[Pdns-users] How to efficiently test a list of DNSNames with lua

Daniel Miller dmiller at amfes.com
Sun Nov 11 07:50:34 UTC 2018 

I've had a setup for a while that worked quite well - I don't know if 
it's the *best* way - but I thought it was correct.  I have a single 
physical server with some virtual servers I turn up/down as needed.

pdns-auth on my server provides both my internal lan & external public 
zones - bound to a private & port. pdns-recursor is exposed to the 
Internet and provides services to the LAN via port 53.  The recursor is 
pointed to the auth via forward-zones.

To provide split-horizon type records for public names of LAN hosts to 
LAN clients I've had a simple lua script:

lanDomains = newDS()
lanDomains:add(dofile("/etc/powerdns/lanDomains"))
function preresolve(dq)
     if(dq.qtype==pdns.A and lanDomains:check(dq.qname)) then
         dq:addAnswer(pdns.A,"192.168.0.4")
         return true
     end
     return false
end

and then lanDomains just has

	return{"domain1.com","domain2.com","domain3.com",...}

for each of my public domains that are provided by my internal host - 
all services are on 192.168.0.4.

This works - and I always welcome ideas for improvement but the above 
isn't my question - merely my preamble.

I'm in the process of migrating to another server - and I'm moving 
individual services so both servers will be operational during the 
transition.  What I've come up with is:

function preresolve(dq)
     if(dq.qtype==pdns.A and lanDomains:check(dq.qname)) then
         if(dq.qname:equal("smtp.domain1.com") or dq.qname:equal("imap.domain2.com")) then
             dq:addAnswer(pdns.A,"192.168.0.4")
         else
             dq:addAnswer(pdns.A,"192.168.0.6")
         end
         return true
     end
return false

This works but I don't like it.  But I don't see a method where I can 
have a list similar to my lanDomains file and test against it in one 
operation.  Unless...would the newDS() construct be valid if my file 
"oldServer" contained:

return{"oldhost.smtp.domain.com","oldhost.imap.domain.com",...}

So...would this mean each of the "real" hostnames like "smtp.domain.com" 
would strip the leading bogus name off for the test?  So now instead of 
an extended

     if(dq.qname:equal("oldservice.domain1.com") or dq.qname:equal(...) or ...)

I could simply write

function preresolve(dq)
     if(dq.qtype==pdns.A and lanDomains:check(dq.qname)) then
         if(oldServer:check(dq.qname)) then
             dq:addAnswer(pdns.A,"192.168.0.4")
         else
             dq:addAnswer(pdns.A,"192.168.0.6")
         end
         return true
     end
return false

Would this be a "correct" setup for this process?

-- 
Daniel

More information about the Pdns-users mailing list