Re: [Pdns-users] Lua control of config settings?
On 2018-04-17 05:24, MRob wrote: On 2018-04-16 10:55, MRob wrote: On 2018-04-16 10:09, Remi Gacogne wrote: On 04/16/2018 12:03 PM, MRob wrote: According to this, you *should* be able to load a million domains into LUA without problem. That's the same method this person said crashed recursor with much less https://git.mauras.ch/Various/powerdns_recursor_ads_blocking Are there other people who have experience? It shouldn't crash the recursor and if you can reproduce the crash and share the reproduction method I would be happy to look into it. ok maybe I will try it but can any people comment is there pros or cons to implementing a block list using Policy Zones instead comparing to loading the file direct into a big list? I have policy zone based blocklisting working but only with a few test domains in zone file I tested with over 500.000 domain list using both methods. RPZ pauses at startup while loading the zone, using Lua domain list pauses when first query comes and the server forks its workers. RPZ pause feels a couple seconds slower, but not scientific measurement. Only RPZ gave this error: Unable to load RPZ zone from '.rpz': name too long I had to comment out long domain lines. Can someone indicate what the maximum domain name length should be? Max full domain name should be 253 but RPZ refuses to load a domain in my list that is 246 chars. What is pdns max length? After startup, responsiveness seems normal using both methods but it's just one person test visiting a few different sites so I can't give solid data. Still wonder on this question: Are there another reasons to consider why or why not to use RPZ vs. loading domain list direct in Lua? Is the mechanism to look up domain in RPZ different than lookup in a Lua Domain Set? Any factors to consider? Thanks. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 2018-04-16 10:55, MRob wrote: On 2018-04-16 10:09, Remi Gacogne wrote: On 04/16/2018 12:03 PM, MRob wrote: According to this, you *should* be able to load a million domains into LUA without problem. That's the same method this person said crashed recursor with much less https://git.mauras.ch/Various/powerdns_recursor_ads_blocking Are there other people who have experience? It shouldn't crash the recursor and if you can reproduce the crash and share the reproduction method I would be happy to look into it. ok maybe I will try it but can any people comment is there pros or cons to implementing a block list using Policy Zones instead comparing to loading the file direct into a big list? I have policy zone based blocklisting working but only with a few test domains in zone file I tested with over 500.000 domain list using both methods. RPZ pauses at startup while loading the zone, using Lua domain list pauses when first query comes and the server forks its workers. RPZ pause feels a couple seconds slower, but not scientific measurement. Only RPZ gave this error: Unable to load RPZ zone from '.rpz': name too long I had to comment out long domain lines. Can someone indicate what the maximum domain name length should be? After startup, responsiveness seems normal using both methods but it's just one person test visiting a few different sites so I can't give solid data. Are there another reasons to consider why or why not to use RPZ vs. loading domain list direct in Lua? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 2018-04-16 10:09, Remi Gacogne wrote: On 04/16/2018 12:03 PM, MRob wrote: According to this, you *should* be able to load a million domains into LUA without problem. That's the same method this person said crashed recursor with much less https://git.mauras.ch/Various/powerdns_recursor_ads_blocking Are there other people who have experience? It shouldn't crash the recursor and if you can reproduce the crash and share the reproduction method I would be happy to look into it. ok maybe I will try it but can any people comment is there pros or cons to implementing a block list using Policy Zones instead comparing to loading the file direct into a big list? I have policy zone based blocklisting working but only with a few test domains in zone file ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 04/16/2018 12:03 PM, MRob wrote: >> According to this, you *should* be able to load a million domains into >> LUA without problem. > > That's the same method this person said crashed recursor with much less > https://git.mauras.ch/Various/powerdns_recursor_ads_blocking > Are there other people who have experience? It shouldn't crash the recursor and if you can reproduce the crash and share the reproduction method I would be happy to look into it. -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 2018-04-16 07:01, Brian Candler wrote: On 15/04/2018 22:08, MRob wrote: I read about how recursor can be used to block queries for tracking domains: https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ You may find this interesting: https://www.powerdns.com/resources/2016%20UKNOF%20filtering%20bert%20hubert.pdf According to this, you *should* be able to load a million domains into LUA without problem. That's the same method this person said crashed recursor with much less https://git.mauras.ch/Various/powerdns_recursor_ads_blocking Are there other people who have experience? But you can also do lookups in a CDB file. Do you know where I can find info about this? There is tinydns backend, maybe there is a way in LUA preresolve function to do lookup to different backend? Ignore backend otherwise. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 15/04/2018 22:08, MRob wrote: I read about how recursor can be used to block queries for tracking domains: https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ You may find this interesting: https://www.powerdns.com/resources/2016%20UKNOF%20filtering%20bert%20hubert.pdf According to this, you *should* be able to load a million domains into LUA without problem. But you can also do lookups in a CDB file. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] Lua control of config settings?
On 2018-04-15 21:08, MRob wrote: I read about how recursor can be used to block queries for tracking domains: https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ But I also read it chokes recursor if the list is many thousands domains: https://git.mauras.ch/Various/powerdns_recursor_ads_blocking So using forward-zones-file is a good solution but I want to use the optional solution provided in the PDNS Blog where some client IP address are filtered some are not. Can I turn "forward-zones-file" on/off in Lua preresolve function? Maybe another option to use "etc-hosts-file" but same questions can it be turn on/off and does it handle say 500.000 domains? Also I found response policy zones, maybe this is a best solution. Does RPZ stand up to example 500.000 domains in a local RPZ file? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] Lua control of config settings?
I read about how recursor can be used to block queries for tracking domains: https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ But I also read it chokes recursor if the list is many thousands domains: https://git.mauras.ch/Various/powerdns_recursor_ads_blocking So using forward-zones-file is a good solution but I want to use the optional solution provided in the PDNS Blog where some client IP address are filtered some are not. Can I turn "forward-zones-file" on/off in Lua preresolve function? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
