<div dir="auto"><br><div class="gmail_quote gmail_quote_container" dir="auto"><div dir="ltr" class="gmail_attr"><br></div><br><div dir="ltr"><p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US">Hello
all,</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> </p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US">After
upgrading from dns-recursor 4.8.x -> 5.2.0 I noticed this happened:</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> </p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US">Recursor
4.9.x changelog (4.9.0-alpha1 Improvements):</p>
<p style="margin-top:0pt;margin-bottom:7pt;font-size:12pt"><span style="font-family:Calibri;color:rgb(51,51,51);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial" lang="en-US">"</span><span style="font-family:inherit;color:rgb(51,51,51);background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial" lang="en-FI">Change
the way RD=0 forwarded queries are handled.<br>
References: </span><a href="https://github.com/PowerDNS/pdns/pull/12425" target="_blank" rel="noreferrer"><span style="font-family:inherit;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial" lang="en-FI">pull request 12425</span></a><span style="font-family:Calibri;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial" lang="en-US">"</span></p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri" lang="en-US"><span style="font-size:12pt;background-image:initial;background-position:initial;background-size:initial;background-repeat:initial;background-origin:initial;background-clip:initial">Related PR: </span><a href="https://github.com/PowerDNS/pdns/pull/12594" target="_blank" rel="noreferrer"><span style="font-size:11pt">https://github.com/PowerDNS/pdns/pull/12594</span></a></p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US">I am using a setup in a custom environment where dnsdist is taking
in queries and routing them through a pdns recursor which is forwarding the queries to pdns authoritative dns server. The recursor in between is doing forwarding to auth
server and is responsible of mangling the returned DNS record data that the
authoritative server returns. This so called "mangling" is done because
on some cases I need to alter the NAPTR response depending the orginal source of the query. A sort of dns view if one would like to use that kind of name for this behaviour.</p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US">Client side DNS component (which behaviour I can't unfortunately
change) is always sending the query with RD bit set to "0" towards dnsdist ip and
therefore after dnsdist has routed the query to the recursor, the 5.2.0 recursor is now refusing to forward the queries to
authoritative servers (REFUSED is returned). This was working on the pdns
recursor 4.8.x. Now that I need that mangling in between dnsdist and auth
servers (at least for the time being), what would be the options to achieve
this after the 5.2.0 recursor upgrade on this kind of setup?</p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US">Observations / thoughts on different options:</p>
<ul type="disc" style="direction:ltr;unicode-bidi:embed;margin-top:0in;margin-bottom:0in">
<li style="vertical-align:middle;margin-top:0pt;margin-bottom:7pt" lang="en-US"><span style="font-family:Calibri;font-size:11pt">Dnsdist does not seem to support the same kind of postresolve lua
like the recursor component (=Altering returned NAPTR content with
regexp. There is an example at the end of my mail). I have not succeeded in making it behave the same way. Also the
dirty trick of making the dnsdist to force RD from 0 to 1 is off the table
I think (for allowing the recursor to recurse to auth servers after
dnsdist). This would be kind of a hack if even possible?</span></li>
<li style="vertical-align:middle;margin-top:0pt;margin-bottom:7pt" lang="en-US"><span style="font-family:Calibri;font-size:11pt">Im under the impression that Pdns authoritative server (what I
use here as auth) is not either
capable of doing this kind of mangling for the returned NAPTR records.
Please correct me if I'm wrong with this.</span></li>
<li style="vertical-align:middle;margin-top:0pt;margin-bottom:7pt" lang="en-US"><span style="font-family:Calibri;font-size:11pt">On recursor config there is this new parameter
"allow-no-rd" which was introduced in 5.0.0 but to use this in
an effective way I should be having all the auth server data in the
recursors internal cache and then after the response, do the mangling as
before with the lua magic? Having to sync the data from auth servers to the recursors
cache seems quite weird but if someone has thoughts on this, Im all ears.</span></li>
</ul>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US"> </p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US">For the mangling of the NAPTR I'm doing this kind of thing on the recursor now (which I would hope to preserve somehow):</p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US"> <span style="font-size:11pt">function
postresolve(dq)</span></p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> local records = dq:getRecords()</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> local modified = false</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> for k, v in pairs(records) do</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> if v.type == pdns.NAPTR and
string.find(v:getContent(), "foo.bar") then</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> local originalContent =
v:getContent()</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> local one, two, three =
string.match(v:getContent(), "(.*)@(.*)bar(.*)")</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> if one and two and three then</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> v:changeContent(one ..
"@newfoo.bar" .. three)</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> modified = true</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> end</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> originalContent = v:getContent()</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> end</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> end</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> if modified then</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> dq:setRecords(records)</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> end</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> return true</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US">End</p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"> </p><p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US"><br></p>
<p style="margin:0in;font-family:Calibri;font-size:11pt" lang="en-US">Cheers,</p>
<p style="margin-top:0pt;margin-bottom:7pt;font-family:Calibri;font-size:11pt" lang="en-US">OA</p></div>
</div></div>