-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support templates in static-responder #367
base: master
Are you sure you want to change the base?
Conversation
Full config[resolvers.cloudflare]
protocol = "dot"
address = "1.1.1.1"
[groups.rebind]
type = "static-responder"
question = '^(\d+)-(\d+)-(\d+)-(\d+)\.rebind\.$'
answer = ["IN A $1.$2.$3.$4"]
[groups.blocklist-resolver]
type = "static-responder"
question = '^(.+)\.$'
answer = [ "IN A 0.0.0.0" ]
edns0-ede = { code = 15, text = "IP $1 is in the blocklist" }
[groups.blocklist]
type = "response-blocklist-ip"
resolvers = [ "cloudflare" ]
blocklist-resolver = "blocklist-resolver"
blocklist = [ "93.184.216.34" ] # example.com
[routers.router]
routes = [
{ resolver = "rebind", name = '\.rebind\.$' },
{ resolver = "blocklist", name = '^example\.com\.$' },
{ resolver = "cloudflare" }
]
[listeners.udp]
protocol = "udp"
address = ":5300"
resolver = "router"
[listeners.tcp]
protocol = "tcp"
address = ":5300"
resolver = "router" First part seems to work:
Second part is almost correct but doesn't work how I need it to:
The question should ideally be context-aware, Edit: Actually now that I'm thinking about it, it should not strictly be the query name but rather the "reason" why the group got called, e.g. if [groups.blocklist-resolver-ip]
type = "static-responder"
question = '.+'
edns0-ede = { code = 15, text = "IP $0 is in the blocklist" }
[groups.blocklist-resolver-domain]
type = "static-responder"
question = '^(.+)\.$'
edns0-ede = { code = 15, text = "Domain $1 is in the blocklist" }
[groups.blocklist-ip]
type = "response-blocklist-ip"
blocklist-resolver = "blocklist-resolver-ip"
blocklist = [ "93.184.216.34" ]
[groups.blocklist-domain]
type = "blocklist-v2"
blocklist-resolver = "blocklist-resolver-domain"
blocklist-format = "domain"
blocklist = [ "example.com" ] P.S. Also you should probably get rid of that warning at some point (it's probably very low on your todo list). |
It's not possible to pass information about where a query came from to a group, that's by design. Based on your example though, perhaps adding something like |
The warning should be fixed now too |
I think that's a good compromise 👍 |
#373 adds |
Any news on this? I've been using this branch for 4 months now and the first part works great. Maybe you should split this up so the second part can be merged later. The only things that I can say about the first part is that |
I was thinking of closing this in favor of #378. It's already on master. Does that work for your use-case? I imagine it being a bit cleaner than the regex as well |
The Go template format is really unfamiliar to me but after a bit of experimentation it seems to work for my use case: [listeners.udp]
protocol = "udp"
address = ":5300"
resolver = "static"
[groups.static]
type = "static-template"
answer = [
'{{ .Question }} {{ .QuestionClass }} {{ .QuestionType }} {{ replaceAll ( index ( split .Question "." ) 0 ) "-" "." }}'
] $ dig -p 5300 +noall +answer 1-2-3-4.rebind
1-2-3-4.rebind. 3600 IN A 1.2.3.4 How is the second part coming along though? I still want to use "reason" in |
EDE is actually supported as well, I just didn't have anything in the docs for it yet. Added an example. And I also included your example since it may be useful to others. Try this [groups.static]
type = "static-template"
edns0-ede = {code = 15, text = '{{ .Question }} is banned!'} |
Yeah but this is "question" - I want the "reason": [groups.blocklist-resolver]
type = "static-template"
edns0-ede = { code = 15, text = '"{{ .Reason }}" is banned!' }
[groups.blocklist-ip]
type = "response-blocklist-ip"
blocklist-resolver = "blocklist-resolver"
blocklist = [ "93.184.215.14" ] # example.com
[groups.blocklist-v2]
type = "blocklist-v2"
blocklist-resolver = "blocklist-resolver"
blocklist = [ '(^|\.)example\.org\.$' ] Such that
while
Because what's the point of returning the question to the user? The user already knows the question. |
Unable to test this right now, but you would use the EDE on the blocklist itself for this. Though I don't believe the template has access to the raw blocklist rule that matched (yet). That could be added which would also cover the response blocklist. [groups.blocklist-v2]
type = "blocklist-v2"
blocklist-resolver = "blocklist-resolver"
blocklist = [ '(^|\.)example\.org\.$' ]
edns0-ede = { code = 15, text = '"{{ .Question }}" is banned!' } |
Yeah. |
Adds support for passing a regex that's applied to the question string and can then be used to customize the answers from a static-responder like so
Implements #366