The SBF (which is maintained separately per recursor thread) cell size defaults to 67108864, which can be changed using the setting ``unique-response-db-size``. The same caveats regarding FPs/FNs apply as for NOD.
-Similarly to NOD, administrators may wish to prevent certain domains or subdomains from ever triggering the UDR algorithm, in which case those domains must be added to the ``udr-ignore-list`` setting as a comma separated list. No domain (or subdomain of a domain) listed will be considered a new unique domain response.
+Similarly to NOD, administrators may wish to prevent certain domains or subdomains from ever triggering the UDR algorithm, in which case those domains must be added to the ``udr-ignore-list`` setting as a comma separated list. No domain (or subdomain of a domain) listed will be considered a new unique domain response. It is also possible to use ``udr-ignore-list-file`` to read a file with ignored domains, one domain per line.
Similarly to NOD, unique domain responses can be tracked using several mechanisms:
}
}
+static void parseUDRIgnorelistFile(const std::string& fname)
+{
+ string line;
+ std::ifstream udrIgnorelistFileStream(fname);
+ if (!udrIgnorelistFileStream) {
+ throw ArgException(fname + " could not be parsed");
+ }
+
+ while (getline(udrIgnorelistFileStream, line)) {
+ boost::trim_right(line);
+
+ // strip everything after a #
+ string::size_type pos = line.find('#');
+ if (pos != string::npos) {
+ // make sure it's either first char or has whitespace before
+ if (pos == 0 || (std::isspace(line[pos - 1]) != 0)) {
+ line = line.substr(0, pos);
+ }
+ }
+
+ // strip trailing spaces
+ boost::trim_right(line);
+
+ // strip leading spaces
+ pos = line.find_first_not_of(" \t\r\n");
+ if (pos != string::npos) {
+ line = line.substr(pos);
+ }
+
+ g_udrDomainWL.add(DNSName(line));
+ }
+}
+
static void setupNODGlobal()
{
// Setup NOD subsystem
g_nod_pbtag = ::arg()["new-domain-pb-tag"];
g_udr_pbtag = ::arg()["unique-response-pb-tag"];
parseUDRIgnorelist(::arg()["udr-ignore-list"]);
+ parseUDRIgnorelistFile(::arg()["udr-ignore-list-file"]);
}
#endif /* NOD_ENABLED */
For example, if the domain 'xyz123.tv' is in the list, then 'foo.bar.xyz123.tv'
will never be considered for a new unique domain request. One use-case for the
ignore list is to never reveal details of internal subdomains
+via the new-domain-lookup feature.
+ ''',
+ 'versionadded' : '5.1.0'
+ },
+ {
+ 'name' : 'udr_ignore_list_file',
+ 'section' : 'nod',
+ 'oldname' : 'udr-ignore-list-file',
+ 'type' : LType.String,
+ 'default' : '',
+ 'help' : 'File with list of domains (and implicitly all subdomains) which will never be considered for UDR',
+ 'doc' : '''
+This setting is a list of all domains (and implicitly all subdomains)
+that will never be considered for a new unique domain request.
+For example, if the domain 'xyz123.tv' is in the list, then 'foo.bar.xyz123.tv'
+will never be considered for a new unique domain request. One use-case for the
+ignore list is to never reveal details of internal subdomains
via the new-domain-lookup feature.
''',
'versionadded' : '5.1.0'
projects / thirdparty / pdns.git / commitdiff
