well if I am running authoritative and recursive on the same server, won't
the authoritative only pass a request if it can't handle it ? that way the
white listed sites get handled by the authoritative via the database and the
recursive only gets what's left ... the sites to reject. Is that right
https://gist.github.com/cmouse/6454629
You could try something like this. If CNAME does not suite you, feel
free to change it to pdns.A with some IP address as content.
Aki
On Thu, Sep 05, 2013 at 08:14:47AM -0700, chayes wrote:
> Aki,
>
> That sounds like a good solution but I don't know how t
Well, it is not recommended setup.
But if you insist, I'd place the recursor before the auth, and use
forward-zones-file=authdomains
which is a file that contains
domain=127.0.1.1 (you can configure your auth to listen this)
This is better setup, as it also prevents you from doing accidents.
Aki,
That sounds like a good solution but I don't know how to implement it.
Could you please be more specific with examples?
I have not gotten nxdomain to work and don't know how to send the CNAME.
Thanks,
Cliff
--
View this message in context:
http://powerdns.13854.n7.nabble.com/Why-is-pdns
I don't think you can do other than blacklisting with auth. I think you have
more luck with LUA in resolver. Just keep a list of domains you want to permit
and if not on the list, send evil-record IN CNAME www.youwontgetthere.com which
resolves from somewhere.
Aki
On Thu, Sep 05, 2013 at 07:33:4
John,
You are correct. I am trying to build a white-list dns.
So for example, if I wanted to white-list cnn.com then I would have
sufficient domains and records in the pdns database to cover it (corrected
info below).
And if a user attempted to browse to a site that was not allowed, like
gamb
Hi!
We use 3 pdns servers, two of them are syncronized with the first one.
For a concrete zone, we created two A records for the same host with two
different IPs:
cloud1.hospedajeydominios.com. 600 INA46.29.49.1
cloud1.hospedajeydominios.com. 600 INA46.29.49.101
The problem is th
Hi Cliff,
If you haven't already got things worked out, mind if I take a step back
and make sure I understand the problem you're trying to solve?
Am I correct that you're looking for your DNS server to only answer queries
(successfully, anyhow) for records that are in your database? And you want
