[dnsdist] Enhance domain spoofing #3064

Closed
janeczku opened this Issue Dec 18, 2015 · 1 comment

Projects

None yet

3 participants

@janeczku

This is request for enhancing domain spoofing:

  1. SpoofAction should accept a FQDN alternatively to an IPv4 in which case the response would return a CNAME record.
  2. Allow Lua actions to spoof queries programmatically. Currently we can send queries to pools from within a Lua action (return DNSAction.Pool, "abuse"). The same should be possible for the SpoofAction:
function luarule(remote, qname, qtype, dh, len)
        if(qtype==35) -- NAPTR
        then
                return DNSAction.Spoof, "192.168.0.1" -- spoof domain
        else
                return DNSAction.None, ""
        end
end
@janeczku janeczku changed the title from [dnsdist] Allow addDomainSpoof() to return a CNAME record to [dnsdist] Enhance domain spoofing Dec 19, 2015
@pieterlexis pieterlexis added this to the dnsdist-1.0.0 milestone Dec 21, 2015
@rgacogne rgacogne added a commit to rgacogne/pdns that referenced this issue Jan 4, 2016
@rgacogne rgacogne dnsdist: Add sending CNAME in spoofed responses
- Add addDomainCNAMESpoof() and SpoofCNAMEAction()
- Check that we have enough space in the buffer to write the response
- Implement the first part of #3064
7f0f411
@rgacogne rgacogne added a commit to rgacogne/pdns that referenced this issue Jan 5, 2016
@rgacogne rgacogne dnsdist: Add sending CNAME in spoofed responses
- Add addDomainCNAMESpoof() and SpoofCNAMEAction()
- Check that we have enough space in the buffer to write the response
- Implement the first part of #3064
87c605c
@rgacogne rgacogne added a commit to rgacogne/pdns that referenced this issue Jan 15, 2016
@rgacogne rgacogne dnsdist: Implement DNSAction.Spoof. Support IPv6-only SpoofAction
DNSAction.Spoof can be used to return a spoofed response from
a Lua rule. It supports an IPv4 (A), IPv6 (AAAA) or a DNSName
(CNAME).
SpoofAction() can be used IPv6-only, by passing a IPv6 as the
first parameter. It now supports spoofing IPv4-only, IPv6-only,
IPv4 and IPv6, and CNAME.
Closes #3064.
7791f83
@rgacogne rgacogne self-assigned this Jan 15, 2016
@ahupowerdns ahupowerdns closed this in #3241 Jan 15, 2016
@janeczku

@rgacogne good job! 🎉😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment