I am new to powerdns and wanted to implement a kind of extended
sinkhole by whitelisting some domains by using a RPZ file.
The aim is
- to allow only certain domain(s) for a certain IP but drop all other
domains
- and allow all domains for all other clients
You might try dnSentry[1], a tool I wrote, which acts as an allowlist
based DNS firewall for PowerDNS Recursor. It's a Lua-based application
rather than RPZ.
It works the same for all clients (allowing if config allows, denying if
not) but you could probably add source IP discrimination without too
much trouble.
I think, but am not sure, that it'll cache the way you'd like.
HTH,
gowen
[1] https://github.com/gowenfawr/dnSentry
--
gowen -- Greg Owen -- go...@swynwyr.com
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
