[Pdns-users] Recursor LUA - trigger additional lookups
Pieter Lexis
pieter.lexis at powerdns.com
Mon Feb 12 17:23:06 UTC 2018
Hi Radosław,
Pushing this back to the mailing-list, please send further replies there
as well.
On Mon, 12 Feb 2018 18:00:43 +0100
Radosław Ejsmont <radoslaw at ejsmont.net> wrote:
> > On 12 Feb 2018, at 17:43, Pieter Lexis <pieter.lexis at powerdns.com> wrote:
> >
> > On Mon, 12 Feb 2018 11:32:11 +0100
> > Radoslaw Kamil Ejsmont <radoslaw at ejsmont.net> wrote:
> >
> >> My goal is to successfully resolve AAAA only for hosts that are IPv6 only and serve A only to dual-stack hosts.
> >
> > To be honest, your goal makes no sense from a networking perspective.
> > When you dual-stack some hosts, your IPv6 network should be up for it.
> > Faking IPv6 unavailability is a bad 'migration' strategy. It will also
> > break dual-stack hosts that do DNSSEC validation.
>
> DNSSEC is blocked by provider anyway. They do not provide it through their servers and block use on any other DNS servers anyway. I wish I could use full dual-stack but with terribly slow tunnel that gives any IPv6 connectivity and a need to connect to IPv6-only hosts (cloud servers) while retaining good performance (bandwidth-wise) of the network (streaming for example) I am running out of options here :( and there is literally no provider that could wire me up to native v6 around :(
Ouch, that is painful! I was under the impression that these things did
not happen anymore in the wild.
If you known the (sub) domains that need this special processing, you
could simplify your life by adding them to a DNSSuffixMatchGroup[1] and
if the domain name in the AAAA query is not matched in this group, send
a NODATA response to let the client retry with A.
This solution would be more cleaner than a blanket 'do another lookup
to see if I like the answer'.
> > If you really want to continue on this path, I recommend getting a Lua
> > DNS library and doing an A query and see if you like the answer
> > before returning something to the client. In the current Lua
> > infrastructure in the Recursor, there is no way to re-inject a query
> > into the recursor from Lua.
>
> Did not know pdns Lua interpreter supports external libraries! How do you load them?
Just like any other Lua module, install the rock and use `require`[2]
Best regards,
Pieter
1 - https://doc.powerdns.com/recursor/lua-scripting/dnsname.html#dns-suffix-match-groups
2 - http://lua-users.org/wiki/ModulesTutorial
--
Pieter Lexis
PowerDNS.COM BV -- https://www.powerdns.com
More information about the Pdns-users
mailing list