From: Remi Gacogne <rgacogne-github@coredump.fr>
Date: Thu, 19 Nov 2015 09:39:18 +0000 (+0100)
Subject: Add DisableValidationAction() and addDisableValidationRule()
X-Git-Tag: dnsdist-1.0.0-alpha1~210^2~17^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2909%2Fhead;p=thirdparty%2Fpdns.git

Add DisableValidationAction() and addDisableValidationRule()
---

diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md
index 5a4a75c414..01f118ba63 100644
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -592,6 +592,7 @@ Here are all functions:
    * `DropAction()`: drop these packets
    * `NoRecurseAction()`: strip RD bit from the question, let it go through
    * `TCAction()`: create answer to query with TC and RD bits set, to move to TCP/IP
+   * `DisableValidationAction()`: set the CD bit in the question, let it go through
  * Specialist rule generators
    * addAnyTCRule(): generate TC=1 answers to ANY queries, moving them to TCP
    * setDNSSECPool(): move queries requesting DNSSEC processing to this pool
diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 32c12f8483..b24878384f 100644
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -373,6 +373,10 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
       return std::shared_ptr<DNSAction>(new TCAction);
     });
 
+  g_lua.writeFunction("DisableValidationAction", []() {
+      return std::shared_ptr<DNSAction>(new DisableValidationAction);
+    });
+
 
   g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional<int> ipv4trunc, boost::optional<int> ipv6trunc) {
       return std::shared_ptr<DNSRule>(new MaxQPSIPRule(qps, ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64)));
@@ -414,6 +418,15 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
 	  });
     });
 
+  g_lua.writeFunction("addDisableValidationRule", [](luadnsrule_t var) {
+      auto rule=makeRule(var);
+	g_rulactions.modify([rule](decltype(g_rulactions)::value_type& rulactions) {
+	    rulactions.push_back({
+		rule,
+		  std::make_shared<DisableValidationAction>()  });
+	  });
+    });
+
 
   g_lua.writeFunction("addQPSPoolRule", [](luadnsrule_t var, int limit, string pool) {
       auto rule = makeRule(var);
diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh
index 6e16825cf2..a12668d947 100644
--- a/pdns/dnsrulactions.hh
+++ b/pdns/dnsrulactions.hh
@@ -279,3 +279,17 @@ public:
     return "set rd=0";
   }
 };
+
+class DisableValidationAction : public DNSAction
+{
+public:
+  DNSAction::Action operator()(const ComboAddress& remote, const DNSName& qname, uint16_t qtype, dnsheader* dh, int len, string* ruleresult) const override
+  {
+    dh->cd = true;
+    return Action::HeaderModify;
+  }
+  string toString() const override
+  {
+    return "set cd=1";
+  }
+};