From: phonedph1 Date: Fri, 19 Oct 2018 20:52:21 +0000 (+0000) Subject: Allow NoRecurse for use in dynamic blocks or lua rules X-Git-Tag: auth-4.2.0-alpha1~32^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3d60b39ae16df86fcd6af8e080d92c2b8b995fe4;p=thirdparty%2Fpdns.git Allow NoRecurse for use in dynamic blocks or lua rules --- diff --git a/pdns/dnsdist-lua-vars.cc b/pdns/dnsdist-lua-vars.cc index 4ce42b5c7d..d4d199436e 100644 --- a/pdns/dnsdist-lua-vars.cc +++ b/pdns/dnsdist-lua-vars.cc @@ -36,7 +36,8 @@ void setupLuaVars() {"NoOp",(int)DNSAction::Action::NoOp}, {"Delay", (int)DNSAction::Action::Delay}, {"Truncate", (int)DNSAction::Action::Truncate}, - {"ServFail", (int)DNSAction::Action::ServFail} + {"ServFail", (int)DNSAction::Action::ServFail}, + {"NoRecurse", (int)DNSAction::Action::NoRecurse} }); g_lua.writeVariable("DNSResponseAction", std::unordered_map{ diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index 95b25b0f02..a6dfeb1da6 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1050,12 +1050,12 @@ instance_name ? *instance_name : "main" , g_lua.writeFunction("setDynBlocksAction", [](DNSAction::Action action) { if (!g_configurationDone) { - if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate) { + if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate || action == DNSAction::Action::NoRecurse) { g_dynBlockAction = action; } else { - errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused or Truncate!"); - g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused or Truncate!\n"; + errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!"); + g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!\n"; } } else { g_outputBuffer="Dynamic blocks action cannot be altered at runtime!\n"; diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc index ea5c93a895..0e28c6f9b9 100644 --- a/pdns/dnsdist.cc +++ b/pdns/dnsdist.cc @@ -1007,6 +1007,11 @@ bool processQuery(LocalHolders& holders, DNSQuestion& dq, string& poolname, int* vinfolog("Query from %s for %s over TCP *not* truncated because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString()); } break; + case DNSAction::Action::NoRecurse: + updateBlockStats(); + vinfolog("Query from %s setting rd=0 because of dynamic block", dq.remote->toStringWithPort()); + dq.dh->rd = false; + return true; default: updateBlockStats(); vinfolog("Query from %s dropped because of dynamic block", dq.remote->toStringWithPort()); @@ -1057,6 +1062,11 @@ bool processQuery(LocalHolders& holders, DNSQuestion& dq, string& poolname, int* vinfolog("Query from %s for %s over TCP *not* truncated because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString()); } break; + case DNSAction::Action::NoRecurse: + updateBlockStats(); + vinfolog("Query from %s setting rd=0 because of dynamic block", dq.remote->toStringWithPort()); + dq.dh->rd = false; + return true; default: updateBlockStats(); vinfolog("Query from %s for %s dropped because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString()); @@ -1122,6 +1132,10 @@ bool processQuery(LocalHolders& holders, DNSQuestion& dq, string& poolname, int* /* fall-through */ case DNSAction::Action::NoOp: break; + case DNSAction::Action::NoRecurse: + dq.dh->rd = false; + return true; + break; } } } diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index 6bbb878b26..e96525491e 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -111,7 +111,7 @@ struct DNSResponse : DNSQuestion class DNSAction { public: - enum class Action { Drop, Nxdomain, Refused, Spoof, Allow, HeaderModify, Pool, Delay, Truncate, ServFail, None, NoOp }; + enum class Action { Drop, Nxdomain, Refused, Spoof, Allow, HeaderModify, Pool, Delay, Truncate, ServFail, None, NoOp, NoRecurse }; static std::string typeToString(const Action& action) { switch(action) { @@ -138,6 +138,8 @@ public: case Action::None: case Action::NoOp: return "Do nothing"; + case Action::NoRecurse: + return "Set rd=0"; } return "Unknown"; diff --git a/pdns/dnsdistdist/docs/reference/config.rst b/pdns/dnsdistdist/docs/reference/config.rst index b7faaa515a..fd045b5b46 100644 --- a/pdns/dnsdistdist/docs/reference/config.rst +++ b/pdns/dnsdistdist/docs/reference/config.rst @@ -801,7 +801,7 @@ Dynamic Blocks ``DNSAction.NXDomain`` action added. Set which action is performed when a query is blocked. - Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.NXDomain, DNSAction.Refused and DNSAction.Truncate are supported. + Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.NXDomain, DNSAction.Refused, DNSAction.Truncate and DNSAction.NoRecurse are supported. .. _exceedfuncs: diff --git a/pdns/dnsdistdist/docs/reference/constants.rst b/pdns/dnsdistdist/docs/reference/constants.rst index 1476639398..6ee99ef8e5 100644 --- a/pdns/dnsdistdist/docs/reference/constants.rst +++ b/pdns/dnsdistdist/docs/reference/constants.rst @@ -107,6 +107,7 @@ These constants represent an Action that can be returned from the functions invo * ``DNSAction.ServFail``: return a response with a ServFail rcode * ``DNSAction.Spoof``: spoof the response using the supplied IPv4 (A), IPv6 (AAAA) or string (CNAME) value * ``DNSAction.Truncate``: truncate the response + * ``DNSAction.NoRecurse``: set rd=0 on the query .. _DNSResponseAction: