Small fix: don’t store the script in /run/powerdns/ which is cleared on reboot, but in /config/scripts/ instead:
vyos@vyos:~$ cat /config/scripts/pdns-adblock-script.lua
adservers=newDS()
-- permitted=newDS()
function preresolve(dq)
-- if permitted:check(dq.qname) or (not adservers:check(dq.qname)) then
if (not adservers:check(dq.qname)) then
return false
end
-- Return NXDOMAIN (non-existent domain), which
dq.rcode = pdns.NXDOMAIN -- set NXDOMAIN answer
return true
end
-- Blocklist should contain something like:
-- return{"101com.com", "101order.com"}
adservers:add(dofile("/config/scripts/pdns-adblock-blocklist.lua"))
-- in case you want to have whitelisted sites
-- permitted:add(dofile("/config/scripts/pdns-adblock-permitted.lua"))
vyos@vyos:~$ cat /config/scripts/pdns-adblock-blocklist.lua
return{"101com.com", "101order.com"}
vyos@vyos:~$ cat /config/scripts/commit/post-hooks.d/adblock
#!/bin/vbash
# N.B. the script name is quite restrictive! See https://vyos.dev/T4917
source /opt/vyatta/etc/functions/script-template
if [ "$(id -g -n)" != 'vyattacfg' ] ; then
exec sg vyattacfg -c "/bin/vbash $(readlink -f $0) $@"
fi
echo "lua-dns-script=/config/scripts/pdns-adblock-script.lua" | sudo tee -a /run/powerdns/recursor.conf
# Need to restart PowerDNS in order to process conf change.
run restart dns forwarding