1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
Lua actions in rules
====================
:program:`dnsdist` comes with a lot of built-in :doc:`selectors<../reference/selectors>` and :doc:`actions<../reference/actions>`, but it is also
possible to write custom selectors and actions in Lua. Note that Lua is usually slower than built-in options written in C++, although the FFI
and per-thread FFI options can be quite competitive, as explained in :doc:`tuning guide<tuning>`.
To write a custom selector in Lua, one can do:
.. code-block:: lua
function lua_selector(dq)
return dq.qtype == DNSQType.A
end
addAction(LuaRule(lua_selector), DropAction())
And for a custom action:
.. code-block:: lua
function lua_route_tc_to_abuse_pool(dq)
local tc = dq.dh:getTC()
-- The TC (truncated) bit should not be set in a query
if tc then
return DNSAction.Pool, "abuse" -- send to abuse pool
end
-- otherwise we keep processing subsequent rules, if any
return DNSAction.None
end
addAction(AllRule(), LuaAction(lua_route_tc_to_abuse_pool))
If the YAML configuration is used, there are three different ways of calling a Lua function. The first option is to declare the Lua function in
a global Lua file that will loaded before the YAML configuration is parsed. This is done by creating a Lua file with the exact same name as
the YAML configuration one, but with a ``.lua`` extension. See :doc:`../reference/yaml-settings` for more information. For example, creating
a file named ``/etc/dnsdist/dnsdist.lua`` containing:
.. code-block:: lua
function lua_route_tc_to_abuse_pool(dq)
local tc = dq.dh:getTC()
-- The TC (truncated) bit should not be set in a query
if tc then
return DNSAction.Pool, "abuse" -- send to abuse pool
end
-- otherwise we keep processing subsequent rules, if any
return DNSAction.None
end
it is now possible to call this function from the YAML configuration at ``/etc/dnsdist/dnsdist.yml``
.. code-block:: yaml
query_rules:
- name: "route truncated queries for powerdns.com to the abuse pool"
selector:
type: "QNameSet"
qnames:
- "powerdns.com."
action:
type: "Lua"
function_name: "lua_route_tc_to_abuse_pool"
A second option is to declare the Lua code inline in the YAML configuration file, which requires returning a Lua function, which does not need to be named:
.. code-block:: yaml
query_rules:
- name: "route truncated queries for powerdns.com to the abuse pool"
selector:
type: "QNameSet"
qnames:
- "powerdns.com."
action:
type: "Lua"
function_code: |
return function lua_route_tc_to_abuse_pool(dq)
local tc = dq.dh:getTC()
-- The TC (truncated) bit should not be set in a query
if tc then
return DNSAction.Pool, "abuse" -- send to abuse pool
end
-- otherwise we keep processing subsequent rules, if any
return DNSAction.None
end
Finally the third option is to declare the Lua code in a separate file which is referenced from the YAML configuration. The separate file has to return a Lua function, as in the previous case:
.. code-block:: yaml
query_rules:
- name: "route truncated queries for powerdns.com to the abuse pool"
selector:
type: "QNameSet"
qnames:
- "powerdns.com."
action:
type: "Lua"
function_file: "/etc/dnsdist/truncated-to-pool-abuse.lua"
where the ``/etc/dnsdist/truncated-to-pool-abuse.lua`` file contains:
.. code-block:: lua
return function(dq)
local tc = dq.dh:getTC()
-- The TC (truncated) bit should not be set in a query
if tc then
return DNSAction.Pool, "abuse" -- send to abuse pool
end
-- otherwise we keep processing subsequent rules, if any
return DNSAction.None
end
|
