{"NoOp",(int)DNSAction::Action::NoOp},
{"Delay", (int)DNSAction::Action::Delay},
{"Truncate", (int)DNSAction::Action::Truncate},
- {"ServFail", (int)DNSAction::Action::ServFail}
+ {"ServFail", (int)DNSAction::Action::ServFail},
+ {"NoRecurse", (int)DNSAction::Action::NoRecurse}
});
g_lua.writeVariable("DNSResponseAction", std::unordered_map<string,int>{
g_lua.writeFunction("setDynBlocksAction", [](DNSAction::Action action) {
if (!g_configurationDone) {
- if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate) {
+ if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate || action == DNSAction::Action::NoRecurse) {
g_dynBlockAction = action;
}
else {
- errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused or Truncate!");
- g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused or Truncate!\n";
+ errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!");
+ g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!\n";
}
} else {
g_outputBuffer="Dynamic blocks action cannot be altered at runtime!\n";
vinfolog("Query from %s for %s over TCP *not* truncated because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString());
}
break;
+ case DNSAction::Action::NoRecurse:
+ updateBlockStats();
+ vinfolog("Query from %s setting rd=0 because of dynamic block", dq.remote->toStringWithPort());
+ dq.dh->rd = false;
+ return true;
default:
updateBlockStats();
vinfolog("Query from %s dropped because of dynamic block", dq.remote->toStringWithPort());
vinfolog("Query from %s for %s over TCP *not* truncated because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString());
}
break;
+ case DNSAction::Action::NoRecurse:
+ updateBlockStats();
+ vinfolog("Query from %s setting rd=0 because of dynamic block", dq.remote->toStringWithPort());
+ dq.dh->rd = false;
+ return true;
default:
updateBlockStats();
vinfolog("Query from %s for %s dropped because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString());
/* fall-through */
case DNSAction::Action::NoOp:
break;
+ case DNSAction::Action::NoRecurse:
+ dq.dh->rd = false;
+ return true;
+ break;
}
}
}
class DNSAction
{
public:
- enum class Action { Drop, Nxdomain, Refused, Spoof, Allow, HeaderModify, Pool, Delay, Truncate, ServFail, None, NoOp };
+ enum class Action { Drop, Nxdomain, Refused, Spoof, Allow, HeaderModify, Pool, Delay, Truncate, ServFail, None, NoOp, NoRecurse };
static std::string typeToString(const Action& action)
{
switch(action) {
case Action::None:
case Action::NoOp:
return "Do nothing";
+ case Action::NoRecurse:
+ return "Set rd=0";
}
return "Unknown";
``DNSAction.NXDomain`` action added.
Set which action is performed when a query is blocked.
- Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.NXDomain, DNSAction.Refused and DNSAction.Truncate are supported.
+ Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.NXDomain, DNSAction.Refused, DNSAction.Truncate and DNSAction.NoRecurse are supported.
.. _exceedfuncs:
* ``DNSAction.ServFail``: return a response with a ServFail rcode
* ``DNSAction.Spoof``: spoof the response using the supplied IPv4 (A), IPv6 (AAAA) or string (CNAME) value
* ``DNSAction.Truncate``: truncate the response
+ * ``DNSAction.NoRecurse``: set rd=0 on the query
.. _DNSResponseAction:
projects / thirdparty / pdns.git / commitdiff
