g_lua.writeFunction("setDynBlocksAction", [](DNSAction::Action action) {
if (!g_configurationDone) {
- if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate) {
+ if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate) {
g_dynBlockAction = action;
}
else {
- errlog("Dynamic blocks action can only be Drop, NoOp, Refused or Truncate!");
- g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, Refused or Truncate!\n";
+ errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused or Truncate!");
+ g_outputBuffer="Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused or Truncate!\n";
}
} else {
g_outputBuffer="Dynamic blocks action cannot be altered at runtime!\n";
case DNSAction::Action::NoOp:
/* do nothing */
break;
+
+ case DNSAction::Action::Nxdomain:
+ vinfolog("Query from %s turned into NXDomain because of dynamic block", dq.remote->toStringWithPort());
+ updateBlockStats();
+
+ dq.dh->rcode = RCode::NXDomain;
+ dq.dh->qr=true;
+ return true;
+
case DNSAction::Action::Refused:
vinfolog("Query from %s refused because of dynamic block", dq.remote->toStringWithPort());
updateBlockStats();
dq.dh->rcode = RCode::Refused;
- dq.dh->qr=true;
+ dq.dh->qr = true;
return true;
case DNSAction::Action::Truncate:
case DNSAction::Action::NoOp:
/* do nothing */
break;
+ case DNSAction::Action::Nxdomain:
+ vinfolog("Query from %s for %s turned into NXDomain because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString());
+ updateBlockStats();
+
+ dq.dh->rcode = RCode::NXDomain;
+ dq.dh->qr=true;
+ return true;
case DNSAction::Action::Refused:
vinfolog("Query from %s for %s refused because of dynamic block", dq.remote->toStringWithPort(), dq.qname->toString());
updateBlockStats();
.. function:: setDynBlocksAction(action)
+ .. versionchanged:: 1.3.3
+ ``DNSAction.NXDomain`` action added.
+
Set which action is performed when a query is blocked.
- Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.Refused and DNSAction.Truncate are supported.
+ Only DNSAction.Drop (the default), DNSAction.NoOp, DNSAction.NXDomain, DNSAction.Refused and DNSAction.Truncate are supported.
.. _exceedfuncs:
name = 'qrateactionrefused.dynblocks.tests.powerdns.com.'
self.doTestQRateRCode(name, dns.rcode.REFUSED)
+class TestDynBlockQPSActionNXD(DynBlocksTest):
+
+ _dynBlockQPS = 10
+ _dynBlockPeriod = 2
+ _dynBlockDuration = 5
+ _config_params = ['_dynBlockQPS', '_dynBlockPeriod', '_dynBlockDuration', '_testServerPort']
+ _config_template = """
+ function maintenance()
+ addDynBlocks(exceedQRate(%d, %d), "Exceeded query rate", %d, DNSAction.Nxdomain)
+ end
+ setDynBlocksAction(DNSAction.Drop)
+ newServer{address="127.0.0.1:%s"}
+ """
+
+ def testDynBlocksQRate(self):
+ """
+ Dyn Blocks: QRate NXD (action)
+ """
+ name = 'qrateactionnxd.dynblocks.tests.powerdns.com.'
+ self.doTestQRateRCode(name, dns.rcode.NXDOMAIN)
+
class TestDynBlockGroupQPSActionRefused(DynBlocksTest):
_dynBlockQPS = 10
projects / pdns / commitdiff