[thirdparty/pdns.git] / pdns / recursordist / docs / lua-scripting / dq.rst

The DNSQuestion (``dq``) object
===============================
Apart from the :func:`ipfilter`-function, all functions work on a ``dq`` (DNSQuestion) object.
This object contains details about the current state of the question.
This state can be modified from the various hooks.

The DNSQuestion object contains at least the following fields:

.. class:: DNSQuestion

  An object that contains everything about the current query.
  This object has the following attributes:

  .. attribute:: DNSQuestion.addPaddingToResponse

      .. versionadded:: 4.5.0

      Whether the response will get EDNS Padding. See :ref:`setting-edns-padding-from` and :ref:`setting-edns-padding-mode`.

  .. attribute:: DNSQuestion.extendedErrorCode

      .. versionadded:: 4.5.0

      The current extended error code, if any. See :ref:`setting-extended-resolution-errors`.

  .. attribute:: DNSQuestion.extendedErrorExtra

      .. versionadded:: 4.5.0

      The current extended error extra text, as a string, if any. See :ref:`setting-extended-resolution-errors`.

  .. attribute:: DNSQuestion.qname

      :class:`DNSName` of the name this query is for.

  .. attribute:: DNSQuestion.qtype

      Type this query is for as an integer, can be compared against ``pdns.A``, ``pdns.AAAA``.

  .. attribute:: DNSQuestion.rcode

      current DNS Result Code, which can be overridden, including to several magical values.
      Before 4.4.0, the rcode can be set to ``pdns.DROP`` to drop the query, for later versions refer to :ref:`hook-semantics`.
      Other statuses are normal DNS return codes, like ``pdns.NOERROR``, ``pdns.NXDOMAIN`` etc.

  .. attribute:: DNSQuestion.isTcp

      Whether the query was received over TCP.

  .. attribute:: DNSQuestion.remoteaddr

      :class:`ComboAddress` of the requestor.
      If the proxy protocol is used, this will contain the source address from the proxy protocol header.

  .. attribute:: DNSQuestion.localaddr

      :class:`ComboAddress` where this query was received on.
      If the proxy protocol is used, this will contain the destination address from the proxy protocol header.

  .. attribute:: DNSQuestion.interface_remoteaddr

      Source :class:`ComboAddress` of the packet received by the recursor. If the proxy protocol is not used, the value will match ``remoteaddr``.

  .. attribute:: DNSQuestion.interface_localaddr

      Destination :class:`ComboAddress` of the packet received by the recursor. If the proxy protocol is not used, the value will match ``localaddr``.

  .. attribute:: DNSQuestion.variable

      Boolean which, if set, indicates the recursor should not packet cache this answer.
      Honored even when returning false from a hook!
      Important when providing answers that vary over time or based on sender details.

  .. attribute:: DNSQuestion.followupFunction

      String that signals the nameserver to take one an additional action:

      - followCNAMERecords: When adding a CNAME to the answer, this tells the recursor to follow that CNAME. See :ref:`CNAME Chain Resolution <cnamechainresolution>`
      - getFakeAAAARecords: Get a fake AAAA record, see :doc:`DNS64 <../dns64>`
      - getFakePTRRecords: Get a fake PTR record, see :doc:`DNS64 <../dns64>`
      - udpQueryResponse: Do a UDP query and call a handler, see :ref:`UDP Query Response <udpqueryresponse>`

  .. attribute:: DNSQuestion.followupName

      see :doc:`DNS64 <../dns64>`

  .. attribute:: DNSQuestion.followupPrefix

      see :doc:`DNS64 <../dns64>`

  .. attribute:: DNSQuestion.appliedPolicy

    The decision that was made by the policy engine, see :ref:`modifyingpolicydecisions`.

    .. attribute:: DNSQuestion.appliedPolicy.policyName

      A string with the name of the policy.
      Set by :ref:`policyName <rpz-policyName>` in the :func:`rpzFile` and :func:`rpzPrimary` configuration items.
      It is advised to overwrite this when modifying the :attr:`DNSQuestion.appliedPolicy.policyKind`

    .. attribute:: DNSQuestion.appliedPolicy.policyType

      The type of match for the policy.

      -  ``pdns.policytypes.None``  the empty policy type
      -  ``pdns.policytypes.QName`` a match on qname
      -  ``pdns.policytypes.ClientIP`` a match on client IP
      -  ``pdns.policytypes.ResponseIP`` a match on response IP
      -  ``pdns.policytypes.NSDName`` a match on the name of a nameserver
      -  ``pdns.policytypes.NSIP`` a match on the IP of a nameserver

    .. attribute:: DNSQuestion.appliedPolicy.policyCustom

        The CNAME content for the ``pdns.policyactions.Custom`` response, a string

    .. attribute:: DNSQuestion.appliedPolicy.policyKind

      The kind of policy response, there are several policy kinds:

      -  ``pdns.policykinds.Custom`` will return a NoError, CNAME answer with the value specified in :attr:`DNSQuestion.appliedPolicy.policyCustom`
      -  ``pdns.policykinds.Drop`` will simply cause the query to be dropped
      -  ``pdns.policykinds.NoAction`` will continue normal processing of the query
      -  ``pdns.policykinds.NODATA`` will return a NoError response with no value in the answer section
      -  ``pdns.policykinds.NXDOMAIN`` will return a response with a NXDomain rcode
      -  ``pdns.policykinds.Truncate`` will return a NoError, no answer, truncated response over UDP. Normal processing will continue over TCP

    .. attribute:: DNSQuestion.appliedPolicy.policyTTL

        The TTL in seconds for the ``pdns.policyactions.Custom`` response

    .. attribute:: DNSQuestion.appliedPolicy.policyTrigger

        The trigger (left-hand) part of the RPZ rule that was matched

    .. attribute:: DNSQuestion.appliedPolicy.policyHit

        The value that was matched. This is a string representing a name or an address.

  .. attribute:: DNSQuestion.wantsRPZ

      A boolean that indicates the use of the Policy Engine.
      Can be set to ``false`` in ``prerpz`` to disable RPZ for this query.

  .. attribute:: DNSQuestion.data

      A Lua object reference that is persistent throughout the lifetime of the :class:`DNSQuestion` object for a single query.
      It can be used to store custom data.
      Most scripts initialise this to an empty table early on so they can store multiple items.

  .. attribute:: DNSQuestion.requestorId

      .. versionadded:: 4.1.0

      A string that will be used to set the ``requestorId`` field in :doc:`protobuf <../lua-config/protobuf>` messages.

  .. attribute:: DNSQuestion.deviceId

      .. versionadded:: 4.1.0

      A string that will be used to set the ``deviceId`` field in :doc:`protobuf <../lua-config/protobuf>` messages.

  .. attribute:: DNSQuestion.deviceName

      .. versionadded:: 4.3.0

      A string that will be used to set the ``deviceName`` field in :doc:`protobuf <../lua-config/protobuf>` messages.

  .. attribute:: DNSQuestion.udpAnswer

      Answer to the :attr:`udpQuery <DNSQuestion.udpQuery>` when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`.
      Only filled when the call-back function is invoked.

  .. attribute:: DNSQuestion.udpQueryDest

      Destination IP address to send the UDP packet to when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`

  .. attribute:: DNSQuestion.udpQuery

      The content of the UDP payload when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`

  .. attribute:: DNSQuestion.udpCallback

      The name of the callback function that is called when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>` when an answer is received.

  .. attribute:: DNSQuestion.validationState

      .. versionadded:: 4.1.0

      The result of the DNSSEC validation, accessible from the ``postresolve``, ``nxdomain`` and ``nodata`` hooks.
      Possible states are ``pdns.validationstates.Indeterminate``, ``pdns.validationstates.Bogus``, ``pdns.validationstates.Insecure`` and ``pdns.validationstates.Secure``.
      The result will always be ``pdns.validationstates.Indeterminate`` if validation is disabled or was not requested.

  .. attribute:: DNSQuestion.detailedValidationState

      .. versionadded:: 4.4.2

      The result of the DNSSEC validation, accessible from the ``postresolve``, ``nxdomain`` and ``nodata`` hooks.
      By contrast with :attr:`validationState <DNSQuestion.validationState>`, there are several Bogus states to be
      able to better understand the reason for a DNSSEC validation failure.
      
      Possible states are:
      
      - ``pdns.validationstates.Indeterminate``
      - ``pdns.validationstates.BogusNoValidDNSKEY``
      - ``pdns.validationstates.BogusInvalidDenial``
      - ``pdns.validationstates.BogusUnableToGetDSs``
      - ``pdns.validationstates.BogusUnableToGetDNSKEYs``
      - ``pdns.validationstates.BogusSelfSignedDS``
      - ``pdns.validationstates.BogusNoRRSIG``
      - ``pdns.validationstates.BogusNoValidRRSIG``
      - ``pdns.validationstates.BogusMissingNegativeIndication``
      - ``pdns.validationstates.BogusSignatureNotYetValid``
      - ``pdns.validationstates.BogusSignatureExpired``
      - ``pdns.validationstates.BogusUnsupportedDNSKEYAlgo``
      - ``pdns.validationstates.BogusUnsupportedDSDigestType``
      - ``pdns.validationstates.BogusNoZoneKeyBitSet``
      - ``pdns.validationstates.BogusRevokedDNSKEY``
      - ``pdns.validationstates.BogusInvalidDNSKEYProtocol``
      - ``pdns.validationstates.Insecure``
      - ``pdns.validationstates.Secure``

      The result will always be ``pdns.validationstates.Indeterminate`` is validation is disabled or was not requested.
      There is a convenience function named ``isValidationStateBogus`` that accepts such a state and return a boolean
      indicating whether this state is a Bogus one.

  .. attribute:: DNSQuestion.logResponse

      .. versionadded:: 4.2.0

      Whether the response to this query will be exported to a remote protobuf logger, if one has been configured.

  .. attribute:: DNSQuestion.tag

      The packet-cache tag set via :func:`gettag`, or 0 if it has not been set.

  .. attribute:: DNSQuestion.queryTime

     .. versionadded:: 4.8.0

     The time the query was received

     .. attribute:: DNSQuestion.queryTime.tv_sec

        The number of seconds since the Unix epoch.

     .. attribute:: DNSQuestion.queryTime.tv_usec

        The number of microseconds, to be added to the number of seconds in :attr:`DNSQuestion.queryTime.tv_sec` to get a high accuracy timestamp.

  It also supports the following methods:

  .. method:: DNSQuestion:addAnswer(type, content, [ttl, name])

     Add an answer to the record of ``type`` with ``content``.

     :param int type: The type of record to add, can be ``pdns.AAAA`` etc.
     :param str content: The content of the record, will be parsed into wireformat based on the ``type``
     :param int ttl: The TTL in seconds for this record, defaults to 3600
     :param DNSName name: The name of this record, defaults to :attr:`DNSQuestion.qname`

  .. method:: DNSQuestion:addRecord(type, content, place, [ttl, name])

     Add a record of ``type`` with ``content`` in section ``place``.

     :param int type: The type of record to add, can be ``pdns.AAAA`` etc.
     :param str content: The content of the record, will be parsed into wireformat based on the ``type``
     :param int place: The section to place the record, see :attr:`DNSRecord.place`
     :param int ttl: The TTL in seconds for this record, defaults to 3600
     :param DNSName name: The name of this record, defaults to :attr:`DNSQuestion.qname`

  .. method:: DNSQuestion:addPolicyTag(tag)

     Add policyTag ``tag`` to the list of policyTags.

     :param str tag: The tag to add

  .. method:: DNSQuestion:getPolicyTags() -> {str}

      Get the current policy tags as a table of strings.

  .. method:: DNSQuestion:setPolicyTags(tags)

      Set the policy tags to ``tags``, overwriting any existing policy tags.

      :param {str} tags: The policy tags

  .. method:: DNSQuestion:discardPolicy(policyname)

     Skip the filtering policy (for example RPZ) named ``policyname`` for this query.
     This is mostly useful in the ``prerpz`` hook.

     :param str policyname: The name of the policy to ignore.

  .. method:: DNSQuestion:getDH() -> DNSHeader

      Returns the :class:`DNSHeader` of the query or nil.

  .. method:: DNSQuestion:getProxyProtocolValues() -> {ProxyProtocolValue}

    .. versionadded:: 4.4.0

      Get the Proxy Protocol Type-Length Values if any, as a table of  :class:`ProxyProtocolValue` objects.

  .. method:: DNSQuestion:getRecords() -> {DNSRecord}

      Get a table of DNS Records in this DNS Question (or answer by now).

  .. method:: DNSQuestion:setRecords(records)

      After your edits, update the answers of this question

      :param {DNSRecord} records: The records to put in the packet

  .. method:: DNSQuestion:getEDNSFlag(name) -> bool

      Returns true if the EDNS flag with ``name`` is set in the query.

      :param string name: Name of the flag.

  .. method:: DNSQuestion:getEDNSFlags() -> {str}

      Returns a list of strings with all the EDNS flag mnemonics in the query.

  .. method:: DNSQuestion:getEDNSOption(num) -> str

      Get the EDNS Option with number ``num`` as a bytestring.

  .. method:: DNSQuestion:getEDNSOptions() -> {str: str}

      Get a map of all EDNS Options

  .. method:: DNSQuestion:getEDNSSubnet() -> Netmask

      Returns the :class:`Netmask` specified in the EDNSSubnet option, or empty if there was none.

DNSHeader Object
================

The DNS header as returned by :meth:`DNSQuestion:getDH()` represents a header of a DNS message.

.. class:: DNSHeader

    represents a header of a DNS message.

  .. method:: DNSHeader:getRD() -> bool

      The value of the Recursion Desired bit.

  .. method:: DNSHeader:getAA() -> bool

      The value of the Authoritative Answer bit.

  .. method:: DNSHeader:getAD() -> bool

      The value of the Authenticated Data bit.

  .. method:: DNSHeader:getCD() -> bool

      The value of the Checking Disabled bit.

  .. method:: DNSHeader:getTC() -> bool

      The value of the Truncation bit.

  .. method:: DNSHeader:getRCODE() -> int

      The Response Code of the query

  .. method:: DNSHeader:getOPCODE() -> int

      The Operation Code of the query

  .. method:: DNSHeader:getID() -> int

      The ID of the query

DNSRecord Object
================

See :doc:`DNSRecord <dnsrecord>`.

The EDNSOptionView Class
========================

.. class:: EDNSOptionView

  An object that represents the values of a single EDNS option

  .. method:: EDNSOptionView:count()
     .. versionadded:: 4.2.0

    The number of values for this EDNS option.

  .. method:: EDNSOptionView:getValues()
     .. versionadded:: 4.2.0

    Return a table of NULL-safe strings values for this EDNS option.

  .. attribute:: EDNSOptionView.size

    The size in bytes of the first value of this EDNS option.

  .. method:: EDNSOptionView:getContent()

    Returns a NULL-safe string object of the first value of this EDNS option.

The ProxyProtocolValue Class
============================

.. class:: ProxyProtocolValue

  .. versionadded:: 4.4.0

  An object that represents the value of a Proxy Protocol Type-Length Value

  .. method:: ProxyProtocolValue:getContent() -> str

    Returns a NULL-safe string object.

  .. method:: ProxyProtocolValue:getType() -> int

    Returns the type of this value.
Commit	Line	Data
223bb49e PL	1	The DNSQuestion (``dq``) object
	2	===============================
	3	Apart from the :func:`ipfilter`-function, all functions work on a ``dq`` (DNSQuestion) object.
	4	This object contains details about the current state of the question.
	5	This state can be modified from the various hooks.
	6
	7	The DNSQuestion object contains at least the following fields:
	8
	9	.. class:: DNSQuestion
	10
54c79a88 PL	11	An object that contains everything about the current query.
54c79a88 PL	12	This object has the following attributes:
223bb49e	13
f055bd07 RG	14	.. attribute:: DNSQuestion.addPaddingToResponse
	15
	16	.. versionadded:: 4.5.0
	17
	18	Whether the response will get EDNS Padding. See :ref:`setting-edns-padding-from` and :ref:`setting-edns-padding-mode`.
	19
af231ceb RG	20	.. attribute:: DNSQuestion.extendedErrorCode
	21
	22	.. versionadded:: 4.5.0
	23
d65c6f8e	24	The current extended error code, if any. See :ref:`setting-extended-resolution-errors`.
af231ceb RG	25
	26	.. attribute:: DNSQuestion.extendedErrorExtra
	27
	28	.. versionadded:: 4.5.0
	29
d65c6f8e	30	The current extended error extra text, as a string, if any. See :ref:`setting-extended-resolution-errors`.
af231ceb RG	31
	32	.. attribute:: DNSQuestion.qname
	33
	34	:class:`DNSName` of the name this query is for.
	35
54c79a88	36	.. attribute:: DNSQuestion.qtype
223bb49e	37
54c79a88	38	Type this query is for as an integer, can be compared against ``pdns.A``, ``pdns.AAAA``.
223bb49e	39
54c79a88	40	.. attribute:: DNSQuestion.rcode
223bb49e	41
9e441100	42	current DNS Result Code, which can be overridden, including to several magical values.
bcea3520	43	Before 4.4.0, the rcode can be set to ``pdns.DROP`` to drop the query, for later versions refer to :ref:`hook-semantics`.
54c79a88	44	Other statuses are normal DNS return codes, like ``pdns.NOERROR``, ``pdns.NXDOMAIN`` etc.
223bb49e	45
54c79a88	46	.. attribute:: DNSQuestion.isTcp
223bb49e	47
c7349b0e	48	Whether the query was received over TCP.
223bb49e	49
54c79a88	50	.. attribute:: DNSQuestion.remoteaddr
223bb49e	51
54c79a88	52	:class:`ComboAddress` of the requestor.
ad6f25d5	53	If the proxy protocol is used, this will contain the source address from the proxy protocol header.
223bb49e	54
54c79a88	55	.. attribute:: DNSQuestion.localaddr
223bb49e	56
54c79a88	57	:class:`ComboAddress` where this query was received on.
ad6f25d5 OM	58	If the proxy protocol is used, this will contain the destination address from the proxy protocol header.
ad6f25d5 OM	59
5e100a4c	60	.. attribute:: DNSQuestion.interface_remoteaddr
ad6f25d5	61
8691ee2c	62	Source :class:`ComboAddress` of the packet received by the recursor. If the proxy protocol is not used, the value will match ``remoteaddr``.
ad6f25d5	63
5e100a4c	64	.. attribute:: DNSQuestion.interface_localaddr
ad6f25d5	65
8691ee2c	66	Destination :class:`ComboAddress` of the packet received by the recursor. If the proxy protocol is not used, the value will match ``localaddr``.
223bb49e	67
54c79a88	68	.. attribute:: DNSQuestion.variable
223bb49e	69
54c79a88 PL	70	Boolean which, if set, indicates the recursor should not packet cache this answer.
	71	Honored even when returning false from a hook!
	72	Important when providing answers that vary over time or based on sender details.
223bb49e	73
54c79a88	74	.. attribute:: DNSQuestion.followupFunction
223bb49e	75
54c79a88	76	String that signals the nameserver to take one an additional action:
223bb49e	77
54c79a88 PL	78	- followCNAMERecords: When adding a CNAME to the answer, this tells the recursor to follow that CNAME. See :ref:`CNAME Chain Resolution <cnamechainresolution>`
	79	- getFakeAAAARecords: Get a fake AAAA record, see :doc:`DNS64 <../dns64>`
	80	- getFakePTRRecords: Get a fake PTR record, see :doc:`DNS64 <../dns64>`
	81	- udpQueryResponse: Do a UDP query and call a handler, see :ref:`UDP Query Response <udpqueryresponse>`
223bb49e	82
b044d4cc RG	83	.. attribute:: DNSQuestion.followupName
	84
	85	see :doc:`DNS64 <../dns64>`
	86
	87	.. attribute:: DNSQuestion.followupPrefix
	88
	89	see :doc:`DNS64 <../dns64>`
	90
54c79a88	91	.. attribute:: DNSQuestion.appliedPolicy
223bb49e PL	92
	93	The decision that was made by the policy engine, see :ref:`modifyingpolicydecisions`.
	94
54c79a88	95	.. attribute:: DNSQuestion.appliedPolicy.policyName
223bb49e	96
54c79a88	97	A string with the name of the policy.
ac45fee1	98	Set by :ref:`policyName <rpz-policyName>` in the :func:`rpzFile` and :func:`rpzPrimary` configuration items.
54c79a88	99	It is advised to overwrite this when modifying the :attr:`DNSQuestion.appliedPolicy.policyKind`
223bb49e	100
767d7660 OM	101	.. attribute:: DNSQuestion.appliedPolicy.policyType
767d7660 OM	102
ac45fee1 O	103	The type of match for the policy.
ac45fee1 O	104
767d7660 OM	105	- ``pdns.policytypes.None`` the empty policy type
	106	- ``pdns.policytypes.QName`` a match on qname
	107	- ``pdns.policytypes.ClientIP`` a match on client IP
	108	- ``pdns.policytypes.ResponseIP`` a match on response IP
	109	- ``pdns.policytypes.NSDName`` a match on the name of a nameserver
	110	- ``pdns.policytypes.NSIP`` a match on the IP of a nameserver
223bb49e	111
54c79a88	112	.. attribute:: DNSQuestion.appliedPolicy.policyCustom
223bb49e	113
54c79a88	114	The CNAME content for the ``pdns.policyactions.Custom`` response, a string
223bb49e	115
54c79a88	116	.. attribute:: DNSQuestion.appliedPolicy.policyKind
223bb49e	117
54c79a88	118	The kind of policy response, there are several policy kinds:
223bb49e	119
54c79a88 PL	120	- ``pdns.policykinds.Custom`` will return a NoError, CNAME answer with the value specified in :attr:`DNSQuestion.appliedPolicy.policyCustom`
	121	- ``pdns.policykinds.Drop`` will simply cause the query to be dropped
	122	- ``pdns.policykinds.NoAction`` will continue normal processing of the query
	123	- ``pdns.policykinds.NODATA`` will return a NoError response with no value in the answer section
	124	- ``pdns.policykinds.NXDOMAIN`` will return a response with a NXDomain rcode
	125	- ``pdns.policykinds.Truncate`` will return a NoError, no answer, truncated response over UDP. Normal processing will continue over TCP
223bb49e	126
54c79a88	127	.. attribute:: DNSQuestion.appliedPolicy.policyTTL
223bb49e	128
54c79a88	129	The TTL in seconds for the ``pdns.policyactions.Custom`` response
223bb49e	130
b3e25e9e OM	131	.. attribute:: DNSQuestion.appliedPolicy.policyTrigger
	132
	133	The trigger (left-hand) part of the RPZ rule that was matched
	134
47528f06	135	.. attribute:: DNSQuestion.appliedPolicy.policyHit
b3e25e9e OM	136
	137	The value that was matched. This is a string representing a name or an address.
	138
54c79a88	139	.. attribute:: DNSQuestion.wantsRPZ
223bb49e	140
54c79a88 PL	141	A boolean that indicates the use of the Policy Engine.
54c79a88 PL	142	Can be set to ``false`` in ``prerpz`` to disable RPZ for this query.
223bb49e	143
54c79a88	144	.. attribute:: DNSQuestion.data
223bb49e	145
54c79a88 PL	146	A Lua object reference that is persistent throughout the lifetime of the :class:`DNSQuestion` object for a single query.
	147	It can be used to store custom data.
	148	Most scripts initialise this to an empty table early on so they can store multiple items.
223bb49e	149
54c79a88	150	.. attribute:: DNSQuestion.requestorId
223bb49e	151
54c79a88	152	.. versionadded:: 4.1.0
223bb49e	153
54c79a88	154	A string that will be used to set the ``requestorId`` field in :doc:`protobuf <../lua-config/protobuf>` messages.
223bb49e	155
54c79a88	156	.. attribute:: DNSQuestion.deviceId
bf770968	157
54c79a88	158	.. versionadded:: 4.1.0
bf770968	159
54c79a88	160	A string that will be used to set the ``deviceId`` field in :doc:`protobuf <../lua-config/protobuf>` messages.
bf770968	161
0a6a45c8 CHB	162	.. attribute:: DNSQuestion.deviceName
0a6a45c8 CHB	163
cee8bfbd	164	.. versionadded:: 4.3.0
0a6a45c8 CHB	165
	166	A string that will be used to set the ``deviceName`` field in :doc:`protobuf <../lua-config/protobuf>` messages.
	167
54c79a88	168	.. attribute:: DNSQuestion.udpAnswer
223bb49e	169
b25f56ed	170	Answer to the :attr:`udpQuery <DNSQuestion.udpQuery>` when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`.
54c79a88	171	Only filled when the call-back function is invoked.
223bb49e	172
54c79a88	173	.. attribute:: DNSQuestion.udpQueryDest
223bb49e	174
54c79a88	175	Destination IP address to send the UDP packet to when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`
223bb49e	176
54c79a88	177	.. attribute:: DNSQuestion.udpQuery
223bb49e	178
54c79a88	179	The content of the UDP payload when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`
223bb49e	180
54c79a88	181	.. attribute:: DNSQuestion.udpCallback
223bb49e	182
54c79a88	183	The name of the callback function that is called when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>` when an answer is received.
223bb49e	184
54c79a88	185	.. attribute:: DNSQuestion.validationState
1921a4c2	186
54c79a88	187	.. versionadded:: 4.1.0
1921a4c2	188
54c79a88 PL	189	The result of the DNSSEC validation, accessible from the ``postresolve``, ``nxdomain`` and ``nodata`` hooks.
54c79a88 PL	190	Possible states are ``pdns.validationstates.Indeterminate``, ``pdns.validationstates.Bogus``, ``pdns.validationstates.Insecure`` and ``pdns.validationstates.Secure``.
7e26ff77	191	The result will always be ``pdns.validationstates.Indeterminate`` if validation is disabled or was not requested.
1921a4c2	192
19ffa2d9 RG	193	.. attribute:: DNSQuestion.detailedValidationState
	194
	195	.. versionadded:: 4.4.2
	196
	197	The result of the DNSSEC validation, accessible from the ``postresolve``, ``nxdomain`` and ``nodata`` hooks.
	198	By contrast with :attr:`validationState <DNSQuestion.validationState>`, there are several Bogus states to be
	199	able to better understand the reason for a DNSSEC validation failure.
0c7f618f	200
	201	Possible states are:
	202
19ffa2d9 RG	203	- ``pdns.validationstates.Indeterminate``
	204	- ``pdns.validationstates.BogusNoValidDNSKEY``
	205	- ``pdns.validationstates.BogusInvalidDenial``
	206	- ``pdns.validationstates.BogusUnableToGetDSs``
	207	- ``pdns.validationstates.BogusUnableToGetDNSKEYs``
	208	- ``pdns.validationstates.BogusSelfSignedDS``
	209	- ``pdns.validationstates.BogusNoRRSIG``
	210	- ``pdns.validationstates.BogusNoValidRRSIG``
	211	- ``pdns.validationstates.BogusMissingNegativeIndication``
	212	- ``pdns.validationstates.BogusSignatureNotYetValid``
	213	- ``pdns.validationstates.BogusSignatureExpired``
	214	- ``pdns.validationstates.BogusUnsupportedDNSKEYAlgo``
	215	- ``pdns.validationstates.BogusUnsupportedDSDigestType``
	216	- ``pdns.validationstates.BogusNoZoneKeyBitSet``
	217	- ``pdns.validationstates.BogusRevokedDNSKEY``
	218	- ``pdns.validationstates.BogusInvalidDNSKEYProtocol``
	219	- ``pdns.validationstates.Insecure``
	220	- ``pdns.validationstates.Secure``
	221
	222	The result will always be ``pdns.validationstates.Indeterminate`` is validation is disabled or was not requested.
	223	There is a convenience function named ``isValidationStateBogus`` that accepts such a state and return a boolean
	224	indicating whether this state is a Bogus one.
	225
f1c7929a RG	226	.. attribute:: DNSQuestion.logResponse
	227
	228	.. versionadded:: 4.2.0
	229
	230	Whether the response to this query will be exported to a remote protobuf logger, if one has been configured.
	231
b044d4cc RG	232	.. attribute:: DNSQuestion.tag
	233
	234	The packet-cache tag set via :func:`gettag`, or 0 if it has not been set.
	235
4add4a58 OM	236	.. attribute:: DNSQuestion.queryTime
	237
	238	.. versionadded:: 4.8.0
	239
	240	The time the query was received
	241
	242	.. attribute:: DNSQuestion.queryTime.tv_sec
	243
	244	The number of seconds since the Unix epoch.
	245
	246	.. attribute:: DNSQuestion.queryTime.tv_usec
	247
758165f2	248	The number of microseconds, to be added to the number of seconds in :attr:`DNSQuestion.queryTime.tv_sec` to get a high accuracy timestamp.
4add4a58	249
54c79a88	250	It also supports the following methods:
223bb49e	251
54c79a88	252	.. method:: DNSQuestion:addAnswer(type, content, [ttl, name])
223bb49e	253
54c79a88	254	Add an answer to the record of ``type`` with ``content``.
223bb49e	255
54c79a88 PL	256	:param int type: The type of record to add, can be ``pdns.AAAA`` etc.
54c79a88 PL	257	:param str content: The content of the record, will be parsed into wireformat based on the ``type``
385f9865	258	:param int ttl: The TTL in seconds for this record, defaults to 3600
54c79a88	259	:param DNSName name: The name of this record, defaults to :attr:`DNSQuestion.qname`
223bb49e	260
eac36302	261	.. method:: DNSQuestion:addRecord(type, content, place, [ttl, name])
	262
	263	Add a record of ``type`` with ``content`` in section ``place``.
	264
	265	:param int type: The type of record to add, can be ``pdns.AAAA`` etc.
	266	:param str content: The content of the record, will be parsed into wireformat based on the ``type``
	267	:param int place: The section to place the record, see :attr:`DNSRecord.place`
385f9865	268	:param int ttl: The TTL in seconds for this record, defaults to 3600
eac36302	269	:param DNSName name: The name of this record, defaults to :attr:`DNSQuestion.qname`
eac36302	270
54c79a88	271	.. method:: DNSQuestion:addPolicyTag(tag)
223bb49e	272
18a9de33	273	Add policyTag ``tag`` to the list of policyTags.
223bb49e	274
54c79a88	275	:param str tag: The tag to add
223bb49e	276
18a9de33 OM	277	.. method:: DNSQuestion:getPolicyTags() -> {str}
	278
	279	Get the current policy tags as a table of strings.
	280
	281	.. method:: DNSQuestion:setPolicyTags(tags)
	282
	283	Set the policy tags to ``tags``, overwriting any existing policy tags.
	284
	285	:param {str} tags: The policy tags
	286
54c79a88	287	.. method:: DNSQuestion:discardPolicy(policyname)
223bb49e	288
54c79a88 PL	289	Skip the filtering policy (for example RPZ) named ``policyname`` for this query.
54c79a88 PL	290	This is mostly useful in the ``prerpz`` hook.
223bb49e	291
54c79a88	292	:param str policyname: The name of the policy to ignore.
223bb49e	293
54c79a88	294	.. method:: DNSQuestion:getDH() -> DNSHeader
223bb49e	295
54c79a88	296	Returns the :class:`DNSHeader` of the query or nil.
223bb49e	297
d14a6965 RG	298	.. method:: DNSQuestion:getProxyProtocolValues() -> {ProxyProtocolValue}
	299
	300	.. versionadded:: 4.4.0
	301
	302	Get the Proxy Protocol Type-Length Values if any, as a table of :class:`ProxyProtocolValue` objects.
	303
54c79a88	304	.. method:: DNSQuestion:getRecords() -> {DNSRecord}
223bb49e	305
54c79a88	306	Get a table of DNS Records in this DNS Question (or answer by now).
223bb49e	307
54c79a88	308	.. method:: DNSQuestion:setRecords(records)
223bb49e	309
54c79a88	310	After your edits, update the answers of this question
223bb49e	311
54c79a88	312	:param {DNSRecord} records: The records to put in the packet
223bb49e	313
54c79a88	314	.. method:: DNSQuestion:getEDNSFlag(name) -> bool
223bb49e	315
54c79a88	316	Returns true if the EDNS flag with ``name`` is set in the query.
223bb49e	317
54c79a88	318	:param string name: Name of the flag.
223bb49e	319
54c79a88	320	.. method:: DNSQuestion:getEDNSFlags() -> {str}
223bb49e	321
54c79a88	322	Returns a list of strings with all the EDNS flag mnemonics in the query.
223bb49e	323
54c79a88	324	.. method:: DNSQuestion:getEDNSOption(num) -> str
223bb49e	325
54c79a88	326	Get the EDNS Option with number ``num`` as a bytestring.
223bb49e	327
54c79a88	328	.. method:: DNSQuestion:getEDNSOptions() -> {str: str}
223bb49e	329
54c79a88	330	Get a map of all EDNS Options
223bb49e	331
54c79a88	332	.. method:: DNSQuestion:getEDNSSubnet() -> Netmask
223bb49e	333
54c79a88	334	Returns the :class:`Netmask` specified in the EDNSSubnet option, or empty if there was none.
223bb49e	335
223bb49e PL	336	DNSHeader Object
	337	================
	338
	339	The DNS header as returned by :meth:`DNSQuestion:getDH()` represents a header of a DNS message.
	340
	341	.. class:: DNSHeader
	342
	343	represents a header of a DNS message.
	344
54c79a88	345	.. method:: DNSHeader:getRD() -> bool
223bb49e	346
54c79a88	347	The value of the Recursion Desired bit.
223bb49e	348
54c79a88	349	.. method:: DNSHeader:getAA() -> bool
223bb49e	350
54c79a88	351	The value of the Authoritative Answer bit.
223bb49e	352
54c79a88	353	.. method:: DNSHeader:getAD() -> bool
223bb49e	354
54c79a88	355	The value of the Authenticated Data bit.
223bb49e	356
54c79a88	357	.. method:: DNSHeader:getCD() -> bool
223bb49e	358
54c79a88	359	The value of the Checking Disabled bit.
223bb49e	360
54c79a88	361	.. method:: DNSHeader:getTC() -> bool
223bb49e	362
54c79a88	363	The value of the Truncation bit.
223bb49e	364
54c79a88	365	.. method:: DNSHeader:getRCODE() -> int
223bb49e	366
54c79a88	367	The Response Code of the query
223bb49e	368
54c79a88	369	.. method:: DNSHeader:getOPCODE() -> int
223bb49e	370
54c79a88	371	The Operation Code of the query
223bb49e	372
54c79a88	373	.. method:: DNSHeader:getID() -> int
223bb49e	374
54c79a88	375	The ID of the query
223bb49e	376
b044d4cc RG	377	DNSRecord Object
	378	================
	379
d6906f80	380	See :doc:`DNSRecord <dnsrecord>`.
b044d4cc	381
223bb49e PL	382	The EDNSOptionView Class
	383	========================
	384
	385	.. class:: EDNSOptionView
	386
29e6303a RG	387	An object that represents the values of a single EDNS option
	388
	389	.. method:: EDNSOptionView:count()
	390	.. versionadded:: 4.2.0
	391
	392	The number of values for this EDNS option.
	393
	394	.. method:: EDNSOptionView:getValues()
	395	.. versionadded:: 4.2.0
	396
	397	Return a table of NULL-safe strings values for this EDNS option.
223bb49e	398
54c79a88	399	.. attribute:: EDNSOptionView.size
223bb49e	400
29e6303a	401	The size in bytes of the first value of this EDNS option.
223bb49e	402
54c79a88	403	.. method:: EDNSOptionView:getContent()
223bb49e	404
29e6303a	405	Returns a NULL-safe string object of the first value of this EDNS option.
d14a6965 RG	406
	407	The ProxyProtocolValue Class
	408	============================
	409
	410	.. class:: ProxyProtocolValue
	411
	412	.. versionadded:: 4.4.0
	413
	414	An object that represents the value of a Proxy Protocol Type-Length Value
	415
	416	.. method:: ProxyProtocolValue:getContent() -> str
	417
	418	Returns a NULL-safe string object.
	419
	420	.. method:: ProxyProtocolValue:getType() -> int
	421
	422	Returns the type of this value.