[Pdns-users] Spoof MX records

Aleksandr Rogozin arogozin at squarespace.com
Fri Dec 14 16:16:26 UTC 2018 

Hi Michael,

You should be able to load the file *(if the list of zones is large enough
and warrants a file)* or initialize array of subzones *(if there are few
zones you want to test)* once, when the process starts and loads the Lua
script. Loading the file on every request would definitely become a
performance issue.

Best Regards,

On Fri, Dec 14, 2018 at 10:50 AM Bit World Computing - Michael Mertel <
michael.mertel at bwc.de> wrote:

> Hi Aleksandr,
>
> ja Lua was the way I’m planning to go. But just wasn’t sure to use dnsdist
> or recursor, but probably does not matter in that case.
>
> Does the file gets loaded for every request with io.open and could this
> become a performance issue in your opinion? All DNS requests from a fairly
> good used mail gateway would be sent to this resolver.
>
> I think I’ll give it a try with dnsdist and see what happens.
>
> Best regards.
>
>
>
> Am 14.12.2018 um 12:55 schrieb Aleksandr Rogozin <arogozin at squarespace.com
> >:
>
> Hi Michael,
>
> I recommend using Lua to intercept the DNS queries. Both dnsdist and
> recursor should be able to support it. In Lua you can check for query type
> to be MX and load a list of domains from a file using ‘io.open’. Provide
> necessary DNS response if the query matches your list of zones.
> Additionally, you might want to limit this operation to specific networks
> with NetMask or NetMaskGroup.
>
>
> On Fri, Dec 14, 2018 at 01:53 Bit World Computing - Michael Mertel <
> michael.mertel at bwc.de> wrote:
>
>> Hi,
>>
>> I’am looking for the most efficent way to spoof the answer of a MX query.
>> I need to redirect outgoing e-mails (specific domains only) to a smtp
>> gateway for further processing before it leaves the local network. I cannot
>> use any kind of transport tables at the MTA, so my approach was to use dns
>> therefore.
>>
>> The number of zones to spoof is currently not defined, could be dozens if
>> not hundreds.
>>
>> I would usually do this kind of stuff with dnsdist (which I love), but
>> would the recursor a better choice here?
>>
>> Thanks for any advice.
>>
>> —Michael
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>>
>
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> https://mailman.powerdns.com/mailman/listinfo/pdns-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20181214/2bbe9409/attachment.html>

More information about the Pdns-users mailing list