[Pdns-users] Using PowerDNS with Plesk/cPanel
Hi! We are still looking for experienced consultant to assist us with PowerDNS with Plesk/cPanel using notify. The aim is to create a single PowerDNS cluster for our DNS usage. We have already setup PowerDNS/Recursor/Poweradmin, but need assistance to configure and setup for our purpose. If you have done this before and able to help, do let us know! Warmest Regards, Jackson Yap ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] How to reload RPZ from file?
With:
rpzFile("dblfilename", {defpol=Policy.Custom,
defcontent="badserver.example.com"})
Is there a 'nice' way to make Recursor reload this file?
Does rec_control reload-zones do it?
Must I restart recursor?
___
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 2018-04-17 05:24, MRob wrote: On 2018-04-16 10:55, MRob wrote: On 2018-04-16 10:09, Remi Gacogne wrote: On 04/16/2018 12:03 PM, MRob wrote: According to this, you *should* be able to load a million domains into LUA without problem. That's the same method this person said crashed recursor with much less https://git.mauras.ch/Various/powerdns_recursor_ads_blocking Are there other people who have experience? It shouldn't crash the recursor and if you can reproduce the crash and share the reproduction method I would be happy to look into it. ok maybe I will try it but can any people comment is there pros or cons to implementing a block list using Policy Zones instead comparing to loading the file direct into a big list? I have policy zone based blocklisting working but only with a few test domains in zone file I tested with over 500.000 domain list using both methods. RPZ pauses at startup while loading the zone, using Lua domain list pauses when first query comes and the server forks its workers. RPZ pause feels a couple seconds slower, but not scientific measurement. Only RPZ gave this error: Unable to load RPZ zone from '.rpz': name too long I had to comment out long domain lines. Can someone indicate what the maximum domain name length should be? Max full domain name should be 253 but RPZ refuses to load a domain in my list that is 246 chars. What is pdns max length? After startup, responsiveness seems normal using both methods but it's just one person test visiting a few different sites so I can't give solid data. Still wonder on this question: Are there another reasons to consider why or why not to use RPZ vs. loading domain list direct in Lua? Is the mechanism to look up domain in RPZ different than lookup in a Lua Domain Set? Any factors to consider? Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dp.variable when changing RPZ policy action?
On 17/04/2018 08:44, MRob wrote: dq.variable is certain to be necessary here just like the other example. Only if you want to return different responses to different clients. If all your clients are subject to the same DNS filtering policy then you can leave the packet cache active. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dp.variable when changing RPZ policy action?
On 2018-04-17 05:42, MRob wrote: PowerDNS blog recommends setting dq.variable when a domain response is part of the loaded block list. https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ But this example for modifying policy actions does not set dq.variable: https://doc.powerdns.com/md/recursor/scripting/#modifying-policy-decisions Is that oversight, should I set dq.variable if the policy action is liable to changing? After all, it does affect the returned result. Though in testing, I find the correct response for both cases of client requested blocking or not blocking (how does it respond correct with the wrong value in cache?) I see the reason dq.variable is not used in this example is that there is not optional function. Never the less I want to pose the question: If I change policy action, is the original query result cached or the result after the policy action is considered? Thus should I need to consider setting dq.variable in this scenarios? As you read in my last msg above, I see response is correct for both blocked client and non blocked client when assumedly only one answer is cached this makes me think that the policy action is not considered when applying a value to cache. Can you comment? PS, when dq.variable is set is this forcing referral to authoritative name server on every query? Is there performance implications to consider? And that? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
