Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Allow NoRecurse for use in dynamic blocks or lua rules #7087

Merged
merged 1 commit into from Nov 20, 2018

Conversation

Projects
None yet
3 participants
@phonedph1
Copy link
Contributor

commented Oct 19, 2018

Short description

We can do NoRecurseAction() but not similar actions within a Lua rule nor as a dynamic block action.

This is potentially silly, please just close if it doesn't make sense to be doing - notably it's somewhat confusing because the query is put into the query ring before actions so it makes things like grepq look a bit weird.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
@rgacogne
Copy link
Member

left a comment

Code looks sane, but I'm not sure how much it makes sense to set RD=0 as a dynblock action? I'm guessing this is to minimize the impact in case of a false positive, so the client still gets an answer as long as it's already in the recursor's cache, but I'm afraid this would still hurt the recursor in case of a real attack. I guess it's doesn't really hurt to have the option, though.

@rgacogne

This comment has been minimized.

Copy link
Member

commented Nov 15, 2018

PR is now conflicted, though :-/

@phonedph1

This comment has been minimized.

Copy link
Contributor Author

commented Nov 15, 2018

Yeah I am not sure it makes much sense, and was considering just closing this. I think a separate PR to set rd=0 as part of the lua actions will still make sense though.

@phonedph1 phonedph1 force-pushed the phonedph1:dynpool branch from e97434d to 3d60b39 Nov 15, 2018

@pieterlexis pieterlexis merged commit 49023c1 into PowerDNS:master Nov 20, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.