dnsdist: Support for redirects in DOH #8133
Provide support for 3xx-style redirects in DOH query responses
Being able to redirect clients to alternate servers would be useful. This could be used for load sharing/shedding, policy implementation, geographic re-location, or any of the typical features that are used in HTTP 3xx responses.
When a specific pathname regexp is requested, there needs to be a method (Lua, probably) that allows for examination of the path, examination of data about the query (IP address, HTTP headers) and then an ability to respond to the query with one of the 3xx responses that are defined by the HTTP specifications, including a custom URL constructed by logic within the dnsdist configuration model.
One specific use case would be JSON-style DNS responses, which could be handled by an external application/server if requested.
Another use case would be to redirect users to a server containing content about the DNS service policies, general contact information, etc. As it stands today, a browser query to port 443 on a DOH-enabled dnsdist server results in a non-user-friendly result.
This also could possibly serve as an ugly stand-in for 4xx style responses, so that error messages would be offloaded to a different server which would provide more useful insight into the reason the HTTPS query failed, while leaving dnsdist unburdened from those object delivery tasks.
This was discussed in chat with Habbie on July 5.
The text was updated successfully, but these errors were encountered:
#8153 is not fully finished yet, there is at least some polishing to do, but it should allow inspection of the query (path, data, headers...) and redirects. It also supports 4xx responses, and should support sending static responses via the