[Pdns-users] Recursor LUA - trigger additional lookups
Pieter Lexis
pieter.lexis at powerdns.com
Mon Feb 12 16:43:26 UTC 2018
Hi Radoslaw,
On Mon, 12 Feb 2018 11:32:11 +0100
Radoslaw Kamil Ejsmont <radoslaw at ejsmont.net> wrote:
> I have a question regarding recursor LUA scripting. I would like to block AAAA replies for hosts that also have A records. Is that possible with current LUA framework?
>
> My idea was to write a postresolve hook that would check if `dq.qtype == pdns.AAAA` and the perform an A lookup. If A lookup is successful, it would remove `AAAA` answer and add the `A` answer. I could not find a way though to trigger an additional lookup. I also found no way to trigger more lookups with `preresolve`. Do you guys have any hints?
This won't work, as the QType is AAAA, any client on the other end would
just disregard the A record in the return packet.
> My goal is to successfully resolve AAAA only for hosts that are IPv6 only and serve A only to dual-stack hosts.
To be honest, your goal makes no sense from a networking perspective.
When you dual-stack some hosts, your IPv6 network should be up for it.
Faking IPv6 unavailability is a bad 'migration' strategy. It will also
break dual-stack hosts that do DNSSEC validation.
If you really want to continue on this path, I recommend getting a Lua
DNS library and doing an A query and see if you like the answer
before returning something to the client. In the current Lua
infrastructure in the Recursor, there is no way to re-inject a query
into the recursor from Lua.
Best regards,
Pieter
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users
mailing list