On Wed, Oct 30, 2024 at 01:18:08PM +0000, Djerk Geurts wrote:
> On 30 Oct 2024, at 07:30, Otto Moerbeek <o...@drijf.net> wrote:
> >
> > On Tue, Oct 29, 2024 at 10:14:29PM +0000, Djerk Geurts via Pdns-users wrote:
> >
> >> Hi all,
> >>
> >> Is there a way to return NXDOMAIn instead of a valid response?
> >>
> >> test IN LUA CNAME
> >> "view({{{'10.0.0.0/16'},{‘ns0.internal.domain.com.'}},{{'0.0.0.0/0'},{''}}})”
> >>
> >> I would like to return NXDOMAIN instead of SERVFAIL for sources outside
> >> 10.0/16.
> >>
> >> Thanks,
> >> Djerk Geurts
> >
> > I don't think NXDOMAIN responses are possible from Lua records.
>
> I saw a request on GitHub for this from a while ago, so if it could be added,
> that would be great.
>
> > I guess a NODATA (rcode NOERROR + empty answer section) is the closest you
> > can come.
> >
> > views do not like empty response sets, but this worked for me to get a
> > a NODATA:
> >
> > test.example 10 IN LUA A "; if (0==1) then return
> > {'1.2.3.4'} else return {} end"
> >
> > Maybe you can work from this.
> >
> > -Otto
>
> That’s helpful, but I’ll need to work out how to combine the two. `view()`
> takes all text literally so `return{}` doesn’t yield NODATA.
>
> Equally I don’t know how to test for a source address in the if statement.
> https://doc.powerdns.com/authoritative/lua-records/ only gives examples for
> `if(continent`, but this article has some interesting LUA records:
> https://blog.powerdns.com/2017/12/15/powerdns-authoritative-lua-records
>
> I tried this, but it’s not working:
>
> "if(netmask({'10.0.0.0/16'})) then return {’true.domain.com.'} else return
> {‘false.domain.com'} end"
This works here:
test.example 10 IN LUA A "; nmg = newNMG();
nmg:addMask('10.0.0.0/8'); if nmg:match(who) then return {'1.2.3.4'} else
return {} end"
-Otto
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
