Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
dnsdist: Allow NoRecurse for use in dynamic blocks or lua rules #7087
We can do NoRecurseAction() but not similar actions within a Lua rule nor as a dynamic block action.
This is potentially silly, please just close if it doesn't make sense to be doing - notably it's somewhat confusing because the query is put into the query ring before actions so it makes things like grepq look a bit weird.
rgacogne left a comment
Code looks sane, but I'm not sure how much it makes sense to set RD=0 as a dynblock action? I'm guessing this is to minimize the impact in case of a false positive, so the client still gets an answer as long as it's already in the recursor's cache, but I'm afraid this would still hurt the recursor in case of a real attack. I guess it's doesn't really hurt to have the option, though.