New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request: complete gettag example for lua scripting in recursor #4697
Comments
|
@Habbie I have it enabled in the following state right now, just to get an idea of the input data before adding logic to it: function gettag (remote, ednssubnet, vlocal, qname, qtype)
print("gettag -- remote: "..remote.." - ednssubnet: "..ednssubnet.." - local: "..vlocal.." - qname: "..qname.." - qtype: "..qtype)
return 0
end With the above I am not getting any output in the PDNS logs with a To confirm, does Running PDNS Recursor 4.0.3 |
Also to confirm I do get output in my logs for other Lua functions such as |
Try using |
@Habbie same issue, changed my Next test: a completely isolated setup, strip out most other lua logic, Config (noting this is an isolated development instance, insecure by default):
And my recursor-conf.lua:
And my recursor-query.lua:
Startup logs:
|
Your Lua code triggers several issues with my 4.0.3:
Replacing your
|
@rgacogne my bad - I had that in there for debugging. I can confirm that your Note I am using LuaJIT here, when compiling PDNS Recursor using Now that I have a working |
You need |
I would like to renew the example order with gettag. I also miss examples. In my case, I use postresolve with packetcache disabled, to be able to change domain IPs after resolution. But the performance is horrible. I read reports that the way is to migrate to gettag + packetcache but I can't find a reference and examples of how to achieve it. |
I agree that a You can use the packet cache with Lua hook that modify the answers if the answers are modified in the same way always (e.g. independent of time or of the client asking the question). |
@omoerbeek Thanks a lot for the quick response. In a presentation by Ber Hubert entitled "Implementing safe browsing cost-effectively 'Performance trick: implement gettag() which determines user/domain status and then relies on the packet cache' It says this within an apparent context of per-user filtering. Could you help me understand this better? Any tips on which documentation I should follow? I really wanted to figure out a way to even need to change the response based on rules per user, get the benefit of packetcache. I currently use dnsdist + recursor. My intercept and change in Lua is in the Recursor. |
The documentation here is relatively complete, but the example script does not utilise
gettag
at all.Struggling to find any other examples online also, have trawled through the source code and cannot pinpoint why my
gettag
calls are not being fired exactly.Would love to see the example script above augmented to include gettag for completeness, thanks.
The text was updated successfully, but these errors were encountered: