]>
Commit | Line | Data |
---|---|---|
223bb49e PL |
1 | The DNSQuestion (``dq``) object |
2 | =============================== | |
3 | Apart from the :func:`ipfilter`-function, all functions work on a ``dq`` (DNSQuestion) object. | |
4 | This object contains details about the current state of the question. | |
5 | This state can be modified from the various hooks. | |
6 | ||
7 | The DNSQuestion object contains at least the following fields: | |
8 | ||
9 | .. class:: DNSQuestion | |
10 | ||
54c79a88 PL |
11 | An object that contains everything about the current query. |
12 | This object has the following attributes: | |
223bb49e | 13 | |
54c79a88 | 14 | .. attribute:: DNSQuestion.qname |
223bb49e | 15 | |
54c79a88 | 16 | :class:`DNSName` of the name this query is for. |
223bb49e | 17 | |
54c79a88 | 18 | .. attribute:: DNSQuestion.qtype |
223bb49e | 19 | |
54c79a88 | 20 | Type this query is for as an integer, can be compared against ``pdns.A``, ``pdns.AAAA``. |
223bb49e | 21 | |
54c79a88 | 22 | .. attribute:: DNSQuestion.rcode |
223bb49e | 23 | |
54c79a88 PL |
24 | current DNS Result Code, which can be overridden, including to several magical values |
25 | The rcode can be set to pdns.DROP to drop the query. | |
26 | Other statuses are normal DNS return codes, like ``pdns.NOERROR``, ``pdns.NXDOMAIN`` etc. | |
223bb49e | 27 | |
54c79a88 | 28 | .. attribute:: DNSQuestion.isTcp |
223bb49e | 29 | |
c7349b0e | 30 | Whether the query was received over TCP. |
223bb49e | 31 | |
54c79a88 | 32 | .. attribute:: DNSQuestion.remoteaddr |
223bb49e | 33 | |
54c79a88 | 34 | :class:`ComboAddress` of the requestor. |
223bb49e | 35 | |
54c79a88 | 36 | .. attribute:: DNSQuestion.localaddr |
223bb49e | 37 | |
54c79a88 | 38 | :class:`ComboAddress` where this query was received on. |
223bb49e | 39 | |
54c79a88 | 40 | .. attribute:: DNSQuestion.variable |
223bb49e | 41 | |
54c79a88 PL |
42 | Boolean which, if set, indicates the recursor should not packet cache this answer. |
43 | Honored even when returning false from a hook! | |
44 | Important when providing answers that vary over time or based on sender details. | |
223bb49e | 45 | |
54c79a88 | 46 | .. attribute:: DNSQuestion.followupFunction |
223bb49e | 47 | |
54c79a88 | 48 | String that signals the nameserver to take one an additional action: |
223bb49e | 49 | |
54c79a88 PL |
50 | - followCNAMERecords: When adding a CNAME to the answer, this tells the recursor to follow that CNAME. See :ref:`CNAME Chain Resolution <cnamechainresolution>` |
51 | - getFakeAAAARecords: Get a fake AAAA record, see :doc:`DNS64 <../dns64>` | |
52 | - getFakePTRRecords: Get a fake PTR record, see :doc:`DNS64 <../dns64>` | |
53 | - udpQueryResponse: Do a UDP query and call a handler, see :ref:`UDP Query Response <udpqueryresponse>` | |
223bb49e | 54 | |
54c79a88 | 55 | .. attribute:: DNSQuestion.appliedPolicy |
223bb49e PL |
56 | |
57 | The decision that was made by the policy engine, see :ref:`modifyingpolicydecisions`. | |
58 | ||
54c79a88 | 59 | .. attribute:: DNSQuestion.appliedPolicy.policyName |
223bb49e | 60 | |
54c79a88 PL |
61 | A string with the name of the policy. |
62 | Set by :ref:`policyName <rpz-policyName>` in the :func:`rpzFile` and :func:`rpzMaster` configuration items. | |
63 | It is advised to overwrite this when modifying the :attr:`DNSQuestion.appliedPolicy.policyKind` | |
223bb49e | 64 | |
54c79a88 | 65 | .. attribute:: DNSQuestion.appliedPolicy.policyAction |
223bb49e | 66 | |
54c79a88 | 67 | The action taken by the engine |
223bb49e | 68 | |
54c79a88 | 69 | .. attribute:: DNSQuestion.appliedPolicy.policyCustom |
223bb49e | 70 | |
54c79a88 | 71 | The CNAME content for the ``pdns.policyactions.Custom`` response, a string |
223bb49e | 72 | |
54c79a88 | 73 | .. attribute:: DNSQuestion.appliedPolicy.policyKind |
223bb49e | 74 | |
54c79a88 | 75 | The kind of policy response, there are several policy kinds: |
223bb49e | 76 | |
54c79a88 PL |
77 | - ``pdns.policykinds.Custom`` will return a NoError, CNAME answer with the value specified in :attr:`DNSQuestion.appliedPolicy.policyCustom` |
78 | - ``pdns.policykinds.Drop`` will simply cause the query to be dropped | |
79 | - ``pdns.policykinds.NoAction`` will continue normal processing of the query | |
80 | - ``pdns.policykinds.NODATA`` will return a NoError response with no value in the answer section | |
81 | - ``pdns.policykinds.NXDOMAIN`` will return a response with a NXDomain rcode | |
82 | - ``pdns.policykinds.Truncate`` will return a NoError, no answer, truncated response over UDP. Normal processing will continue over TCP | |
223bb49e | 83 | |
54c79a88 | 84 | .. attribute:: DNSQuestion.appliedPolicy.policyTTL |
223bb49e | 85 | |
54c79a88 | 86 | The TTL in seconds for the ``pdns.policyactions.Custom`` response |
223bb49e | 87 | |
54c79a88 | 88 | .. attribute:: DNSQuestion.wantsRPZ |
223bb49e | 89 | |
54c79a88 PL |
90 | A boolean that indicates the use of the Policy Engine. |
91 | Can be set to ``false`` in ``prerpz`` to disable RPZ for this query. | |
223bb49e | 92 | |
54c79a88 | 93 | .. attribute:: DNSQuestion.data |
223bb49e | 94 | |
54c79a88 PL |
95 | A Lua object reference that is persistent throughout the lifetime of the :class:`DNSQuestion` object for a single query. |
96 | It can be used to store custom data. | |
97 | Most scripts initialise this to an empty table early on so they can store multiple items. | |
223bb49e | 98 | |
54c79a88 | 99 | .. attribute:: DNSQuestion.requestorId |
223bb49e | 100 | |
54c79a88 | 101 | .. versionadded:: 4.1.0 |
223bb49e | 102 | |
54c79a88 | 103 | A string that will be used to set the ``requestorId`` field in :doc:`protobuf <../lua-config/protobuf>` messages. |
223bb49e | 104 | |
54c79a88 | 105 | .. attribute:: DNSQuestion.deviceId |
bf770968 | 106 | |
54c79a88 | 107 | .. versionadded:: 4.1.0 |
bf770968 | 108 | |
54c79a88 | 109 | A string that will be used to set the ``deviceId`` field in :doc:`protobuf <../lua-config/protobuf>` messages. |
bf770968 | 110 | |
0a6a45c8 CHB |
111 | .. attribute:: DNSQuestion.deviceName |
112 | ||
cee8bfbd | 113 | .. versionadded:: 4.3.0 |
0a6a45c8 CHB |
114 | |
115 | A string that will be used to set the ``deviceName`` field in :doc:`protobuf <../lua-config/protobuf>` messages. | |
116 | ||
54c79a88 | 117 | .. attribute:: DNSQuestion.udpAnswer |
223bb49e | 118 | |
54c79a88 PL |
119 | Answer to the :attr:`udpQuery <DNSQuestion.udpQuery>` when when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>`. |
120 | Only filled when the call-back function is invoked. | |
223bb49e | 121 | |
54c79a88 | 122 | .. attribute:: DNSQuestion.udpQueryDest |
223bb49e | 123 | |
54c79a88 | 124 | Destination IP address to send the UDP packet to when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>` |
223bb49e | 125 | |
54c79a88 | 126 | .. attribute:: DNSQuestion.udpQuery |
223bb49e | 127 | |
54c79a88 | 128 | The content of the UDP payload when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>` |
223bb49e | 129 | |
54c79a88 | 130 | .. attribute:: DNSQuestion.udpCallback |
223bb49e | 131 | |
54c79a88 | 132 | The name of the callback function that is called when using the ``udpQueryResponse`` :attr:`followupFunction <DNSQuestion.followupFunction>` when an answer is received. |
223bb49e | 133 | |
54c79a88 | 134 | .. attribute:: DNSQuestion.validationState |
1921a4c2 | 135 | |
54c79a88 | 136 | .. versionadded:: 4.1.0 |
1921a4c2 | 137 | |
54c79a88 PL |
138 | The result of the DNSSEC validation, accessible from the ``postresolve``, ``nxdomain`` and ``nodata`` hooks. |
139 | Possible states are ``pdns.validationstates.Indeterminate``, ``pdns.validationstates.Bogus``, ``pdns.validationstates.Insecure`` and ``pdns.validationstates.Secure``. | |
140 | The result will always be ``pdns.validationstates.Indeterminate`` is validation is disabled or was not requested. | |
1921a4c2 | 141 | |
f1c7929a RG |
142 | .. attribute:: DNSQuestion.logResponse |
143 | ||
144 | .. versionadded:: 4.2.0 | |
145 | ||
146 | Whether the response to this query will be exported to a remote protobuf logger, if one has been configured. | |
147 | ||
54c79a88 | 148 | It also supports the following methods: |
223bb49e | 149 | |
54c79a88 | 150 | .. method:: DNSQuestion:addAnswer(type, content, [ttl, name]) |
223bb49e | 151 | |
54c79a88 | 152 | Add an answer to the record of ``type`` with ``content``. |
223bb49e | 153 | |
54c79a88 PL |
154 | :param int type: The type of record to add, can be ``pdns.AAAA`` etc. |
155 | :param str content: The content of the record, will be parsed into wireformat based on the ``type`` | |
385f9865 | 156 | :param int ttl: The TTL in seconds for this record, defaults to 3600 |
54c79a88 | 157 | :param DNSName name: The name of this record, defaults to :attr:`DNSQuestion.qname` |
223bb49e | 158 | |
eac36302 | 159 | .. method:: DNSQuestion:addRecord(type, content, place, [ttl, name]) |
160 | ||
161 | Add a record of ``type`` with ``content`` in section ``place``. | |
162 | ||
163 | :param int type: The type of record to add, can be ``pdns.AAAA`` etc. | |
164 | :param str content: The content of the record, will be parsed into wireformat based on the ``type`` | |
165 | :param int place: The section to place the record, see :attr:`DNSRecord.place` | |
385f9865 | 166 | :param int ttl: The TTL in seconds for this record, defaults to 3600 |
eac36302 | 167 | :param DNSName name: The name of this record, defaults to :attr:`DNSQuestion.qname` |
168 | ||
54c79a88 | 169 | .. method:: DNSQuestion:addPolicyTag(tag) |
223bb49e | 170 | |
18a9de33 | 171 | Add policyTag ``tag`` to the list of policyTags. |
223bb49e | 172 | |
54c79a88 | 173 | :param str tag: The tag to add |
223bb49e | 174 | |
18a9de33 OM |
175 | .. method:: DNSQuestion:getPolicyTags() -> {str} |
176 | ||
177 | Get the current policy tags as a table of strings. | |
178 | ||
179 | .. method:: DNSQuestion:setPolicyTags(tags) | |
180 | ||
181 | Set the policy tags to ``tags``, overwriting any existing policy tags. | |
182 | ||
183 | :param {str} tags: The policy tags | |
184 | ||
54c79a88 | 185 | .. method:: DNSQuestion:discardPolicy(policyname) |
223bb49e | 186 | |
54c79a88 PL |
187 | Skip the filtering policy (for example RPZ) named ``policyname`` for this query. |
188 | This is mostly useful in the ``prerpz`` hook. | |
223bb49e | 189 | |
54c79a88 | 190 | :param str policyname: The name of the policy to ignore. |
223bb49e | 191 | |
54c79a88 | 192 | .. method:: DNSQuestion:getDH() -> DNSHeader |
223bb49e | 193 | |
54c79a88 | 194 | Returns the :class:`DNSHeader` of the query or nil. |
223bb49e | 195 | |
d14a6965 RG |
196 | .. method:: DNSQuestion:getProxyProtocolValues() -> {ProxyProtocolValue} |
197 | ||
198 | .. versionadded:: 4.4.0 | |
199 | ||
200 | Get the Proxy Protocol Type-Length Values if any, as a table of :class:`ProxyProtocolValue` objects. | |
201 | ||
54c79a88 | 202 | .. method:: DNSQuestion:getRecords() -> {DNSRecord} |
223bb49e | 203 | |
54c79a88 | 204 | Get a table of DNS Records in this DNS Question (or answer by now). |
223bb49e | 205 | |
54c79a88 | 206 | .. method:: DNSQuestion:setRecords(records) |
223bb49e | 207 | |
54c79a88 | 208 | After your edits, update the answers of this question |
223bb49e | 209 | |
54c79a88 | 210 | :param {DNSRecord} records: The records to put in the packet |
223bb49e | 211 | |
54c79a88 | 212 | .. method:: DNSQuestion:getEDNSFlag(name) -> bool |
223bb49e | 213 | |
54c79a88 | 214 | Returns true if the EDNS flag with ``name`` is set in the query. |
223bb49e | 215 | |
54c79a88 | 216 | :param string name: Name of the flag. |
223bb49e | 217 | |
54c79a88 | 218 | .. method:: DNSQuestion:getEDNSFlags() -> {str} |
223bb49e | 219 | |
54c79a88 | 220 | Returns a list of strings with all the EDNS flag mnemonics in the query. |
223bb49e | 221 | |
54c79a88 | 222 | .. method:: DNSQuestion:getEDNSOption(num) -> str |
223bb49e | 223 | |
54c79a88 | 224 | Get the EDNS Option with number ``num`` as a bytestring. |
223bb49e | 225 | |
54c79a88 | 226 | .. method:: DNSQuestion:getEDNSOptions() -> {str: str} |
223bb49e | 227 | |
54c79a88 | 228 | Get a map of all EDNS Options |
223bb49e | 229 | |
54c79a88 | 230 | .. method:: DNSQuestion:getEDNSSubnet() -> Netmask |
223bb49e | 231 | |
54c79a88 | 232 | Returns the :class:`Netmask` specified in the EDNSSubnet option, or empty if there was none. |
223bb49e | 233 | |
223bb49e PL |
234 | DNSHeader Object |
235 | ================ | |
236 | ||
237 | The DNS header as returned by :meth:`DNSQuestion:getDH()` represents a header of a DNS message. | |
238 | ||
239 | .. class:: DNSHeader | |
240 | ||
241 | represents a header of a DNS message. | |
242 | ||
54c79a88 | 243 | .. method:: DNSHeader:getRD() -> bool |
223bb49e | 244 | |
54c79a88 | 245 | The value of the Recursion Desired bit. |
223bb49e | 246 | |
54c79a88 | 247 | .. method:: DNSHeader:getAA() -> bool |
223bb49e | 248 | |
54c79a88 | 249 | The value of the Authoritative Answer bit. |
223bb49e | 250 | |
54c79a88 | 251 | .. method:: DNSHeader:getAD() -> bool |
223bb49e | 252 | |
54c79a88 | 253 | The value of the Authenticated Data bit. |
223bb49e | 254 | |
54c79a88 | 255 | .. method:: DNSHeader:getCD() -> bool |
223bb49e | 256 | |
54c79a88 | 257 | The value of the Checking Disabled bit. |
223bb49e | 258 | |
54c79a88 | 259 | .. method:: DNSHeader:getTC() -> bool |
223bb49e | 260 | |
54c79a88 | 261 | The value of the Truncation bit. |
223bb49e | 262 | |
54c79a88 | 263 | .. method:: DNSHeader:getRCODE() -> int |
223bb49e | 264 | |
54c79a88 | 265 | The Response Code of the query |
223bb49e | 266 | |
54c79a88 | 267 | .. method:: DNSHeader:getOPCODE() -> int |
223bb49e | 268 | |
54c79a88 | 269 | The Operation Code of the query |
223bb49e | 270 | |
54c79a88 | 271 | .. method:: DNSHeader:getID() -> int |
223bb49e | 272 | |
54c79a88 | 273 | The ID of the query |
223bb49e PL |
274 | |
275 | The EDNSOptionView Class | |
276 | ======================== | |
277 | ||
278 | .. class:: EDNSOptionView | |
279 | ||
29e6303a RG |
280 | An object that represents the values of a single EDNS option |
281 | ||
282 | .. method:: EDNSOptionView:count() | |
283 | .. versionadded:: 4.2.0 | |
284 | ||
285 | The number of values for this EDNS option. | |
286 | ||
287 | .. method:: EDNSOptionView:getValues() | |
288 | .. versionadded:: 4.2.0 | |
289 | ||
290 | Return a table of NULL-safe strings values for this EDNS option. | |
223bb49e | 291 | |
54c79a88 | 292 | .. attribute:: EDNSOptionView.size |
223bb49e | 293 | |
29e6303a | 294 | The size in bytes of the first value of this EDNS option. |
223bb49e | 295 | |
54c79a88 | 296 | .. method:: EDNSOptionView:getContent() |
223bb49e | 297 | |
29e6303a | 298 | Returns a NULL-safe string object of the first value of this EDNS option. |
d14a6965 RG |
299 | |
300 | The ProxyProtocolValue Class | |
301 | ============================ | |
302 | ||
303 | .. class:: ProxyProtocolValue | |
304 | ||
305 | .. versionadded:: 4.4.0 | |
306 | ||
307 | An object that represents the value of a Proxy Protocol Type-Length Value | |
308 | ||
309 | .. method:: ProxyProtocolValue:getContent() -> str | |
310 | ||
311 | Returns a NULL-safe string object. | |
312 | ||
313 | .. method:: ProxyProtocolValue:getType() -> int | |
314 | ||
315 | Returns the type of this value. |