From: Remi Gacogne Date: Fri, 7 Feb 2020 11:06:07 +0000 (+0100) Subject: dnsdist: Add the ability to set flags in SetNegativeAndSOAAction() X-Git-Tag: auth-4.3.0-beta2~33^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ba5721203a052eed575555d97cf0280813f95a54;p=thirdparty%2Fpdns.git dnsdist: Add the ability to set flags in SetNegativeAndSOAAction() --- diff --git a/pdns/dnsdist-console.cc b/pdns/dnsdist-console.cc index d3a8b06e24..6551f3a834 100644 --- a/pdns/dnsdist-console.cc +++ b/pdns/dnsdist-console.cc @@ -515,7 +515,7 @@ const std::vector g_consoleKeywords{ { "setMaxTCPQueriesPerConnection", true, "n", "set the maximum number of queries in an incoming TCP connection. 0 means unlimited" }, { "setMaxTCPQueuedConnections", true, "n", "set the maximum number of TCP connections queued (waiting to be picked up by a client thread)" }, { "setMaxUDPOutstanding", true, "n", "set the maximum number of outstanding UDP queries to a given backend server. This can only be set at configuration time and defaults to 65535" }, - { "SetNegativeAndSOAAction", "true", "nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum", "Turn a query into a NXDomain or NoData answer and sets a SOA record in the additional section" }, + { "SetNegativeAndSOAAction", "true", "nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum [, options]", "Turn a query into a NXDomain or NoData answer and sets a SOA record in the additional section" }, { "setPayloadSizeOnSelfGeneratedAnswers", true, "payloadSize", "set the UDP payload size advertised via EDNS on self-generated responses" }, { "setPoolServerPolicy", true, "policy, pool", "set the server selection policy for this pool to that policy" }, { "setPoolServerPolicyLua", true, "name, func, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'" }, diff --git a/pdns/dnsdist-lua-actions.cc b/pdns/dnsdist-lua-actions.cc index 69c6c1a175..9134ddb713 100644 --- a/pdns/dnsdist-lua-actions.cc +++ b/pdns/dnsdist-lua-actions.cc @@ -1273,6 +1273,8 @@ public: return Action::None; } + setResponseHeadersFromConfig(*dq->dh, d_responseConfig); + return Action::Allow; } @@ -1281,6 +1283,8 @@ public: return std::string(d_nxd ? "NXD " : "NODATA") + " with SOA"; } + ResponseConfig d_responseConfig; + private: DNSName d_zone; DNSName d_mname; @@ -1439,7 +1443,7 @@ void setupLuaActions() return std::shared_ptr(new QPSPoolAction(limit, a)); }); - g_lua.writeFunction("SpoofAction", [](boost::variant>> inp, boost::optional b, boost::optional vars ) { + g_lua.writeFunction("SpoofAction", [](boost::variant>> inp, boost::optional b, boost::optional vars) { vector addrs; if(auto s = boost::get(&inp)) addrs.push_back(ComboAddress(*s)); @@ -1679,7 +1683,10 @@ void setupLuaActions() return std::shared_ptr(new KeyValueStoreLookupAction(kvs, lookupKey, destinationTag)); }); - g_lua.writeFunction("SetNegativeAndSOAAction", [](bool nxd, const std::string& zone, uint32_t ttl, const std::string& mname, const std::string& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum) { - return std::shared_ptr(new SetNegativeAndSOAAction(nxd, DNSName(zone), ttl, DNSName(mname), DNSName(rname), serial, refresh, retry, expire, minimum)); + g_lua.writeFunction("SetNegativeAndSOAAction", [](bool nxd, const std::string& zone, uint32_t ttl, const std::string& mname, const std::string& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum, boost::optional vars) { + auto ret = std::shared_ptr(new SetNegativeAndSOAAction(nxd, DNSName(zone), ttl, DNSName(mname), DNSName(rname), serial, refresh, retry, expire, minimum)); + auto action = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, action->d_responseConfig); + return ret; }); } diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index 4197e89efe..4e9af366f6 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -1187,7 +1187,7 @@ The following actions exist. :param string v4: The IPv4 netmask, for example "192.0.2.1/32" :param string v6: The IPv6 netmask, if any -.. function:: SetNegativeAndSOAAction(nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum) +.. function:: SetNegativeAndSOAAction(nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum [, options]) .. versionadded:: 1.5.0 @@ -1203,6 +1203,13 @@ The following actions exist. :param int retry: The value of the retry field in the SOA record :param int expire: The value of the expire field in the SOA record :param int minimum: The value of the minimum field in the SOA record + :param table options: A table with key: value pairs with options + + Options: + + * ``aa``: bool - Set the AA bit to this value (true means the bit is set, false means it's cleared). Default is to clear it. + * ``ad``: bool - Set the AD bit to this value (true means the bit is set, false means it's cleared). Default is to clear it. + * ``ra``: bool - Set the RA bit to this value (true means the bit is set, false means it's cleared). Default is to copy the value of the RD bit from the incoming query. .. function:: SkipCacheAction() diff --git a/regression-tests.dnsdist/test_Advanced.py b/regression-tests.dnsdist/test_Advanced.py index e4d4c636dd..ba1a67ac09 100644 --- a/regression-tests.dnsdist/test_Advanced.py +++ b/regression-tests.dnsdist/test_Advanced.py @@ -1857,6 +1857,7 @@ class TestAdvancedSetNegativeAndSOA(DNSDistTest): """ name = 'nxd.setnegativeandsoa.advanced.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN') + query.flags &= ~dns.flags.RD expectedResponse = dns.message.make_response(query) expectedResponse.set_rcode(dns.rcode.NXDOMAIN) soa = dns.rrset.from_text("auth", @@ -1877,6 +1878,7 @@ class TestAdvancedSetNegativeAndSOA(DNSDistTest): """ name = 'nodata.setnegativeandsoa.advanced.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN') + query.flags &= ~dns.flags.RD expectedResponse = dns.message.make_response(query) expectedResponse.set_rcode(dns.rcode.NOERROR) soa = dns.rrset.from_text("another-auth",