This patch will allow you to redirect inbound notifications to a proxy server. It's intended use is in anycast environments where it might be necessary for a proxy server to preform the AXFR.
The configuration option "forward-notify" has been added to the pdns.conf parser. The option accepts multiple IPv4 and IPv6 address values.
Forward DNS updates sent to a slave to the master.
+## `forward-notify`
+* IP addresses, separated by commas
+
+IP addresses to send received notifications to regardless of master or slave settings.
+
+Note: The intended use is in anycast environments where it might be necessary for a
+proxy server to preform the AXFR. The usual checks are preformed before any received
+notification is forwarded.
+
## `guardian`
* Boolean
* Default: no
::arg().set("trusted-notification-proxy", "IP address of incoming notification proxy")="";
::arg().set("slave-renotify", "If we should send out notifications for slaved updates")="no";
+ ::arg().set("forward-notify", "IP addresses to send received notifications to regardless of master or slave settings")="";
::arg().set("default-ttl","Seconds a result is valid if not set otherwise")="3600";
::arg().set("max-tcp-connections","Maximum number of TCP connections")="20";
if(::arg().mustDo("webserver") || ::arg().mustDo("api"))
webserver.go();
- if(::arg().mustDo("slave") || ::arg().mustDo("master"))
+ if(::arg().mustDo("slave") || ::arg().mustDo("master") || !::arg()["forward-notify"].empty())
Communicator.go();
if(!::arg()["experimental-lua-policy-script"].empty()){
exit(1);
}
}
+
+ vector<string> forwards;
+ stringtok(forwards, ::arg()["forward-notify"], ", \t");
+ for (vector<string>::const_iterator iter = forwards.begin(); iter != forwards.end(); ++iter) {
+ try {
+ ComboAddress caIp(*iter, 53);
+ PacketHandler::s_forwardNotify.insert(caIp.toStringWithPort());
+ }
+ catch(PDNSException &e) {
+ L<<Logger::Error<<"Unparseable IP in forward-notify. Error: "<<e.reason<<endl;
+ exit(1);
+ }
+ }
}
void CommunicatorClass::mainloop(void)
AtomicCounter PacketHandler::s_count;
NetmaskGroup PacketHandler::s_allowNotifyFrom;
+set<string> PacketHandler::s_forwardNotify;
+
extern string s_programname;
PacketHandler::PacketHandler():B(s_programname), d_dk(&B)
*/
vector<string> meta;
- if(!::arg().mustDo("slave")) {
+ if(!::arg().mustDo("slave") && s_forwardNotify.empty()) {
L<<Logger::Error<<"Received NOTIFY for "<<p->qdomain<<" from "<<p->getRemote()<<" but slave support is disabled in the configuration"<<endl;
return RCode::NotImp;
}
// ok, we've done our checks
di.backend = 0;
- Communicator.addSlaveCheckRequest(di, p->d_remote);
+
+ if(!s_forwardNotify.empty()) {
+ set<string> forwardNotify(s_forwardNotify);
+ for(set<string>::const_iterator j=forwardNotify.begin();j!=forwardNotify.end();++j) {
+ L<<Logger::Warning<<"Relaying notification of domain "<<p->qdomain<<" from "<<p->getRemote()<<" to "<<*j<<endl;
+ Communicator.notify(p->qdomain,*j);
+ }
+ }
+
+ if(::arg().mustDo("slave"))
+ Communicator.addSlaveCheckRequest(di, p->d_remote);
return 0;
}
int trySuperMasterSynchronous(DNSPacket *p, const DNSName& tsigkeyname);
static NetmaskGroup s_allowNotifyFrom;
+ static set<string> s_forwardNotify;
private:
int trySuperMaster(DNSPacket *p, const DNSName& tsigkeyname);
projects / thirdparty / pdns.git / commitdiff
