Also make the 4.4.0 changes a bit more prominent in the docs and fix a few dead links.
.. _rpz:
Response Policy Zones (RPZ)
-===========================
+---------------------------
Response Policy Zone is an open standard developed by Paul Vixie (ISC and Farsight) and Vernon Schryver (Rhyolite), to modify DNS responses based on a policy loaded via a zonefile.
^^^^^^^^^^^^^^^^^
.. versionadded:: 4.5.0
-An extended error code (:rfc:`8914`) to set on RPZ hits. See :ref:`extended-errors`.
+An extended error code (:rfc:`8914`) to set on RPZ hits. See :ref:`setting-extended-resolution-errors`.
extendedErrorExtra
^^^^^^^^^^^^^^^^^^
.. versionadded:: 4.5.0
-An extended error extra text (:rfc:`8914`) to set on RPZ hits. See :ref:`extended-errors`.
+An extended error extra text (:rfc:`8914`) to set on RPZ hits. See :ref:`setting-extended-resolution-errors`.
maxTTL
^^^^^^
.. versionadded:: 4.5.0
- The current extended error code, if any. See :ref:`extended-errors`.
+ The current extended error code, if any. See :ref:`setting-extended-resolution-errors`.
.. attribute:: DNSQuestion.extendedErrorExtra
.. versionadded:: 4.5.0
- The current extended error extra text, as a string, if any. See :ref:`extended-errors`.
+ The current extended error extra text, as a string, if any. See :ref:`setting-extended-resolution-errors`.
.. attribute:: DNSQuestion.qname
The PowerDNS Recursor has a :doc:`policy engine based on Response Policy Zones (RPZ) <../lua-config/rpz>`.
Starting with version 4.0.1 of the recursor, it is possible to alter this decision inside the Lua hooks.
-If the decision is modified in a Lua hook, ``false`` should be returned, as the query is not actually handled by Lua so the decision is picked up by the Recursor.
-The result of the policy decision is checked after :func:`preresolve` and :func:`postresolve` before 4.4.0. Beginning with version 4.4.0, the policy decision is checked after :func:`preresolve` and any :func:`policyEventFilter` call instead.
+If the decision is modified in a Lua hook, ``false`` should be
+returned, as the query is not actually handled by Lua so the decision
+is picked up by the Recursor.
+
+Before 4.4.0, the result of the policy decision is checked after :func:`preresolve` and :func:`postresolve`. Beginning with version 4.4.0, the policy decision is checked after :func:`preresolve` and any :func:`policyEventFilter` call instead.
For example, if a decision is set to ``pdns.policykinds.NODATA`` by the policy engine and is unchanged in :func:`preresolve`, the query is replied to with a NODATA response immediately after :func:`preresolve`.
.. code-block:: Lua
+ -- This script demonstrates modifying policies for versions before 4.4.0.
+ -- Starting with 4.4.0, it is preferred to use a policyEventFilter.
-- Dont ever block my own domain and IPs
myDomain = newDN("example.com")
4.3.x to 4.4.0 or master
------------------------
+Repsonse Policy Zones (RPZ)
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+To conform better to the standard, RPZ processing has been modified.
+This has consequences for the points in the resolving process where matches are checked and callbacks are called.
+See :ref:`rpz` for details. Additionally a new type of callback has been introduced: :func:`policyEventFilter`.
+
+
Parsing of unknown record types
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The parsing (from zone files) of unknown records types (of the form
projects / thirdparty / pdns.git / commitdiff
