Hi, I am new to powerdns and wanted to implement a kind of extended sinkhole by whitelisting some domains by using a RPZ file.
The aim is - to allow only certain domain(s) for a certain IP but drop all other domains - and allow all domains for all other clients The rpz is quite simple example.net <http://microsoft.com>. CNAME rpz-passthru. ; allow for all including 192.168.16.100 *.example.net <http://microsoft.com> CNAME rpz-passthru. ; allow for all including 192.168.16.100 32.100.16.168.192.rpz-client-ip CNAME rpz-drop. ; drop every other request for 192.168.16.100 0.0.0.0.0.rpz-client-ip CNAME rpz-passthru. ; allow all domains for all other clients This works perfect unless an allowed client resolves a records forbidden for 192.168.16.100 as afterwards this record is answered from the cache for 192.168.16.100. I already saw discussions on the precendes of cached records like https://www.mail-archive.com/pdns-users@mailman.powerdns.com/msg10763.html However the solution to disable caching via https://docs.powerdns.com/recursor/lua-scripting/dq.html#DNSQuestion.variable for certain records is in a blacklisting scenario workable but not in a whitelisting like scenario as above. It would mean that I would need to disable caching for all records but the the whitelisted ones. Is there a solution for my scenario let me still utilize caching? Thanks
_______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/pdns-users
