Add DisableValidationAction() and addDisableValidationRule()

diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md
index 5a4a75c4143705597968c03170c91ce7f1445123..01f118ba637dd5414b0e5de33a25e03db1b82e63 100644 (file)
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -592,6 +592,7 @@ Here are all functions:
    * `DropAction()`: drop these packets
    * `NoRecurseAction()`: strip RD bit from the question, let it go through
    * `TCAction()`: create answer to query with TC and RD bits set, to move to TCP/IP
+   * `DisableValidationAction()`: set the CD bit in the question, let it go through
  * Specialist rule generators
    * addAnyTCRule(): generate TC=1 answers to ANY queries, moving them to TCP
    * setDNSSECPool(): move queries requesting DNSSEC processing to this pool

diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 32c12f848341dec97bb4ac9fbf9783b5934b162f..b24878384fb67b5251a735d25a50b3e24d2a1508 100644 (file)
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -373,6 +373,10 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
       return std::shared_ptr<DNSAction>(new TCAction);
     });
 
+  g_lua.writeFunction("DisableValidationAction", []() {
+      return std::shared_ptr<DNSAction>(new DisableValidationAction);
+    });
+
 
   g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional<int> ipv4trunc, boost::optional<int> ipv6trunc) {
       return std::shared_ptr<DNSRule>(new MaxQPSIPRule(qps, ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64)));
@@ -414,6 +418,15 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
          });
     });
 
+  g_lua.writeFunction("addDisableValidationRule", [](luadnsrule_t var) {
+      auto rule=makeRule(var);
+       g_rulactions.modify([rule](decltype(g_rulactions)::value_type& rulactions) {
+           rulactions.push_back({
+               rule,
+                 std::make_shared<DisableValidationAction>()  });
+         });
+    });
+
 
   g_lua.writeFunction("addQPSPoolRule", [](luadnsrule_t var, int limit, string pool) {
       auto rule = makeRule(var);

diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh
index 6e16825cf23623d1d70827bcec48ec01d7d933d5..a12668d9470beeb0246f5d8ebed829e94b280d00 100644 (file)
--- a/pdns/dnsrulactions.hh
+++ b/pdns/dnsrulactions.hh
@@ -279,3 +279,17 @@ public:
     return "set rd=0";
   }
 };
+
+class DisableValidationAction : public DNSAction
+{
+public:
+  DNSAction::Action operator()(const ComboAddress& remote, const DNSName& qname, uint16_t qtype, dnsheader* dh, int len, string* ruleresult) const override
+  {
+    dh->cd = true;
+    return Action::HeaderModify;
+  }
+  string toString() const override
+  {
+    return "set cd=1";
+  }
+};