[dnsdist] Editing TTLs for spoofed responses
Holger Hoffstätte
holger at applied-asynchrony.com
Sun Nov 22 10:50:21 UTC 2020
Hi,
I'm successfully increasing the minimum TTL for NOERROR responses with unreasonably
small values:
local function checkTTL(dnsResponse)
if dnsResponse.rcode == DNSRCode.NOERROR then
dnsResponse:editTTLs(minTTL)
end
return DNSResponseAction.None
end
and registering this function via:
addResponseAction(AllRule(), LuaResponseAction(checkTTL))
This works fine for values returned from upstream servers, but not for
hosts returned via SpoofAction, which consistently default to 60 seconds.
Are SpoofedActions not routed through the regular request/response loop?
If they are, how can I intercept them?
Sorry if this is a dumb question - I'm certain I'm doing something wrong,
I just don't know what it is.. :)
Thanks,
Holger
More information about the dnsdist
mailing list