dnsdist: fix ClearRecordTypesResponseAction documentation with an example and clarify...

diff --git a/pdns/dnsdist-lua-actions.cc b/pdns/dnsdist-lua-actions.cc
index ca25b37bd6dd7db9f5d9d0fc671534f72e5b8664..2fc71acfa61ac850f7864176b460f47cf72ec503 100644 (file)
--- a/pdns/dnsdist-lua-actions.cc
+++ b/pdns/dnsdist-lua-actions.cc
@@ -1734,7 +1734,7 @@ public:
     if (d_qtypes.size() > 0) {
       clearDNSPacketRecordTypes(dr->getMutableData(), d_qtypes);
     }
-    return DNSResponseAction::Action::HeaderModify;
+    return DNSResponseAction::Action::None;
   }
 
   std::string toString() const override
@@ -2260,12 +2260,12 @@ void setupLuaActions(LuaContext& luaCtx)
       return std::shared_ptr<DNSResponseAction>(new LimitTTLResponseAction(0, max));
     });
 
-  luaCtx.writeFunction("ClearRecordTypesResponseAction", [](boost::variant<int,vector<pair<int, int>>> types) {
+  luaCtx.writeFunction("ClearRecordTypesResponseAction", [](boost::variant<int, vector<pair<int, int>>> types) {
       std::set<QType> qtypes{};
-      if (auto t = boost::get<int>(types)) {
-        qtypes.insert(t);
-      } else {
-        const auto& v = boost::get<vector<pair<int,int>>>(types);
+      if (types.type() == typeid(int)) {
+        qtypes.insert(boost::get<int>(types));
+      } else if (types.type() == typeid(vector<pair<int, int>>)) {
+        const auto& v = boost::get<vector<pair<int, int>>>(types);
         for (const auto& tpair: v) {
           qtypes.insert(tpair.second);
         }

diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst
index 582a2505cad66bb2f7595fb2f3134746fe95fc00..2bcf91ff127bffbd9a97b0e823e5b01639d432e8 100644 (file)
--- a/pdns/dnsdistdist/docs/rules-actions.rst
+++ b/pdns/dnsdistdist/docs/rules-actions.rst
@@ -816,6 +816,8 @@ Actions
 
 :ref:`RulesIntro` need to be combined with an action for them to actually do something with the matched packets.
 Some actions allow further processing of rules, this is noted in their description. Most of these start with 'Set' with a few exceptions, mostly for logging actions. These exceptions are:
+
+- :func:`ClearRecordTypesResponseAction`
 - :func:`KeyValueStoreLookupAction`
 - :func:`DnstapLogAction`
 - :func:`DnstapLogResponseAction`
@@ -838,11 +840,27 @@ The following actions exist.
 
   Let these packets go through.
 
-.. function::ClearRecordTypesResponseAction(types)
+.. function:: ClearRecordTypesResponseAction(types)
 
   .. versionadded:: 1.8.0
 
-  Removes given type(s) records from the response.
+  Removes given type(s) records from the response. Beware you can accidentally turn the answer into a NODATA response
+  without a SOA record in the additional section in which case you may want to use :func:`NegativeAndSOAAction` to generate an answer,
+  see example bellow.
+  Subsequent rules are processed after this action.
+
+  .. code-block:: Lua
+
+    -- removes any HTTPS record in the response
+    addResponseAction(
+            QNameRule('www.example.com.'),
+            ClearRecordTypesResponseAction(DNSQType.HTTPS)
+    )
+    -- reply directly with NODATA and a SOA record as we know the answer will be empty
+    addAction(
+            AndRule{QNameRule('www.example.com.'), QTypeRule(DNSQType.HTTPS)},
+            NegativeAndSOAAction(false, 'example.com.', 3600, 'ns.example.com.', 'postmaster.example.com.', 1, 1800, 900, 604800, 86400)
+    )
 
   :param int types: a single type or a list of types to remove