Re: [Pdns-users] dp.variable when changing RPZ policy action?
On 17/04/2018 08:44, MRob wrote: dq.variable is certain to be necessary here just like the other example. Only if you want to return different responses to different clients. If all your clients are subject to the same DNS filtering policy then you can leave the packet cache active. ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
Re: [Pdns-users] dp.variable when changing RPZ policy action?
On 2018-04-17 05:42, MRob wrote: PowerDNS blog recommends setting dq.variable when a domain response is part of the loaded block list. https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ But this example for modifying policy actions does not set dq.variable: https://doc.powerdns.com/md/recursor/scripting/#modifying-policy-decisions Is that oversight, should I set dq.variable if the policy action is liable to changing? After all, it does affect the returned result. Though in testing, I find the correct response for both cases of client requested blocking or not blocking (how does it respond correct with the wrong value in cache?) I see the reason dq.variable is not used in this example is that there is not optional function. Never the less I want to pose the question: If I change policy action, is the original query result cached or the result after the policy action is considered? Thus should I need to consider setting dq.variable in this scenarios? As you read in my last msg above, I see response is correct for both blocked client and non blocked client when assumedly only one answer is cached this makes me think that the policy action is not considered when applying a value to cache. Can you comment? PS, when dq.variable is set is this forcing referral to authoritative name server on every query? Is there performance implications to consider? And that? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
[Pdns-users] dp.variable when changing RPZ policy action?
PowerDNS blog recommends setting dq.variable when a domain response is part of the loaded block list. https://blog.powerdns.com/2016/01/19/efficient-optional-filtering-of-domains-in-recursor-4-0-0/ But this example for modifying policy actions does not set dq.variable: https://doc.powerdns.com/md/recursor/scripting/#modifying-policy-decisions Is that oversight, should I set dq.variable if the policy action is liable to changing? After all, it does affect the returned result. Though in testing, I find the correct response for both cases of client requested blocking or not blocking (how does it respond correct with the wrong value in cache?) By the way, this example has typo, Lua uses ~= but the example uses != PS, when dq.variable is set is this forcing referral to authoritative name server on every query? Is there performance implications to consider? ___ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
