Problem with Python Group Policy - Cached Domains
-
Hi All,
I believe I've stumbled upon an issue with using Python Group Policy to exclude IPs from DNSBL. The bypassing works great for IPs in the list. However, when an IP in this list resolves a domain that is blocked, Unbound caches it. This effectively bypasses the DNSBL for all clients that are supposed to be using the block. Only way I've seen to get around it is to clear the Unbound cache. Once the cached domain expires, then blocking resumes as normal for all other clients.
Any way to resolve this issue?
Thanks.
-
I've saw this side effect while testing the Group Policy functionality, a while ago.
@yaw said in Problem with Python Group Policy - Cached Domains:
Once the cached domain expires
When the Python module (just a script file) was created, I forced (modifying the python script file) the TTL for every request emitted by a IP member of the Group Policy to a low, say 15 seconds, TTL value. If would vanish from the resolver cache rapidly.
But this trick is probably not compatible with Services > DNS Resolver > Advanced Settings > Prefetch Support.Another solution might be : not adding DNS requests from devices on the "Group Policy" into the resolver cache ( if this is even possible ? )
@yaw said in Problem with Python Group Policy - Cached Domains:
Any way to resolve this issue?
Calling the expert @BBcan177
-
Another solution might be : not adding DNS requests from devices on the "Group Policy" into the resolver cache ( if this is even possible ? )
This is the behavior I would expect. I'm not sure if it is possible either.
-
G Gertjan referenced this topic on
-
Any update on this? With the recent announcement of killing Squid support, I'm again looking at pfBlockerNG for my filtering needs. However, this issue complicates things.
-
G Gertjan referenced this topic on