<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">On 6 Jun 2022, at 11:17, Brian Candler <<a href="mailto:b.candler@pobox.com" class="">b.candler@pobox.com</a>> wrote:<br class=""><div><blockquote type="cite" class=""><br class="Apple-interchange-newline"><div class="">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" class="">
<div class="">
<div class="moz-cite-prefix">On 06/06/2022 10:52, Djerk Geurts via
Pdns-users wrote:<br class="">
</div>
<blockquote type="cite" cite="mid:75CB79E5-DB13-4DFE-A256-B5B679840F6E@maizymoo.com" class=""><font class="" face="Courier New">Jun 06 11:28:29 <a href="http://host.example.com/" class="" moz-do-not-send="true">host.example.com</a>
pdns_server[3559402]: Fatal error: Trying to set unknown setting
'lua-dns-script’</font></blockquote><p class="">"lua-dns-script" is not a valid setting for pdns authoritative
server. See:</p><p class=""><a class="moz-txt-link-freetext" href="https://doc.powerdns.com/authoritative/settings.html">https://doc.powerdns.com/authoritative/settings.html</a></p><p class=""><a class="moz-txt-link-freetext" href="https://doc.powerdns.com/authoritative/lua-records/index.html">https://doc.powerdns.com/authoritative/lua-records/index.html</a></p></div></div></blockquote>Thank you, yeah that’s what I’ve found. Just making sure I absolutely hadn’t missed something obvious.<br class=""><blockquote type="cite" class=""><div class=""><div class=""><p class="">It's not clear what you're trying to do when catching NXDOMAIN
responses, but having a wildcard LUA record might achieve it.</p></div></div></blockquote>We’re using wildcard records for ENUM resolution but have found that adding a more specific record next to a wildcard means that the more specific ‘subdomain’ breaks neighbouring records as they no longer match the wildcard. One option is to add child wildcards, but for us this means adding 3 extra wildcards for thousands of specific records. So I’m trying to catch these NXDOMAIN replies and replace them with a CNAME for a parent record (which hopefully will result in a query that is resolved by the wildcard record.<div class=""><br class=""></div><div class="">Maybe if I add some examples:</div><div class=""><br class=""></div><div class="">1.2.3.4.5.6.e164.arpa. NAPTR “some text with sip call routing info: AAA”</div><div class="">*.4.5.6.e164.arpa. NAPTR “some different sip call routing info: BBB”</div><div class=""><br class=""></div><div class="">A query for 9.9.9.4.5.6.e164.arpa. will result in BBB</div><div class="">A query for <span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">1.2.3.4.5.6.e164.arpa. yields AAA</span></div><div class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">A query for 3</span><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">.3.3.4.5.6.e164.arpa. yields NXDOMAIN</span></div><div class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br class=""></span></div><div class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class="">The above is all according to RFC and expected PowerDNS behaviour.</span></div><div class=""><span style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0);" class=""><br class=""></span></div><div class=""><font color="#000000" class="">I’m hoping the following Lua will help change the effective behaviour to what we need it to be. In our case ENUM records are 12 fields long and the defined zones are 9 fields long:</font></div><div class=""><font color="#000000" class=""><br class=""></font></div><div class=""><font color="#000000" class=""><div class=""><font face="Courier New" class="">function nxdomain(dq)</font></div><div class=""><font face="Courier New" class=""> dquery = dq.qname:toString()</font></div><div class=""><font face="Courier New" class=""> pdnslog("nxdomain called for: "..dq.qname:toString())</font></div><div class=""><font face="Courier New" class=""> if dq.qtype == pdns.NAPTR then</font></div><div class=""><font face="Courier New" class=""> pdnslog("Search parent wildcard record")</font></div><div class=""><font face="Courier New" class=""> if dquery:countLabels() == 12 then</font></div><div class=""><font face="Courier New" class=""> dquery = dquery:chopOff()</font></div><div class=""><font face="Courier New" class=""> end</font></div><div class=""><font face="Courier New" class=""> if dquery:countLabels() > 9 then</font></div><div class=""><font face="Courier New" class=""> dquery = dquery:chopOff()</font></div><div class=""><font face="Courier New" class=""> end</font></div><div class=""><font face="Courier New" class=""> pdnslog("Returning CNAME for: "..dquery)</font></div><div class=""><font face="Courier New" class=""> dq.AddAnswer(pdns.CNAME, "*."..dquery)</font></div><div class=""><font face="Courier New" class=""> dq.rcode = 0 -- make it a normal answer</font></div><div class=""><font face="Courier New" class=""> dq.followupFunction = "followCNAMERecords"</font></div><div class=""><font face="Courier New" class=""> return true</font></div><div class=""><font face="Courier New" class=""> end</font></div><div class=""><font face="Courier New" class=""> return false</font></div><div class=""><font face="Courier New" class="">end</font></div><div class=""><br class=""></div><div class="">What I still need to test is if this script actually works and what will happen if the followupFunction also returns NXDOMAIN, if it hit the Lua script again then nothing else is needed, else I’ll need to add more logic to keep going with a chopOff() until the zone’s ‘root' wildcard record is found.</div></font></div><blockquote type="cite" class=""><div class=""><div class=""><p class="">Otherwise, as you suggested yourself, dnsdist is very powerful.
(You definitely don't want to use a recursor as your authoritative
server though)<br class="">
</p>
</div>
</div></blockquote></div>Great, I’ll add dnsdist and apply the Lua script there. Thank you!<br class=""><div class=""><font color="#000000" class=""><span style="caret-color: rgb(0, 0, 0);" class=""><div class=""><br class=""></div><div class="">Thanks,</div><div class="">Djerk</div></span></font></div></body></html>