Unable to filter Domains - Recursor 4.x behind dnsdist

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Unable to filter Domains - Recursor 4.x behind dnsdist

JohnD13
This post was updated on .
Hello,

I am running an alpha release of Recursor 4.x for the domain filtering option.  After configuring the lua scripts I was able to test a successfull query from the Recursor Local Host by adding it into the IP Filters file.  However,  when I try from my remote host the filter does not work. I am running the Recursor behind dnsdist with "useclientsubnet" directive enabled.  I confirmed the LB is sending OPT packed with the EDNS client subnet embedded into the DNS Query.

I suspect Lua is not parsing this data properly and parsing all traffic from the IP source being that of the Load Balancer.  Should I be using a "getEDNSOption" to explicitly tell the Lua script to look for the EDNS client subnet in order to properly match my filters?

Any help is greatly appreciated!

Builds:

dnsdist v1.x from Master Branch
https://github.com/PowerDNS/pdns

pdns Recursor v 4.x from builds
https://builder.powerdns.com/#/builders/50/builds/442


Here is a snippet of my action script:

adservers=newDS()
adservers:add(dofile("/etc/lua/blocklist-advertising.lua"))

filterset=newCAS()
filterset:add(dofile("/etc/lua/filtercustomers.lua"))

function preresolve(dq)

    if(not adservers:check(dq.qname) or (dq.qtype ~= pdns.A and dq.qtype ~= pdns.AAAA)) then
        return false
    end

    dq.variable=true
    if(not filterset:check(dq.remoteaddr)) then
        return false
    end

    dq:addRecord(pdns.SOA,
        "fake."..dq.qname:toString().." fake."..dq.qname:toString().." 1 7200 900 1209600 86400",
        2)
    return true
end