Created
February 17, 2014 15:22
-
-
Save 42wim/9052552 to your computer and use it in GitHub Desktop.
PowerDNS LUA script which filters out malware domains (redirect to new IP or NXDOMAIN response)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
baddomain = Set{ | |
"retro-7-3.cz.cc.", | |
"x0a.in.", | |
"x0c.ru.", | |
"x1g.in.", | |
"x3b.ru.", | |
} | |
-- the actual file contains > 20k domains from malwaredomains.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Set (list) | |
local set = {} | |
for _, l in ipairs(list) do set[l] = true end | |
return set | |
end | |
dofile("/etc/powerdns/baddomains.lua") | |
function preresolve ( remoteip, domain, qtype ) | |
if baddomain[domain] then | |
-- pdnslog ("prequery handler called for: "..remoteip.." on "..getlocaladdress().." for domain "..domain); | |
return 0, {{qtype=pdns.A, content="1.2.3.4"}} -- redirect to an ip | |
-- return pdns.NXDOMAIN, {} -- or NXDOMAIN, uncommment this and comment above to use NXDOMAIN | |
end | |
return -1, {} | |
end | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment