* Modify query to clear the RD or CD bit
* Add the source MAC address to the query (MacAddrAction)
* Skip the cache, if any
+ * Log query content to a remote server (RemoteLogAction)
+
+Current response actions are:
+
+ * Log response content to a remote server (RemoteLogResponseAction)
Rules can be added via:
* addQPSLimit(DNS rule, qps limit)
* addQPSPoolRule(DNS rule, qps limit, destination pool)
+Response rules can be added via:
+
+ * addResponseAction(DNS rule, DNS Response Action)
+
A DNS rule can be:
* an AllRule
* `QPSPoolAction(maxqps, poolname)`: set the packet into the specified pool only if it **does not** exceed the specified QPS limits, letting the subsequent rules apply otherwise
* `QPSAction(rule, maxqps)`: drop these packets if the QPS limits are exceeded
* `RCodeAction(rcode)`: reply immediatly by turning the query into a response with the specified rcode
+ * `RemoteLogAction(RemoteLogger)`: send the content of this query to a remote logger via Protocol Buffer
+ * `RemoteLogResponseAction(RemoteLogger)`: send the content of this response to a remote logger via Protocol Buffer
* `SkipCacheAction()`: don't lookup the cache for this query, don't store the answer
* `SpoofAction(ip[, ip])` or `SpoofAction({ip, ip, ..}): forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in
* `SpoofCNAMEAction(cname)`: forge a response with the specified CNAME value
* `generateDNSCryptCertificate("/path/to/providerPrivate.key", "/path/to/resolver.cert", "/path/to/resolver.key", serial, validFrom, validUntil):` generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key
* `printDNSCryptProviderFingerprint("/path/to/providerPublic.key")`: display the fingerprint of the provided resolver public key
* `showDNSCryptBinds():`: display the currently configured DNSCrypt binds
+ * RemoteLogger related:
+ * `newRemoteLogger(address:port)`: create a Remote Logger object, to use with `RemoteLogAction()` and `RemoteLogResponseAction()`
All hooks
---------
"addDisableValidationRule(", "addDNSCryptBind(", "addDomainBlock(",
"addDomainSpoof(", "addDynBlocks(", "addLocal(", "addLuaAction(",
"addNoRecurseRule(", "addPoolRule(", "addQPSLimit(", "addQPSPoolRule(",
+ "addResponseAction(",
"AllowAction(", "AllRule(", "AndRule(",
"benchRule(",
"carbonServer(", "controlSocket(", "clearDynBlocks()",
"getServer(", "getServers()", "grepq(",
"leastOutstanding", "LogAction(",
"makeKey()", "MaxQPSIPRule(", "MaxQPSRule(", "mvRule(",
- "newDNSName(", "newQPSLimiter(", "newServer(", "newServerPolicy(",
- "newSuffixMatchNode(", "NoRecurseAction(",
+ "newDNSName(", "newQPSLimiter(", "newRemoteLogger(", "newServer(",
+ "newServerPolicy(", "newSuffixMatchNode(", "NoRecurseAction(",
"PoolAction(", "printDNSCryptProviderFingerprint(",
- "RegexRule(", "rmRule(", "rmServer(", "roundrobin",
+ "RegexRule(", "RemoteLogAction(", "RemoteLogResponseAction(", "rmRule(",
+ "rmServer(", "roundrobin",
"QTypeRule(",
"setACL(", "setDNSSECPool(", "setECSOverride(",
"setECSSourcePrefixV4(", "setECSSourcePrefixV6(", "setKey(", "setLocal(",
projects / pdns / commitdiff