interoperability, and strive to turn this functionality into a broadly
supported standard.
-To enable this feature, either set 'enable-lua-record' in the configuration,
-or set the 'ENABLE-LUA-RECORD' per-zone metadata item to 1.
+To enable this feature, either set 'enable-lua-records' in the configuration,
+or set the 'ENABLE-LUA-RECORDS' per-zone metadata item to 1.
In addition, to benefit from the geographical features, make sure the PowerDNS
launch statement includes the ``geoip`` backend.
-- Enable Lua records for the zone (if not enabled globally)
INSERT INTO domainmetadata (domain_id, kind, content)
- VALUES (1, 'ENABLE-LUA-RECORD', 1);
+ VALUES (1, 'ENABLE-LUA-RECORDS', 1);
-- Create a pickClosest() Lua A record.
-- Double single quotes are used to escape single quotes in both MySQL and PostgreSQL
600
);
-The above queries create a zone ``example.com``, enable Lua records for the zone using ``ENABLE-LUA-RECORD``,
+The above queries create a zone ``example.com``, enable Lua records for the zone using ``ENABLE-LUA-RECORDS``,
and finally insert a LUA A record for the ``www`` subdomain using the previous pickclosest example.
See `Details & Security`_ for more information about enabling Lua records, and the risks involved.
actual Lua snippet.
LUA records can have TTL settings, and these will be honoured. In addition,
-LUA record output can be DNSSEC signed like any other record, but see below
+LUA records output can be DNSSEC signed like any other record, but see below
for further details.
More powerful example
they do not need to see.
A non-supporting DNS server will also serve a zone with LUA records, but
-they will not function, and will in fact leak the contents of the LUA record.
+they will not function, and will in fact leak the content of the LUA records.
.. note::
Under NO circumstances serve LUA records from zones from untrusted sources!
the signing key must be available on the server creating answers based on
LUA records.
-Note that to protect operators, support for the LUA record must be enabled
-explicitly, either globally (``enable-lua-record``) or per zone
-(``ENABLE-LUA-RECORD`` = 1).
+Note that to protect operators, support for LUA records must be enabled
+explicitly, either globally (``enable-lua-records``) or per zone
+(``ENABLE-LUA-RECORDS`` = 1).
Reference
---------
.. note::
The systemd unit file supplied with the source code already disables timestamp printing
-.. _setting-lua-record-exec-limit:
+.. _setting-lua-records-exec-limit:
-``lua-record-exec-limit``
+``lua-records-exec-limit``
-----------------------------
- Integer
- Default: 1000
-Limit LUA record scripts to ``lua-record-exec-limit`` instructions.
+Limit LUA records scripts to ``lua-records-exec-limit`` instructions.
Setting this to any value less than or equal to 0 will set no limit.
.. _setting-non-local-bind:
::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
#ifdef HAVE_LUA_RECORDS
- ::arg().setSwitch("enable-lua-record", "Process LUA record for all zones (metadata overrides this)")="no";
- ::arg().set("lua-record-exec-limit", "LUA record scripts execution limit (instructions count). Values <= 0 mean no limit")="1000";
+ ::arg().setSwitch("enable-lua-records", "Process LUA records for all zones (metadata overrides this)")="no";
+ ::arg().set("lua-records-exec-limit", "LUA records scripts execution limit (instructions count). Values <= 0 mean no limit")="1000";
#endif
::arg().setSwitch("axfr-lower-serial", "Also AXFR a zone from a master with a lower serial")="no";
g_anyToTcp = ::arg().mustDo("any-to-tcp");
g_8bitDNS = ::arg().mustDo("8bit-dns");
#ifdef HAVE_LUA_RECORDS
- g_doLuaRecord = ::arg().mustDo("enable-lua-record");
- g_luaRecordExecLimit = ::arg().asNum("lua-record-exec-limit");
+ g_doLuaRecord = ::arg().mustDo("enable-lua-records");
+ g_luaRecordExecLimit = ::arg().asNum("lua-records-exec-limit");
#endif
DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
bool doLua=g_doLuaRecord;
if(!doLua) {
string val;
- d_dk.getFromMeta(sd.qname, "ENABLE-LUA-RECORD", val);
+ d_dk.getFromMeta(sd.qname, "ENABLE-LUA-RECORDS", val);
doLua = (val=="1");
}
#endif
#ifdef HAVE_LUA_RECORDS
if(!doLua) {
string val;
- d_dk.getFromMeta(sd.qname, "ENABLE-LUA-RECORD", val);
+ d_dk.getFromMeta(sd.qname, "ENABLE-LUA-RECORDS", val);
doLua = (val=="1");
}
#endif