-
Notifications
You must be signed in to change notification settings - Fork 917
dnsdist examples
wiki page with dnsdist examples
This repository contains several configurations examples with focus on
- DNS security
- Traffic logging
- Traffic routing rules
In the below example, we support two DoH local Endpoints and we want to send their traffic to two different PowerDNS instances. Using HTTPPathRegexRule we can match them we a specific pool.
New in version 1.4.0
-- DNS over HTTPS
addDOHLocal("127.0.0.1:8053", nil, nil, "/dns-query", { reusePort=true })
addDOHLocal("127.0.0.1:8054", nil, nil, "/ads", { reusePort=true })
-- Filter DNS queries to backend DNS based on endpoint
newServer({address="127.0.0.1:5454", pool="ads"})
addAction(HTTPPathRegexRule("ads"), PoolAction("ads"))
-- fwd queries to:
newServer({address="127.0.0.1:5353"})
a full working example is here.
This lua code will resolve any domain name with an IP in its hostname to its IP. If no IP matches, then dnsdist will response with client's IP address (whatismyip).
-- Import LuaJIT - FFI Library
local ffi = require("ffi")
-- Declare inet_pton
ffi.cdef[[
int inet_pton(int af, const char *src, void *dst);
]]
-- Family IPv4
local AF_INET = 2
local inet = ffi.new("unsigned int [1]")
function luarule(dq)
-- replace dash with dot
ip = string.gsub(dq.qname:toString(), "-", ".")
-- get only digits
ip = string.match(ip, "%d+%.%d+%.%d+%.%d+")
-- if not matched, print whatismyip
if ip == nil then
return DNSAction.Spoof, dq.remoteaddr:tostring()
end
-- Validate IPv4
if ffi.C.inet_pton(AF_INET, ip , inet) == 1 then
return DNSAction.Spoof, ip
else
return DNSAction.Spoof, dq.remoteaddr:tostring()
end
end
addAction(AllRule(), LuaAction(luarule))
Flush all records for a specific zone from dnsdist cache when a NOTIFY packet arrives, also log. Useful if dnsdist used in front of an authoritative server.
-- flush cache for domain, then continue processing
local function onNotifyFlush(dq)
pdnslog("NOTIFY received, flushing cache for "..dq.qname:toString())
getPool("my_pool"):getCache():expungeByName(dq.qname, DNSQType.ANY, true)
return DNSAction.None
end
Send Notify packets to function
-- Flush local cache for zones, then continue processing
addAction(OpcodeRule(DNSOpcode.Notify), LuaAction(onNotifyFlush))
Please also read the PowerDNS Documentation that is available from https://doc.powerdns.com/