[Pdns-dev] Lua script to run when DNS entry IS found
michael.fielding at read4sure.com
Sun Oct 24 11:54:20 CEST 2010
On 23 Oct 2010, at 11:46, bert hubert wrote:
> On Sat, Oct 23, 2010 at 10:32:33AM +0100, Michael Fielding wrote:
>> I would like to invert the status of the DNS database, to create a
>> blacklist: for anything NOT in the DNS database, a constant entry is
>> returned; for anything IN the database, NXDOMAIN is returned.
> I'm a bit confused - the Lua script is in the PowerDNS Recursor,
> which does
> not have a database.
Sorry, I'm the one who's confused - I missed that reading the
>> The nxdomain script function will be called when an entry is NOT
>> found, and I could return what I need. But is it possible to
>> intercept any *resolved* request and override to return NXDOMAIN?
>> (Alternatively, use a preresolve function and check try to resolve
>> in the script itself.)
> Right now, this is not possible, but the Lua scripts will be
> enhanced very
> shortly with a number of new hooks. One of these will allow you to
> any answer, and even change the question.
> If you could elaborate a bit more, we could make sure that the new
> do what you need.
Thank you. I want to be able to provide a DNS-based whitelist and a
corresponding DNS-based blacklist (operating like DNSBL and DNSWL).
The whitelist is easy to implement using the Authoritative Server,
backed by a database. The blacklist must use the same database, but
respond to an A-record query by providing 127.0.0.2 for anything NOT
in the whitelist, for a certain TLD e.g. .local, and must return
NXDOMAIN for anything in the whitelist.
For the core functions I don't think I need the Recursor, just the
Authoritative Server. Do your scripting enhancement plans include
hooks for that? Otherwise, it sounds like the enhancements you mention
would allow me to achieve what I need using the Recursor as a kind of
script-able front end, configured with forward-zones to the
Authoritative Server. If I'm right?
More information about the Pdns-dev