From ba3039963ada029d163561030b51f6438a099daa Mon Sep 17 00:00:00 2001 From: Charles-Henri Bruyand Date: Thu, 16 Dec 2021 13:35:18 +0100 Subject: [PATCH] dnsdist: fix ClearRecordTypesResponseAction documentation with an example and clarify subsequent rules will be processed --- pdns/dnsdist-lua-actions.cc | 12 ++++++------ pdns/dnsdistdist/docs/rules-actions.rst | 22 ++++++++++++++++++++-- 2 files changed, 26 insertions(+), 8 deletions(-) diff --git a/pdns/dnsdist-lua-actions.cc b/pdns/dnsdist-lua-actions.cc index ca25b37bd6..2fc71acfa6 100644 --- a/pdns/dnsdist-lua-actions.cc +++ b/pdns/dnsdist-lua-actions.cc @@ -1734,7 +1734,7 @@ public: if (d_qtypes.size() > 0) { clearDNSPacketRecordTypes(dr->getMutableData(), d_qtypes); } - return DNSResponseAction::Action::HeaderModify; + return DNSResponseAction::Action::None; } std::string toString() const override @@ -2260,12 +2260,12 @@ void setupLuaActions(LuaContext& luaCtx) return std::shared_ptr(new LimitTTLResponseAction(0, max)); }); - luaCtx.writeFunction("ClearRecordTypesResponseAction", [](boost::variant>> types) { + luaCtx.writeFunction("ClearRecordTypesResponseAction", [](boost::variant>> types) { std::set qtypes{}; - if (auto t = boost::get(types)) { - qtypes.insert(t); - } else { - const auto& v = boost::get>>(types); + if (types.type() == typeid(int)) { + qtypes.insert(boost::get(types)); + } else if (types.type() == typeid(vector>)) { + const auto& v = boost::get>>(types); for (const auto& tpair: v) { qtypes.insert(tpair.second); } diff --git a/pdns/dnsdistdist/docs/rules-actions.rst b/pdns/dnsdistdist/docs/rules-actions.rst index 582a2505ca..2bcf91ff12 100644 --- a/pdns/dnsdistdist/docs/rules-actions.rst +++ b/pdns/dnsdistdist/docs/rules-actions.rst @@ -816,6 +816,8 @@ Actions :ref:`RulesIntro` need to be combined with an action for them to actually do something with the matched packets. Some actions allow further processing of rules, this is noted in their description. Most of these start with 'Set' with a few exceptions, mostly for logging actions. These exceptions are: + +- :func:`ClearRecordTypesResponseAction` - :func:`KeyValueStoreLookupAction` - :func:`DnstapLogAction` - :func:`DnstapLogResponseAction` @@ -838,11 +840,27 @@ The following actions exist. Let these packets go through. -.. function::ClearRecordTypesResponseAction(types) +.. function:: ClearRecordTypesResponseAction(types) .. versionadded:: 1.8.0 - Removes given type(s) records from the response. + Removes given type(s) records from the response. Beware you can accidentally turn the answer into a NODATA response + without a SOA record in the additional section in which case you may want to use :func:`NegativeAndSOAAction` to generate an answer, + see example bellow. + Subsequent rules are processed after this action. + + .. code-block:: Lua + + -- removes any HTTPS record in the response + addResponseAction( + QNameRule('www.example.com.'), + ClearRecordTypesResponseAction(DNSQType.HTTPS) + ) + -- reply directly with NODATA and a SOA record as we know the answer will be empty + addAction( + AndRule{QNameRule('www.example.com.'), QTypeRule(DNSQType.HTTPS)}, + NegativeAndSOAAction(false, 'example.com.', 3600, 'ns.example.com.', 'postmaster.example.com.', 1, 1800, 900, 604800, 86400) + ) :param int types: a single type or a list of types to remove -- 2.47.2