[Pdns-users] Recursor LUA - trigger additional lookups

Radoslaw Kamil Ejsmont radoslaw at ejsmont.net
Mon Feb 12 17:34:00 UTC 2018 

Dear Pieter,

Thanks a lot! You were super helpful!


Best,

Radek

-- 
Radoslaw Kamil Ejsmont, Ph.D.
http://radoslaw.ejsmont.net <http://radoslaw.ejsmont.net/>

> On 12 Feb 2018, at 18:23, Pieter Lexis <pieter.lexis at powerdns.com> wrote:
> 
> Hi Radosław,
> 
> Pushing this back to the mailing-list, please send further replies there
> as well.
> 
> On Mon, 12 Feb 2018 18:00:43 +0100
> Radosław Ejsmont <radoslaw at ejsmont.net> wrote:
> 
>>> On 12 Feb 2018, at 17:43, Pieter Lexis <pieter.lexis at powerdns.com> wrote:
>>> 
>>> On Mon, 12 Feb 2018 11:32:11 +0100
>>> Radoslaw Kamil Ejsmont <radoslaw at ejsmont.net> wrote:
>>> 
>>>> My goal is to successfully resolve AAAA only for hosts that are IPv6 only and serve A only to dual-stack hosts.  
>>> 
>>> To be honest, your goal makes no sense from a networking perspective.
>>> When you dual-stack some hosts, your IPv6 network should be up for it.
>>> Faking IPv6 unavailability is a bad 'migration' strategy. It will also
>>> break dual-stack hosts that do DNSSEC validation.  
>> 
>> DNSSEC is blocked by provider anyway. They do not provide it through their servers and block use on any other DNS servers anyway. I wish I could use full dual-stack but with terribly slow tunnel that gives any IPv6 connectivity and a need to connect to IPv6-only hosts (cloud servers) while retaining good performance (bandwidth-wise) of the network (streaming for example) I am running out of options here :( and there is literally no provider that could wire me up to native v6 around :(
> 
> Ouch, that is painful! I was under the impression that these things did
> not happen anymore in the wild.
> 
> If you known the (sub) domains that need this special processing, you
> could simplify your life by adding them to a DNSSuffixMatchGroup[1] and
> if the domain name in the AAAA query is not matched in this group, send
> a NODATA response to let the client retry with A.
> 
> This solution would be more cleaner than a blanket 'do another lookup
> to see if I like the answer'.
> 
>>> If you really want to continue on this path, I recommend getting a Lua
>>> DNS library and doing an A query and see if you like the answer
>>> before returning something to the client. In the current Lua
>>> infrastructure in the Recursor, there is no way to re-inject a query
>>> into the recursor from Lua.  
>> 
>> Did not know pdns Lua interpreter supports external libraries! How do you load them?
> 
> Just like any other Lua module, install the rock and use `require`[2]
> 
> Best regards,
> 
> Pieter
> 
> 1 - https://doc.powerdns.com/recursor/lua-scripting/dnsname.html#dns-suffix-match-groups
> 2 - http://lua-users.org/wiki/ModulesTutorial
> 
> 
> -- 
> Pieter Lexis
> PowerDNS.COM BV -- https://www.powerdns.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20180212/41daf689/attachment-0001.html>

More information about the Pdns-users mailing list