Note that calling `addAnyTCRule()` achieves the same thing, without
involving Lua.
+DNSSEC
+------
+To provide DNSSEC service from a separate pool, try:
+```
+newServer{address="2001:888:2000:1d::2", pool="dnssec"}
+newServer{address="2a01:4f8:110:4389::2", pool="dnssec"}
+setDNSSECPool("dnssec")
+topRule()
+```
+
+This routes all queries with a DNSSEC OK (DO) or CD bit set to on to the "dnssec" pool.
+The final `topRule()` command moves this rule to the top, so it gets evaluated first.
+
Inspecting live traffic
-----------------------
This is still much in flux, but for now, try:
* `rmRule(n)`: remove rule n
* `mvRule(from, to)`: move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule,
in which case the rule will be moved to the last position.
+ * Specialist rule generators
+ * addAnyTCRule(): generate TC=1 answers to ANY queries, moving them to TCP
+ * setDNSSECPool(): move queries requesting DNSSEC processing to this pool
* Pool related:
* `addPoolRule(domain, pool)`: send queries to this domain to that pool
* `addPoolRule({domain, domain}, pool)`: send queries to these domains to that pool
[client](boost::variant<string,std::unordered_map<std::string, std::string>> pvars, boost::optional<int> qps)
{
if(client) {
- return shared_ptr<DownstreamState>();
+ return std::make_shared<DownstreamState>(ComboAddress());
}
if(auto address = boost::get<string>(&pvars)) {
auto ret=std::make_shared<DownstreamState>(ComboAddress(*address, 53));
g_rulactions.setState(rules);
});
+ g_lua.writeFunction("topRule", []() {
+ auto rules = g_rulactions.getCopy();
+ if(rules.empty())
+ return;
+ auto subject = *rules.rbegin();
+ rules.erase(std::prev(rules.end()));
+ rules.insert(rules.begin(), subject);
+ g_rulactions.setState(rules);
+ });
g_lua.writeFunction("mvRule", [](unsigned int from, unsigned int to) {
auto rules = g_rulactions.getCopy();
if(from >= rules.size() || to > rules.size()) {
vector<string> words{"showRules()", "shutdown()", "rmRule(", "mvRule(", "addACL(", "addLocal(", "setServerPolicy(", "setServerPolicyLua(",
"newServer(", "rmServer(", "showServers()", "show(", "newDNSName(", "newSuffixMatchNode(", "controlSocket(", "topClients(", "showResponseLatency()",
"newQPSLimiter(", "makeKey()", "setKey(", "testCrypto()", "addAnyTCRule()", "showServerPolicy()", "setACL(", "showACL()", "addDomainBlock(",
- "addPoolRule(", "addQPSLimit(", "topResponses(", "topQueries("};
+ "addPoolRule(", "addQPSLimit(", "topResponses(", "topQueries(", "topRule()", "setDNSSECPool("};
static int s_counter=0;
int counter=0;
if(!state)
xs=newServer{address="2001:888:2000:1d::2", pool="auth"}
newServer{address="2a01:4f8:110:4389::2", pool="auth"}
-
xs:addPool("dnssec")
setDNSSECPool("dnssec")
+topRule()
function splitSetup(servers, remote, qname, qtype, dh)
if(dh:getRD() == false)
projects / thirdparty / pdns.git / commitdiff
