assumption was that the cache is the most efficient and if it was in the > cache, it would return the cached answer and never go looking for an update. > Thank you for the clarification on the zoneToCache functionality, seems I was > barking up the wrong tree. RPZ is a good way. Quick DB access from Lua can be done, but might be hard to get right as there are potential pitfallls with respect to threading, Lua contexts and ffi, to name a few. An completely different way is to use dnsdist, which can access either a CDB of LMDB database via https://dnsdist.org/rules-actions.html#KeyValueStoreLookupRule -Otto > > If using the cache is not the way to go, what is the best, most efficient > way, to block half a million (500,000) or more domains? I do not have any > experience using RPZ files, but I did read up on it and it seems to be the > best way to go. Trying to load 500,000 domains into a file and running a Lua > "preresolve" script seems like it would require more system resources and not > be as efficient, but I would love to hear your opinion on it. > > Thank you very much for your time & help! > > Cheers, > Clint > > > Hi All, > > > > BackGround: > > PowerDNS Recursor v4.6.0 > > I have the example from the docs > > (https://doc.powerdns.com/recursor/lua-config/ztc.html) working perfectly: > > zoneToCache(".", "url", "https://www.internic.net/domain/root.zone";, { > > refreshPeriod = 0 }) > > > > > > Problem: > > I'd like to load a "BlackList" file (or multiple BlackList files) the same > > way, but I have no idea what file format the PDNS zoneToCache function is > > looking for. In a perfect world, I'd like to be able to take a list of > > domains like this: > > > > Domain1.com > > Domain2.com > > Domain3.com > > *.Domain3.com > > Domain4.com > > Sub.Domain4.com > > Sub2.Domain4.com > > > > And load them via the zoneToCache feature, and have them all point to a > > specific, common IP Address, like 192.168.1.100, but I can't seem to figure > > out how to accomplish this. > > > > Any thoughts, examples, or suggestions would be greatly appreciated. Thank > > you very much for your time & help. > > The format is the zone file format see e.g. > https://en.wikipedia.org/wiki/Zone_file > > But the zone to cache is not for overriding. It is meant to be used for > keeping the cache hot. The recursor will replace records your are trying to > override with data retrieved from the net in some cases. > > To override names there are two mechanisms available: Lua interception [1] > and RPZ [2]. > > [1] https://docs.powerdns.com/recursor/lua-scripting/hooks.html > [2] > https://docs.powerdns.com/recursor/lua-config/rpz.html#response-policy-zones-rpz > > -Otto > _______________________________________________ > Pdns-users mailing list > Pdns-users@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
