From: Seth Ornstein Date: Fri, 30 Jun 2017 18:41:18 +0000 (-0400) Subject: Changes requested by Bert Hubert and Remi Gacogne of dnsdist X-Git-Tag: dnsdist-1.2.0~39^2~6 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e6956c91dfa02353a5d41d5d0b7f33762f10536b;p=pdns Changes requested by Bert Hubert and Remi Gacogne of dnsdist --- diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc index e67eeef7f..e1ccacb2d 100644 --- a/pdns/dnsdist-lua.cc +++ b/pdns/dnsdist-lua.cc @@ -1586,47 +1586,56 @@ vector> setupLua(bool client, const std::string& confi } }); - - // -------------------------------------------------------------------------- - // GCA - Seth Ornstein added lua callable functions - 6/2/2017 - // DNSQuestion - setTag, setTagArray, getTagMatch, getTagArray - g_lua.registerFunction("setTag", [](DNSQuestion& dq, const std::string& strLabel, const std::string& strValue) { - dq.qTag.add(strLabel, strValue); + if(dq.qTag == NULL) + { + dq.qTag = std::shared_ptr(new QTag); + } + dq.qTag->add(strLabel, strValue); }); g_lua.registerFunction>)>("setTagArray", [](DNSQuestion& dq, const vector>&tags) { - setLuaSideEffect(); + if(dq.qTag == NULL) + { + dq.qTag = std::shared_ptr(new QTag); + } for (const auto& tag : tags) { - dq.qTag.add(tag.first, tag.second); + dq.qTag->add(tag.first, tag.second); } + }); g_lua.registerFunction("getTagMatch", [](const DNSQuestion& dq, const std::string& strLabel) { - std::string strValue = dq.qTag.getMatch(strLabel); - return(strValue); + std::string strValue; + if(dq.qTag != NULL) + { + strValue = dq.qTag->getMatch(strLabel); + } + return strValue; }); g_lua.registerFunction(DNSQuestion::*)(void)>("getTagArray", [](const DNSQuestion& dq) { - setLuaNoSideEffect(); - - return dq.qTag.tagData; + if(dq.qTag != NULL) + { + return dq.qTag->tagData; + } + else + { + std::unordered_map XX; + return(XX); + } }); -// -------------------------------------------------------------------------- - - - /* DNSQuestion bindings */ /* PowerDNS DNSQuestion compat */ diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc index c00272c95..6d8e9af89 100644 --- a/pdns/dnsdist-lua2.cc +++ b/pdns/dnsdist-lua2.cc @@ -831,57 +831,45 @@ void moreLua(bool client) #endif }); + g_lua.registerFunction("setTag", [](DNSDistProtoBufMessage& message, const std::string& strValue) { -// -------------------------------------------------------------------------- -// GCA - Seth Ornstein added lua callable functions - 6/2/2017 -// DNSDistProtoBufMessage - setTag, setTagArray, setProtobufResponseType, setProtobufResponseTypeQT - - g_lua.registerFunction("setTag", [](DNSDistProtoBufMessage& message, const std::string& strLabel, const std::string& strValue) { - - setLuaSideEffect(); - - message.addTags(strLabel, strValue); // add a tag to store text - not used by dnsdist normally + message.addTag(strValue); }); + g_lua.registerFunction>)>("setTagArray", [](DNSDistProtoBufMessage& message, const vector>&tags) { - g_lua.registerFunction>)>("setTagArray", [](DNSDistProtoBufMessage& message, const vector>&tags) { - - setLuaSideEffect(); for (const auto& tag : tags) { - message.addTags(tag.first, tag.second); // add a tag to store text - not used by dnsdist normally + message.addTag(tag.second); } }); + g_lua.registerFunction sec, boost::optional uSec)>("setProtobufResponseType", + [](DNSDistProtoBufMessage& message, boost::optional sec, boost::optional uSec) { - // setProtobufResponseType - no timestamp - g_lua.registerFunction("setProtobufResponseType", [](DNSDistProtoBufMessage& message, const std::string& strQueryName) { - - message.setType(DNSProtoBufMessage::Response); // set protobuf type to be response - not query + message.setType(DNSProtoBufMessage::Response); - message.setQueryTime(0, 0); // seconds and microseconds + message.setQueryTime(sec?*sec:0, uSec?*uSec:0); - message.addRRs(strQueryName); // add a RR to the response }); - // setProtobufResponseTypeQT - with query time as function parameter - g_lua.registerFunction("setProtobufResponseTypeTS", [](DNSDistProtoBufMessage& message, const std::string& strQueryName, time_t sec, uint uSec) { + g_lua.registerFunction> )>("setProtobufResponseRR", [](DNSDistProtoBufMessage& message, + const std::string& strQueryName, uint uType, uint uClass, uint uTTL, const vector>& blobData) { - message.setType(DNSProtoBufMessage::Response); // set protobuf type to be response - not query + size_t blobSize = blobData.size(); -#ifdef TRASH - struct timespec ts; // set protobuf query time - lua can't do microsec - gettime(&ts, true); - message.setQueryTime(ts.tv_sec, ts.tv_nsec / 1000); -#endif - message.setQueryTime(sec, uSec); // seconds and microseconds + unique_ptr ptrBlob (new uint8_t(blobSize)); - message.addRRs(strQueryName); // add a RR to the response - }); + int jj=0; + for (const auto& blob : blobData) + { + ptrBlob[jj++] = blob.second; + } + message.addRR(strQueryName, uType, uClass, uTTL, ptrBlob.get(), blobSize); -// -------------------------------------------------------------------------- + }); g_lua.registerFunction("setEDNSSubnet", [](DNSDistProtoBufMessage& message, const Netmask& subnet) { message.setEDNSSubnet(subnet); }); diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh index e59908bca..85832ebbe 100644 --- a/pdns/dnsdist.hh +++ b/pdns/dnsdist.hh @@ -38,13 +38,8 @@ #include "gettime.hh" #include "dnsdist-dynbpf.hh" #include "bpf-filter.hh" - -// ---------------------------------------------------------------------------- -// GCA - Seth Ornstein - 5/30/2017 - for new extra class in DNSQuestion struct - #include #include -// ---------------------------------------------------------------------------- #ifdef HAVE_PROTOBUF @@ -60,44 +55,27 @@ extern uint16_t g_ECSSourcePrefixV6; extern bool g_ECSOverride; - -// ---------------------------------------------------------------------------- -// GCA - Seth Ornstein - 5/30/2017 - new extra class in DNSQuestion struct - class QTag { public: -// ---------------------------------------------------------------------------- -// constructor -// ---------------------------------------------------------------------------- QTag() { } -// ---------------------------------------------------------------------------- -// destructor - verify for debugging that it is called as this is how tags become freed -// ---------------------------------------------------------------------------- ~QTag() { } -// ---------------------------------------------------------------------------- -// add() - add a label and value to the tags -// ---------------------------------------------------------------------------- bool add(std::string strLabel, std::string strValue) { bool bStatus = true; tagData.insert( {strLabel, strValue}); -// tagData[strLabel] = strValue; - return(bStatus); + return(bStatus); } -// ---------------------------------------------------------------------------- -// getMatch() - return the matching tag value -// ---------------------------------------------------------------------------- std::string getMatch(const std::string& strLabel) const { @@ -112,69 +90,58 @@ std::string getMatch(const std::string& strLabel) const } } - -// ---------------------------------------------------------------------------- -// getEntry() - return the specified tag entry -// ---------------------------------------------------------------------------- -std::string getEntry(int iEntry) const +std::string getEntry(size_t iEntry) const { std::string strEntry; -int iCounter = 0; +size_t iCounter = 0; + - std::unordered_map::const_iterator itr; - for (itr =tagData.begin(); itr != tagData.end(); itr++) + for (const auto& itr : tagData) { iCounter++; if(iCounter == iEntry) { - strEntry = itr->first; + strEntry = itr.first; strEntry += strSep; - strEntry += itr->second; + strEntry += itr.second; break; } } + return(strEntry); } -// ---------------------------------------------------------------------------- -// count() - return number of tag entries -// ---------------------------------------------------------------------------- -int count() const +size_t count() const { return(tagData.size()); } -// ---------------------------------------------------------------------------- -// dumpString() - return string with all the tag entries -// ---------------------------------------------------------------------------- std::string dumpString() const { std::string strRet; - std::unordered_map::const_iterator itr; - for (itr =tagData.begin(); itr != tagData.end(); itr++) - { - strRet += itr->first; + + for (const auto& itr : tagData) + { + strRet += itr.first; strRet += strSep; - strRet += itr->second; + strRet += itr.second; strRet += "\n"; } return(strRet); + + } public: - std::unordered_maptagData; // try this public.... + std::unordered_maptagData; private: - const char *strSep = "\t"; // separation character + const char *strSep = "\t"; }; -// ---------------------------------------------------------------------------- -// ---------------------------------------------------------------------------- - - struct DNSQuestion { @@ -188,6 +155,7 @@ struct DNSQuestion const uint16_t qclass; const ComboAddress* local; const ComboAddress* remote; + std::shared_ptr qTag; struct dnsheader* dh; size_t size; uint16_t len; @@ -196,7 +164,7 @@ struct DNSQuestion bool skipCache{false}; bool ecsOverride; bool useECS{true}; - QTag qTag; // GCA - Seth Ornstein - extra class for tags 5/30/2017 + }; struct DNSResponse : DNSQuestion diff --git a/pdns/protobuf.cc b/pdns/protobuf.cc index 76dca48ea..47f02cb64 100644 --- a/pdns/protobuf.cc +++ b/pdns/protobuf.cc @@ -97,11 +97,7 @@ void DNSProtoBufMessage::setEDNSSubnet(const Netmask& subnet, uint8_t mask) #endif /* HAVE_PROTOBUF */ } -// ---------------------------------------------------------------------------- -// GCA - Seth Ornstein - 5/30/2017 - extra protobuf information -// ---------------------------------------------------------------------------- - -void DNSProtoBufMessage::addTags(const std::string& strLabel, const std::string& strValue) +void DNSProtoBufMessage::addTag(const std::string& strValue) { #ifdef HAVE_PROTOBUF @@ -109,17 +105,12 @@ void DNSProtoBufMessage::addTags(const std::string& strLabel, const std::string& if (!response) return; - std::string strTag; - strTag = strLabel; - strTag += ","; // comma separator between label and value - strTag += strValue; - - response->add_tags(strTag); + response->add_tags(strValue); #endif /* HAVE_PROTOBUF */ } -void DNSProtoBufMessage::addRRs(const std::string& strName) +void DNSProtoBufMessage::addRR(const std::string& strName, uint32_t uType, uint32_t uClass, uint32_t uTTL, const uint8_t *ptrBlob, size_t uBlobLen) { #ifdef HAVE_PROTOBUF @@ -131,22 +122,14 @@ void DNSProtoBufMessage::addRRs(const std::string& strName) if (rr) { string blob; rr->set_name(strName.c_str()); - rr->set_type(1); - rr->set_class_(1); - rr->set_ttl(123); - char cTemp[4]; - cTemp[0] = 127; - cTemp[1] = 0; - cTemp[2] = 0; - cTemp[3] = 1; - rr->set_rdata(cTemp, 4); + rr->set_type(uType); + rr->set_class_(uClass); + rr->set_ttl(uTTL); + rr->set_rdata(ptrBlob, uBlobLen); } #endif /* HAVE_PROTOBUF */ } -// ---------------------------------------------------------------------------- - - void DNSProtoBufMessage::addRRsFromPacket(const char* packet, const size_t len, bool includeCNAME) { diff --git a/pdns/protobuf.hh b/pdns/protobuf.hh index 02385d1c7..b31a5a45b 100644 --- a/pdns/protobuf.hh +++ b/pdns/protobuf.hh @@ -70,16 +70,8 @@ public: void setResponder(const ComboAddress& responder); void setRequestorId(const std::string& requestorId); std::string toDebugString() const; - -// ---------------------------------------------------------------------------- -// GCA - Seth Ornstein - Extra protobuf information - 5/30/2017 -// ---------------------------------------------------------------------------- - - void addTags(const std::string& strLabel, const std::string& strValue); - void addRRs(const std::string& strName); - -// ---------------------------------------------------------------------------- - + void addTag(const std::string& strValue); + void addRR(const std::string& strName, uint32_t utype, uint32_t uClass, uint32_t uTTl, const uint8_t *ptrBlob, size_t uBlobLen); #ifdef HAVE_PROTOBUF DNSProtoBufMessage(DNSProtoBufMessage::DNSProtoBufMessageType type, const boost::uuids::uuid& uuid, const ComboAddress* requestor, const ComboAddress* responder, const DNSName& domain, int qtype, uint16_t qclass, uint16_t qid, bool isTCP, size_t bytes); diff --git a/regression-tests.dnsdist/test_ProtobufTag.py b/regression-tests.dnsdist/test_ProtobufTag.py index 976cecf37..bb743a632 100644 --- a/regression-tests.dnsdist/test_ProtobufTag.py +++ b/regression-tests.dnsdist/test_ProtobufTag.py @@ -30,23 +30,26 @@ class TestProtobuf(DNSDistTest): end protobuf:setRequestor(requestor) - local tableTags = {} - tableTags["TestLabel2"] = "TestData2" - tableTags["TestLabel1"] = "TestData1" + local tableTags = {} + table.insert(tableTags, "TestLabel1,TestData1") + table.insert(tableTags, "TestLabel2,TestData2") + + -- tableTags["TestLabel2"] = "TestData2" +-- tableTags["TestLabel1"] = "TestData1" protobuf:setTagArray(tableTags) -- setTagArray - protobuf:setTag('TestLabel3', 'TestData3') -- setTag + protobuf:setTag('TestLabel3,TestData3') -- setTag - protobuf:setTag("Response", "456") -- setTag + protobuf:setTag("Response,456") -- setTag else local tableTags = {} -- called by testProtobuf() - tableTags["TestLabel2"] = "TestData2" - tableTags["TestLabel1"] = "TestData1" + table.insert(tableTags, "TestLabel1,TestData1") + table.insert(tableTags, "TestLabel2,TestData2") protobuf:setTagArray(tableTags) -- setTagArray - protobuf:setTag('TestLabel3', 'TestData3') -- setTag + protobuf:setTag('TestLabel3,TestData3') -- setTag - protobuf:setTag("Response", "456") -- setTag + protobuf:setTag("Response,456") -- setTag end end @@ -63,35 +66,43 @@ class TestProtobuf(DNSDistTest): local tableTags = {} -- declare table tableTags = dq:getTagArray() -- get table from DNSQuery - protobuf:setTagArray(tableTags) -- store table in protobuf - protobuf:setTag("Query", "123") -- add another tag entry in protobuf + local tablePB = {} + for k, v in pairs( tableTags) do + table.insert(tablePB, k .. "," .. v) + end + + protobuf:setTagArray(tablePB) -- store table in protobuf + protobuf:setTag("Query,123") -- add another tag entry in protobuf protobuf:setResponseCode(dnsdist.NXDOMAIN) -- set protobuf response code to be NXDOMAIN local strReqName = dq.qname:toString() -- get request dns name - protobuf:setProtobufResponseType(strReqName) -- set protobuf to look like a response and not a query + protobuf:setProtobufResponseType() -- set protobuf to look like a response and not a query, with 0 default time + + blobData={0x7F, 0x00, 0x00, 0x01} -- 127.0.0.1 + protobuf:setProtobufResponseRR(strReqName, 1, 1, 123, blobData) -- set protobuf to have a RR else + local tableTags = {} -- called by testProtobuf() - tableTags["TestLabel2"] = "TestData2" - tableTags["TestLabel1"] = "TestData1" + table.insert(tableTags, "TestLabel1,TestData1") + table.insert(tableTags, "TestLabel2,TestData2") + protobuf:setTagArray(tableTags) -- setTagArray - protobuf:setTag('TestLabel3', 'TestData3') -- setTag - protobuf:setTag("Query", "123") -- setTag + protobuf:setTag('TestLabel3,TestData3') -- setTag + protobuf:setTag("Query,123") -- setTag end end function alterLuaFirst(dq) -- called when dnsdist receives new request - - local tt = {} - tt["TestLabel2"] = "TestData2" + local tt = {} tt["TestLabel1"] = "TestData1" + tt["TestLabel2"] = "TestData2" - dq:setTagArray(tt) -- setTagArray - - dq:setTag('TestLabel3', 'TestData3') -- setTag + dq:setTagArray(tt) --setTagArray + dq:setTag("TestLabel3","TestData3") -- setTag return DNSAction.None, "" -- continue to the next rule end @@ -203,6 +214,7 @@ class TestProtobuf(DNSDistTest): testList = [u"TestLabel1,TestData1", u"TestLabel2,TestData2", u"TestLabel3,TestData3", u"Query,123"] listx = set(msg.response.tags) ^ set(testList) # only differences will be in new list + self.assertEqual(len(listx), 0, "Lists don't match up in Protobuf Query") # exclusive or of lists should be empty def checkProtobufResponse(self, msg, protocol, response, initiator='127.0.0.1'): @@ -263,6 +275,7 @@ class TestProtobuf(DNSDistTest): # check the protobuf message corresponding to the UDP query msg = self.getFirstProtobufMessage() + self.checkProtobufQuery(msg, dnsmessage_pb2.PBDNSMessage.UDP, query, dns.rdataclass.IN, dns.rdatatype.A, name) # check the protobuf message corresponding to the UDP response @@ -306,7 +319,6 @@ class TestProtobuf(DNSDistTest): """ Protobuf: Check that the Lua callback rewrote the initiator """ - name = 'lua.protobuf.tests.powerdns.com.' query = dns.message.make_query(name, 'A', 'IN') response = dns.message.make_response(query) @@ -317,6 +329,7 @@ class TestProtobuf(DNSDistTest): '127.0.0.1') response.answer.append(rrset) + (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) self.assertTrue(receivedQuery) @@ -324,7 +337,8 @@ class TestProtobuf(DNSDistTest): receivedQuery.id = query.id self.assertEquals(query, receivedQuery) self.assertEquals(response, receivedResponse) - + + # let the protobuf messages the time to get there time.sleep(1) diff --git a/zzz-gca-example/build-dnsdist2.sh b/zzz-gca-example/build-dnsdist2.sh deleted file mode 100755 index 279b530da..000000000 --- a/zzz-gca-example/build-dnsdist2.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -e -echo "" -echo "from: http://dnsdist.org/download/" -echo "" -echo "clone from: git clone https://github.com/PowerDNS/pdns.git" -echo "--or from our copy--" -echo "https://github.com/GlobalCyberAlliance/pdns.git" -echo "" - -echo "cd ../pdns/dnsdistdist" -echo "" -cd ../pdns/dnsdistdist -echo "" -echo "autoreconf -i" -echo "" -autoreconf -i -echo "" -echo "NOTE: configure with libsodium enabled to allow cache test to succeed - Seth - Global Cyber Alliance" -echo "./configure --enable-libsodium" -./configure --enable-libsodium -echo "" -echo "do a \"make clean\" incase this is not the first time through" -echo "" -make clean -echo "" -echo "now do a make" -echo "" -echo "make" -echo "" -make -echo "" -echo "test out the cache code" -echo "" -cd "../../regression-tests.dnsdist" -echo "" -echo "test_Caching" -DNSDISTBIN=../pdns/dnsdistdist/dnsdist ./runtests test_Caching -echo "" -echo "test_CacheHitResponses" -DNSDISTBIN=../pdns/dnsdistdist/dnsdist ./runtests test_CacheHitResponses -echo "" -echo "you can now do \"make install\" if desired." -echo "" -echo "finished" - - - diff --git a/zzz-gca-example/dig-test-nocookie.sh b/zzz-gca-example/dig-test-nocookie.sh deleted file mode 100755 index b5f88fae7..000000000 --- a/zzz-gca-example/dig-test-nocookie.sh +++ /dev/null @@ -1,4 +0,0 @@ -echo "test dnsdist with nocookie option to allow cache hits" -echo "dig @127.0.0.1 -p 5200 +nocookie google.com" -echo "" -dig @127.0.0.1 -p 5200 +nocookie google.com diff --git a/zzz-gca-example/dig-test-rpz.sh b/zzz-gca-example/dig-test-rpz.sh deleted file mode 100755 index 0c1188b5d..000000000 --- a/zzz-gca-example/dig-test-rpz.sh +++ /dev/null @@ -1,4 +0,0 @@ -echo "test dnsdist with rpz bad entry" -echo "dig @127.0.0.1 -p 5200 1jw2mr4fmky.net" -echo "" -dig @127.0.0.1 -p 5200 1jw2mr4fmky.net diff --git a/zzz-gca-example/dnsdist-Lua additions-June_7_2017.abw b/zzz-gca-example/dnsdist-Lua additions-June_7_2017.abw deleted file mode 100644 index 6ddc68ed7..000000000 --- a/zzz-gca-example/dnsdist-Lua additions-June_7_2017.abw +++ /dev/null @@ -1,212 +0,0 @@ - - - - - - - - - - - -Wed Jun 7 15:14:33 2017 - -AbiWord -SethO -Wed Jun 7 11:06:40 2017 - -application/x-abiword - - - - - - - - - - -
-

Proposed new Lua commands for DNSDIST

-

June 7, 2017

-

Seth Ornstein

-

Global Cyber Alliance

-

sornstein@globalcyberalliance.org

-

-

-

To obtain a copy of the source for the modified DNSDIST version:

-

-

git clone -b dnsdist-mod2 https://github.com/GlobalCyberAlliance/pdns.git

-

-

Example scripts and configuration file are located in: pdns/zzz-gca-examples

-

-

-

Lua additional functions that act on the DNSQuestion parameter dq.

-

-

They are expected to be used inside of a Lua function that is setup for use in the dnsdist configuration file by the addLuaAction function. They are used to store text label and value pairs in the DNSQuestion dq and accessed by the DNSResponse Lua functions below.

-

-

To store a text label and value pair in the DNSQuestion:

-

-

dq:setTag(“LabelText”, “ValueText”)

-

-

To store values as a table in the DNSQuestion structure:

-

-

dq:setTagArray(exampleTable)

-

-

-

Lua additional functions that act on the DNSResponse parameter dr.

-

-

These are expected to be located inside of a Lua function that is setup for use in the dnsdist configuration file by the RemoteLogAction function as the “alterFunction”. They are used to obtain the text label and value pairs that were stored in the DNSQuestion Lua functions above.

-

-

To read matching value from DNSQuestion structure:

-

-

dr:getTagMatch(“LabelText”)

-

-

To read text values as an array from DNSQuestion structure:

-

-

dr:getTagArray()

-

-

-

-

-

-

-

-

Lua additional functions that act on the DNSDistProtoBufMessage parameter pbMsg.

-

-

These are expected to be located inside of a Lua function that is setup for use in the dnsdist configuration file by the RemoteLogAction function as the “alterFunction”. They are used to modify the protobuf message that is being sent to the protobuf server.

-

-

To store text values in the protobuf “tags” field:

-

-

pbMsg:setTag(“LabelText”, “ValueText”)

-

-

To store text values as a table in protobuf tag fields

-

-

pbMsg:setTagArray(exampleTable)

-

-

-

To change the protobuf message from a ‘query’ to a ‘response’.

-

The variable is the dns name the client requested to be looked up.

-

A zero is inserted in the ‘query time’ protobuf field.

-

-

pbMsg:setProtobufResponseType(“example.com”)

-

-

-

To change the protobuf message from a ‘query’ to a ‘response’ and set ‘query time’.

-

The variable is the dns name the client requested to be looked up.

-

The second variable is the query time in seconds.

-

The third variable is the fractional micro-seconds.

-

-

pbMsg:setProtobufResponseTypeQT(“example.com”, os.time(), 123456)

-

-

Building the modified dnsdist with the new Lua functions:

-

-

1. Open a console in pdns/zzz-gca-examples and run ./build-dnsdist2.sh

-

This builds dnsdist with libsodium enabled for cache testing.

-

-

-

Running the test scripts:

-

-

1. Open a console in pdns/zzz-gca-examples and run ./protobuf-server2.sh

-

-

2. Open a console in pdns/zzz-gca-examples and run ./dnsdist2.sh

-

-

3. Open a console in pdns/zzz-gca-examples and run ./dig-test-rpz.sh

-

-

4. Verify that the protobuf server console shows a response with tags indicating RPZ.

-

-

5. Open a console in pdns/zzz-gca-examples and run ./dig-test-nocookie.sh

-

-

6. Verify that the protobuf server console shows a response with tags indicating FWD.

-

-

7. Run ./dig-test-nocookie.sh a second time.

-

-

8. Verify that the protobuf server console shows a response with tags indicating CACHE.

-

-

-

-

-

-

Protobuf server sample output:

-

-

Note that the unused “Tags” protobuf field now has the entries passed by the pbMsg:setTag and pbMsg:setTagArray functions. The tag data is separated by commas and the order is label followed by value for each ‘Tag’ in the protobuf ‘Tags’ field. The values in the protobuf ‘Tags’ field were set by the pbMsg:setTagArray function in luaLogBL in dnsdist.conf

-

-

-

Typical response from the protobuf server from a RPZ ‘hit’ :

-

-

Note that since this protobuf was originally a ‘query’ and not a ‘response’ due to dnsdist’s treatment of returning a NXDOMAIN response to the client without having examined the cache or forwarded the request to a DNS server. Also since the function pbMsg:setProtobufResponseType was used the ‘Query time’ field has the zero time.

-

-

[2017-06-07 12:11:45.745800] Response of size 56: 127.0.0.1 -> 127.0.0.1 (UDP), id: 15891, uuid: dc7c809436b74bc48b7dc07b49f3831d

-

- Question: 1, 1, 1jw2mr4fmky.net.

-

- Query time: 1969-12-31 19:00:00.0

-

- Response Code: 3, RRs: 1, Tags: lua-time,12:11:45-06/07/17,Test1,One Two Three,lua-ver,Lua 5.1,Test2,Four Five Six,Trans,RPZ,RPZ-Info,reject-example,From,127.0.0.1:56144,TCP,false

-

- 1, 1, 1jw2mr4fmky.net., 123, 127.0.0.1

-

-

-

Typical response from the protobuf server from a forwarded message:

-

-

Note that the protobuf ‘Tags’ field has the label ‘Trans’ and the value ‘FWD’, which was set using the pbMsg:setTagArray function in luaLogForward in dnsdist.conf.

-

-

[2017-06-07 12:12:50.409444] Response of size 87: 127.0.0.1 -> 127.0.0.1 (UDP), id: 52616, uuid: 3ec48935be3846609cc175136693608f

-

- Question: 1, 1, google.com.

-

- Query time: 2017-06-07 12:12:50.390094

-

- Response Code: 0, RRs: 3, Tags: Trans,FWD

-

- 1, 1, google.com., 299, 216.58.217.78

-

- 1, 1, google.com., 299, 216.58.217.78

-

- 1, 1, google.com., 299, 216.58.217.78

-

-

-

Typical response from the protobuf server from a cache message:

-

-

Note that the protobuf ‘Tags’ field has the label ‘Trans’ and the value ‘CACHE’, which was set using the pbMsg:setTagArray function in luaLogForward in dnsdist.conf.

-

-

[2017-06-07 12:12:55.598121] Response of size 87: 127.0.0.1 -> 127.0.0.1 (UDP), id: 29215, uuid: d16852328b394d49ac0519fd7a2b6a25

-

- Question: 1, 1, google.com.

-

- Query time: 2017-06-07 12:12:55.598087

-

- Response Code: 0, RRs: 3, Tags: Trans,CACHE

-

- 1, 1, google.com., 294, 216.58.217.78

-

- 1, 1, google.com., 294, 216.58.217.78

-

- 1, 1, google.com., 294, 216.58.217.78

-

-

-

-

Additional scripts:

-

-

make-dnsdist.sh - make script for dnsdist

-

-

dnsdist-check-config.sh - quick checking of dnsdist.conf configuration file.

-

-

dnsdist2-debug.sh - run dnsdist with configuration file with debugging statements.

-

-

dnsdist-debug.conf - configuration file for use with dnsdist2-debug.sh

-

Note that you need to set lines 20 to 25 to true to enable the text debugging.

-

-

-

Source code files modified in DNSDIST:

-

-

-

dnsdist-lua.cc

-

-

dnsdist-lua2.cc

-

-

dnsdist.hh

-

-

protobuf.cc

-

-

protobuf.hh

-

-

-

To locate the modified source code search for the words Seth or GCA

-

-

ie. grep -i Seth * or grep -i GCA *

-

-

-

-

-

-

-
-
-

-
- diff --git a/zzz-gca-example/dnsdist-Lua additions-June_7_2017.pdf b/zzz-gca-example/dnsdist-Lua additions-June_7_2017.pdf deleted file mode 100644 index fa63dbf1f..000000000 Binary files a/zzz-gca-example/dnsdist-Lua additions-June_7_2017.pdf and /dev/null differ diff --git a/zzz-gca-example/dnsdist-check-config.sh b/zzz-gca-example/dnsdist-check-config.sh deleted file mode 100755 index f33fbe9b9..000000000 --- a/zzz-gca-example/dnsdist-check-config.sh +++ /dev/null @@ -1,17 +0,0 @@ -echo "dnsdist-check-config.sh - check dnsdist config file" -echo "" -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -SLASH="/" -CFG_FILE="dnsdist.conf" -CONFIG_FILE=$DIR$SLASH$CFG_FILE -echo "current directory: " $DIR -echo "" -echo "configuration file: " $CONFIG_FILE -echo "" -echo "cd ../pdns/dnsdistdist" -echo "" -cd ../pdns/dnsdistdist -echo "" -./dnsdist --config=$CONFIG_FILE --check-config -echo "" - diff --git a/zzz-gca-example/dnsdist-debug.conf b/zzz-gca-example/dnsdist-debug.conf deleted file mode 100644 index a4bfe800b..000000000 --- a/zzz-gca-example/dnsdist-debug.conf +++ /dev/null @@ -1,378 +0,0 @@ --- ----------------------------------------------------------------------------------------------- --- dnsdist2.conf --- Seth Ornstein - sornstein@globalcyberalliance.org --- 6/7/2017 --- for use in testing out new Lua commands for dnsdist --- git clone -b dnsdist-mod2 https://github.com/GlobalCyberAlliance/pdns.git --- ----------------------------------------------------------------------------------------------- - - warnlog(string.format("Script starting ----------------- %s ", "dnsdist2.conf")) - - warnlog(string.format("Script starting ----------------- %s ", os.date("%X-%x"))) - - warnlog(string.format("Script starting ----------------- Lua Version: %s - (should be 5.1)", _VERSION)) - - - - strTestDns1 = "1jw2mr4fmky.net" -- test #1 dns lookup name - (reject) - - maintCounter = 0 -- maintainance counter - - bDebugCheckBL = false -- true if debugging luaCheckBL - bDebugLogBL = false -- true if debugging luaLogBL - bDebugLogForward = false -- true if debugging luaLogForward - bDebugLogCache = false -- true if debugging luaLogCache - bDebugRetNXDOMAIN = false -- true if debugging luaRetNXDOMAIN - - - --- ----------------------------------------------------------------------------------------------- - --- ----------------------------------------------------------------------------------------------- --- setup servers to use - warnlog(string.format("Script starting ----------------- %s ", "*** setup servers to use ***")) --- ----------------------------------------------------------------------------------------------- - ---newServer({address="64.6.64.6:53", name="Verisign_1", pool="masterpool"}) -- verisign dns server #1 ---newServer({address="64.6.65.6:53", name="Verisign_2", pool="masterpool"}) -- verisign dns server #2 -newServer({address="8.8.8.8:53", name="Google_1", pool="masterpool"}) -- google dns server #1 -newServer({address="8.8.4.4:53", name="Google_2", pool="masterpool"}) -- google dns server #2 ---newServer({address="208.67.222.222:53", name="Opendns_1", pool="masterpool"}) -- opendns dns server #1 ---newServer({address="208.67.220.220:53", name="Opendns_2", pool="masterpool"}) -- opendns dns server #2 - - --- ----------------------------------------------------------------------------------------------- --- set up the cache --- 10000 -> maximum number of entries stored in the cache (required) --- 86400 -> maximum lifetime of an entry in the cache (seconds) --- 0 -> minimum TTL an entry should have to be considered for insertion in the cache (seconds) --- 60 -> TTL used for a Server Failure or a Refused response (seconds) --- 60 -> TTL that will be used when a stale cache entry is returned (seconds) - warnlog(string.format("Script starting ----------------- %s ", "*** setup cache *** ")) --- ----------------------------------------------------------------------------------------------- - - pc = newPacketCache(10000, 86400, 0, 60, 60) -- new cache - getPool("masterpool"):setCache(pc) -- masterpool cache - - - setStaleCacheEntriesTTL(3600) -- If no backends working, use cached data - - --- ----------------------------------------------------------------------------------------------- --- listen on local port 5200 - warnlog(string.format("Script starting ----------------- %s ", "*** listen on port 0.0.0.0:5200 for DNS requests ***")) --- ----------------------------------------------------------------------------------------------- - - setLocal("0.0.0.0:5200") - - - rlBlkLst = newRemoteLogger('127.0.0.1:60000') -- rpz hit protobuf handler for local address, port 60,000 - rlCache = newRemoteLogger('127.0.0.1:60000') -- cache hit protobuf handler for local address, port 60,000 - rlFwd = newRemoteLogger('127.0.0.1:60000') -- forward protobuf handler for local address, port 60,000 - - --- ----------------------------------------------------------------------------------------------- --- maintenance() function called every second - - function maintenance() - - if ((maintCounter % 60) == 0) then -- do this once a minute - print(string.format("\n maintenance() - %s", os.date("%X-%x"))) - - local tableStat = getStatisticsCounters() -- display statistics - for k, v in pairs( tableStat ) do - print(string.format(" %-23s %d ", k, v)) - end - - - end - maintCounter = maintCounter + 1 - end - --- ----------------------------------------------------------------------------------------------- --- luaCheckBL() - check for rpz hit --- if in blacklist then spoof response --- else forward normally to masterpool - warnlog(string.format("Script starting ----------------- %s ", "*** luaCheckBL() *** ")) --- ----------------------------------------------------------------------------------------------- - - function luaCheckBL(dq) - - if (bDebugCheckBL) - then - print(string.format("luaCheckBL -> qname.: %s ", dq.qname:toString())) - - print(string.format("luaCheckBL -> qtype.: %d ", dq.qtype)) - print(string.format("luaCheckBL -> from..: %s ", dq.remoteaddr:toStringWithPort())) - print(string.format("luaCheckBL -> opcode: %d ", dq.opcode)) - print(string.format("luaCheckBL -> rcode.: %d ", dq.rcode)) - print(string.format("luaCheckBL -> qclass: %d ", dq.qclass)) - print(string.format("luaCheckBL -> DO....: %s ", tostring(dq:getDO()))) - print(string.format("luaCheckBL -> Len...: %d ", dq.len)) - print(string.format("luaCheckBL -> Size..: %d ", dq.size)) - print(string.format("luaCheckBL -> TCP...: %s ", tostring(dq.tcp))) - end - - - local tKey = dq.qname:toString() -- get dns name client requested to be looked up - if(tKey ~= nil) - then - local tKey2 = string.sub(tKey, 1, string.len(tKey) - 1) -- get rid of final period at end of dnsname - if (bDebugCheckBL) - then - print(string.format("luaCheckBL -> tKey2.: %s ", tKey2)) - end - if(tKey2 == strTestDns1) - then - dq:setTag("Trans", "RPZ") -- label this transaction as rpz for protobuf - NEW LUA COMMAND - 5/22/2017 - dq:setTag("RPZ-Info", "reject-example") -- store blacklist extra data in dq for protobuf later -- NEW LUA COMMAND - 5/22/2017 - dq:setTag("lua-time", os.date("%X-%x")) -- an example of storing extra data -- NEW LUA COMMAND - 5/22/2017 - dq:setTag("lua-ver", _VERSION) -- another example of storing extra data -- NEW LUA COMMAND - 5/22/2017 - dq:setTag("From", dq.remoteaddr:toStringWithPort()) -- store blacklist extra data in dq for protobuf later -- NEW LUA COMMAND - 5/22/2017 - dq:setTag("TCP", tostring(dq.tcp)) -- store blacklist extra data in dq for protobuf later -- NEW LUA COMMAND - 5/22/2017 - - local tableTags = {} -- create a table as an experiment - tableTags["TestLabel1"] = "Test Value One" -- add transaction type to table - tableTags["TestLabel2"] = "Test Value Two" -- add transaction type to table - dq:setTagArray(tableTags) -- store table in dq for protobuf later -- NEW LUA COMMAND - 6/2/2017 - - if (bDebugCheckBL) - then - print(string.format("luaCheckBL -> RpzHit: %s **********", tValue)) - print(string.format("--")) - end - - return DNSAction.None, "" -- continue to the next rule - - end - end - - if (bDebugCheckBL) - then - print(string.format("luaCheckBL -> return DNSAction.Pool to masterpool ")) - print(string.format("--")) - end - - return DNSAction.Pool, "masterpool" -- use the specified pool to forward this query - - end - --- ----------------------------------------------------------------------------------------------- --- declare a Lua action functino to alter the protobuf when a BlackList (RPZ) hit occurs - warnlog(string.format("Script starting ----------------- %s ", "*** luaLogBL() -> 127.0.0.1:60000 ***")) --- ----------------------------------------------------------------------------------------------- - -function luaLogBL(dr, pbMsg) -- this is the lua code that executes for a request - - - if (bDebugLogBL) - then - print(string.format("luaLogBL -> qname: %s qtype: %d from: %s TCP: %s ", dr.qname:toString(), dr.qtype, dr.remoteaddr:toStringWithPort(), tostring(dr.tcp))) - print(string.format("luaLogBL -> pb: %s ", pbMsg:toDebugString())) - end - - - if (bDebugLogBL) - then - print(string.format("luaLogBL -> dr:getTagArray() ")) - end - - local tableTags = dr:getTagArray() -- get array of tags inserted by setTag() - NEW LUA COMMAND - 5/24/2017 - - if (bDebugLogBL) - then - for k, v in pairs( tableTags ) do - print(string.format("\t Label: %-15s Value: %s ", k, v)) - end - end - - if (bDebugLogBL) - then - print(string.format("luaLogBL-> Test adding to table tableTags")) - tableTags["dude1"] = "test1" -- test adding extra entries to table - tableTags["dude2"] = "test2" -- test adding extra entries to table - tableTags["dude3"] = "test3" -- test adding extra entries to table - tableTags["dude4"] = "test4" -- test adding extra entries to table - end - - if (bDebugLogBL) - then - print(string.format("luaLogBL-> setTagArray(tableTags)")) - end - - pbMsg:setTagArray(tableTags) -- store tableTags in the 'tags' field of the protobuf - NEW LUA COMMAND - 5/24/2017 - - if (bDebugLogBL) - then - print(string.format("luaLogBL-> setResponseCode(dnsdist.NXDOMAIN)")) - end - - - pbMsg:setResponseCode(dnsdist.NXDOMAIN) -- set protobuf response code to be NXDOMAIN - - - if (bDebugLogBL) - then - print(string.format("luaLogBL-> get dns name")) - end - - - local strReqName = dr.qname:toString() -- get request dns name - - - if (bDebugLogBL) - then - print(string.format("luaLogBL-> strReqName = %s", strReqName)) - end - - pbMsg:setProtobufResponseType(strReqName) -- set protobuf to look like a response and not a query, no query time -- NEW LUA COMMAND - -- strReqName - The DNS name that was sent by the client to be looked up. - --- pbMsg:setProtobufResponseTypeQT(strReqName, os.time(), 0) -- set protobuf to look like a response and not a query, insert query time -- NEW LUA COMMAND - -- strReqName - The DNS name that was sent by the client to be looked up. - -- timestamp - Timestamp for protobuf field - -- timestamp - microseconds - - if (bDebugLogBL) - then - print(string.format("--")) - end - - -end - - - --- ----------------------------------------------------------------------------------------------- --- declare a Lua action function to alter the protobuf when a normal forwarding happens - warnlog(string.format("Script starting ----------------- %s ", "*** luaLogForward() ***")) --- ----------------------------------------------------------------------------------------------- - -function luaLogForward(dr, pbMsg) - - - if (bDebugLogForward) - then - print(string.format("luaLogForward -> qname: %s qtype: %d from: %s TCP: %s ", dr.qname:toString(), dr.qtype, dr.remoteaddr:toStringWithPort(), tostring(dr.tcp))) - print(string.format("luaLogForward -> opcode: %d ", dr.opcode)) - print(string.format("luaLogForward -> rcode.: %d ", dr.rcode)) - print(string.format("luaLogForward -> qclass: %d ", dr.qclass)) - print(string.format("luaLogForward -> len...: %d ", dr.len)) - print(string.format("luaLogForward -> pb: %s ", pbMsg:toDebugString())) - end - - - if (bDebugLogForward) - then - print(string.format("luaLogForward -> Creating a table with transaction type. ")) - end - - local tableTags = {} -- create a table - tableTags["Trans"] = "FWD" -- add transaction type to table - - if (bDebugLogForward) - then - print(string.format("luaLogBL-> setTagArray(tableTags)")) - end - - pbMsg:setTagArray(tableTags) -- store tableTags in the 'tags' field of the protobuf - NEW LUA COMMAND - 5/24/2017 - - - - if (bDebugLogForward) - then - print(string.format("--")) - end - -end - - - - --- ----------------------------------------------------------------------------------------------- --- declare a Lua action function to alter the protobuf when a Cache hit occurs - warnlog(string.format("Script starting ----------------- %s ", "*** luaLogCache() ***")) --- ----------------------------------------------------------------------------------------------- - -function luaLogCache(dr, pbMsg) -- this is the lua code that executes after a cache hit - - - if (bDebugLogCache) - then - print(string.format("luaLogCache -> qname: %s qtype: %d from: %s TCP: %s ", dr.qname:toString(), dr.qtype, dr.remoteaddr:toStringWithPort(), tostring(dr.tcp))) - end - - if (bDebugLogCache) - then - print(string.format("luaLogForward -> Creating a table with transaction type. ")) - end - - local tableTags = {} -- create a table - tableTags["Trans"] = "CACHE" -- add transaction type to table - - if (bDebugLogCache) - then - print(string.format("luaLogBL-> setTagArray(tableTags)")) - end - - pbMsg:setTagArray(tableTags) -- store tableTags in the 'tags' field of the protobuf - NEW LUA COMMAND - 5/24/2017 - - - - if (bDebugLogForward) - then - print(string.format("--")) - end - - - if (bDebugLogCache) - then - print(string.format("--")) - end - -end - - - - --- ---------------------------------------------------------------------------------------------- - -- put this here so blacklist sends out protobuf...... -function luaRetNXDOMAIN(dq) - - if (bDebugRetNXDOMAIN) - then - print(string.format("luaRetNXDOMAIN() - return NXDOMAIN to client")) - print(string.format("--")) - end - return DNSAction.Nxdomain, "" -- return NXDOMAIN response to client -end - - - - --- ----------------------------------------------------------------------------------------------- --- Rules - warnlog(string.format("Script starting ----------------- %s ", "*** setting rules *** ")) --- ----------------------------------------------------------------------------------------------- - - - addLuaAction(AllRule(), luaCheckBL) -- first, check blacklist, if match process next rule below, else send to "masterpool" - - addAction(AllRule(), RemoteLogAction(rlBlkLst, luaLogBL)) -- then send out protobuf for rpz hit - - addLuaAction(AllRule(), luaRetNXDOMAIN) -- then send nxdomain response back to the client. - - addAction(AllRule(), PoolAction("masterpool")) -- direct requests that are not RPZ to pool "masterpool" - - - addCacheHitResponseAction(AllRule(), RemoteLogResponseAction(rlCache, luaLogCache)) -- used to send out protobuf on cache hit - - - addResponseAction(AllRule(), RemoteLogResponseAction(rlFwd, luaLogForward)) -- used to send out protobuf on forward (normal) out - --- ----------------------------------------------------------------------------------------------- --- finished setting up script --- ----------------------------------------------------------------------------------------------- - - warnlog(string.format("Script finished ----------------- %s ", os.date("%X-%x"))) - diff --git a/zzz-gca-example/dnsdist.conf b/zzz-gca-example/dnsdist.conf deleted file mode 100644 index a547b2dbd..000000000 --- a/zzz-gca-example/dnsdist.conf +++ /dev/null @@ -1,251 +0,0 @@ --- ----------------------------------------------------------------------------------------------- --- dnsdist2.conf - with NO text debugging comments....... --- see dnsdist2-debug.conf for a copy with text debugging. --- Seth Ornstein - sornstein@globalcyberalliance.org --- 6/7/2017 --- for use in testing out new Lua commands for dnsdist --- git clone -b dnsdist-mod2 https://github.com/GlobalCyberAlliance/pdns.git --- ----------------------------------------------------------------------------------------------- - - warnlog(string.format("Script starting ----------------- %s ", "dnsdist2.conf")) - - warnlog(string.format("Script starting ----------------- %s ", os.date("%X-%x"))) - - warnlog(string.format("Script starting ----------------- Lua Version: %s - (should be 5.1)", _VERSION)) - - - - strTestDns1 = "1jw2mr4fmky.net" -- test #1 dns lookup name - (reject) - - maintCounter = 0 -- maintainance counter - - bDebugCheckBL = false -- true if debugging luaCheckBL - bDebugLogBL = false -- true if debugging luaLogBL - bDebugLogForward = false -- true if debugging luaLogForward - bDebugLogCache = false -- true if debugging luaLogCache - bDebugRetNXDOMAIN = false -- true if debugging luaRetNXDOMAIN - - - --- ----------------------------------------------------------------------------------------------- - --- ----------------------------------------------------------------------------------------------- --- setup servers to use - warnlog(string.format("Script starting ----------------- %s ", "*** setup servers to use ***")) --- ----------------------------------------------------------------------------------------------- - ---newServer({address="64.6.64.6:53", name="Verisign_1", pool="masterpool"}) -- verisign dns server #1 ---newServer({address="64.6.65.6:53", name="Verisign_2", pool="masterpool"}) -- verisign dns server #2 -newServer({address="8.8.8.8:53", name="Google_1", pool="masterpool"}) -- google dns server #1 -newServer({address="8.8.4.4:53", name="Google_2", pool="masterpool"}) -- google dns server #2 ---newServer({address="208.67.222.222:53", name="Opendns_1", pool="masterpool"}) -- opendns dns server #1 ---newServer({address="208.67.220.220:53", name="Opendns_2", pool="masterpool"}) -- opendns dns server #2 - - --- ----------------------------------------------------------------------------------------------- --- set up the cache --- 10000 -> maximum number of entries stored in the cache (required) --- 86400 -> maximum lifetime of an entry in the cache (seconds) --- 0 -> minimum TTL an entry should have to be considered for insertion in the cache (seconds) --- 60 -> TTL used for a Server Failure or a Refused response (seconds) --- 60 -> TTL that will be used when a stale cache entry is returned (seconds) - warnlog(string.format("Script starting ----------------- %s ", "*** setup cache *** ")) --- ----------------------------------------------------------------------------------------------- - - pc = newPacketCache(10000, 86400, 0, 60, 60) -- new cache - getPool("masterpool"):setCache(pc) -- masterpool cache - - - setStaleCacheEntriesTTL(3600) -- If no backends working, use cached data - - --- ----------------------------------------------------------------------------------------------- --- listen on local port 5200 - warnlog(string.format("Script starting ----------------- %s ", "*** listen on port 0.0.0.0:5200 for DNS requests ***")) --- ----------------------------------------------------------------------------------------------- - - setLocal("0.0.0.0:5200") - - - rlBlkLst = newRemoteLogger('127.0.0.1:60000') -- rpz hit protobuf handler for local address, port 60,000 - rlCache = newRemoteLogger('127.0.0.1:60000') -- cache hit protobuf handler for local address, port 60,000 - rlFwd = newRemoteLogger('127.0.0.1:60000') -- forward protobuf handler for local address, port 60,000 - - --- ----------------------------------------------------------------------------------------------- --- maintenance() function called every second - - function maintenance() - - if ((maintCounter % 60) == 0) then -- do this once a minute - print(string.format("\n maintenance() - %s", os.date("%X-%x"))) - - local tableStat = getStatisticsCounters() -- display statistics - for k, v in pairs( tableStat ) do - print(string.format(" %-23s %d ", k, v)) - end - - - end - maintCounter = maintCounter + 1 - end - --- ----------------------------------------------------------------------------------------------- --- luaCheckBL() - check for rpz hit --- if in blacklist then spoof response --- else forward normally to masterpool - warnlog(string.format("Script starting ----------------- %s ", "*** luaCheckBL() *** ")) --- ----------------------------------------------------------------------------------------------- - - function luaCheckBL(dq) - - - - local tKey = dq.qname:toString() -- get dns name client requested to be looked up - if(tKey ~= nil) - then - local tKey2 = string.sub(tKey, 1, string.len(tKey) - 1) -- get rid of final period at end of dnsname - if(tKey2 == strTestDns1) - then - dq:setTag("Trans", "RPZ") -- label this transaction as rpz for protobuf - NEW LUA COMMAND - 5/22/2017 - dq:setTag("RPZ-Info", "reject-example") -- store blacklist extra data in dq for protobuf later -- NEW LUA COMMAND - 5/22/2017 - - local tableTags = {} -- create a table as an experiment - tableTags["TestLabel1"] = "Test Value One" -- add transaction type to table - tableTags["TestLabel2"] = "Test Value Two" -- add transaction type to table - dq:setTagArray(tableTags) -- store table in dq for protobuf later -- NEW LUA COMMAND - 6/2/2017 - - - return DNSAction.None, "" -- continue to the next rule - - end - end - - - return DNSAction.Pool, "masterpool" -- use the specified pool to forward this query - - end - --- ----------------------------------------------------------------------------------------------- --- declare a Lua action functino to alter the protobuf when a BlackList (RPZ) hit occurs - warnlog(string.format("Script starting ----------------- %s ", "*** luaLogBL() -> 127.0.0.1:60000 ***")) --- ----------------------------------------------------------------------------------------------- - -function luaLogBL(dr, pbMsg) -- this is the lua code that executes for a request - - - - - - local tableTags = dr:getTagArray() -- get array of tags inserted by setTag() - NEW LUA COMMAND - 5/24/2017 - - - - - pbMsg:setTagArray(tableTags) -- store tableTags in the 'tags' field of the protobuf - NEW LUA COMMAND - 5/24/2017 - - - - pbMsg:setResponseCode(dnsdist.NXDOMAIN) -- set protobuf response code to be NXDOMAIN - - - - - local strReqName = dr.qname:toString() -- get request dns name - - - - pbMsg:setProtobufResponseType(strReqName) -- set protobuf to look like a response and not a query, no query time -- NEW LUA COMMAND - -- strReqName - The DNS name that was sent by the client to be looked up. - --- pbMsg:setProtobufResponseTypeQT(strReqName, os.time(), 0) -- set protobuf to look like a response and not a query, insert query time -- NEW LUA COMMAND - -- strReqName - The DNS name that was sent by the client to be looked up. - -- timestamp - Timestamp for protobuf field - -- timestamp - microseconds - - - -end - - - --- ----------------------------------------------------------------------------------------------- --- declare a Lua action function to alter the protobuf when a normal forwarding happens - warnlog(string.format("Script starting ----------------- %s ", "*** luaLogForward() ***")) --- ----------------------------------------------------------------------------------------------- - -function luaLogForward(dr, pbMsg) - - - - local tableTags = {} -- create a table - tableTags["Trans"] = "FWD" -- add transaction type to table - - - pbMsg:setTagArray(tableTags) -- store tableTags in the 'tags' field of the protobuf - NEW LUA COMMAND - 5/24/2017 - - - - -end - - - - --- ----------------------------------------------------------------------------------------------- --- declare a Lua action function to alter the protobuf when a Cache hit occurs - warnlog(string.format("Script starting ----------------- %s ", "*** luaLogCache() ***")) --- ----------------------------------------------------------------------------------------------- - -function luaLogCache(dr, pbMsg) -- this is the lua code that executes after a cache hit - - - - local tableTags = {} -- create a table - tableTags["Trans"] = "CACHE" -- add transaction type to table - - - pbMsg:setTagArray(tableTags) -- store tableTags in the 'tags' field of the protobuf - NEW LUA COMMAND - 5/24/2017 - - -end - - - - --- ---------------------------------------------------------------------------------------------- - -- put this here so blacklist sends out protobuf...... -function luaRetNXDOMAIN(dq) - - return DNSAction.Nxdomain, "" -- return NXDOMAIN response to client -end - - - - --- ----------------------------------------------------------------------------------------------- --- Rules - warnlog(string.format("Script starting ----------------- %s ", "*** setting rules *** ")) --- ----------------------------------------------------------------------------------------------- - - - addLuaAction(AllRule(), luaCheckBL) -- first, check blacklist, if match process next rule below, else send to "masterpool" - - addAction(AllRule(), RemoteLogAction(rlBlkLst, luaLogBL)) -- then send out protobuf for rpz hit - - addLuaAction(AllRule(), luaRetNXDOMAIN) -- then send nxdomain response back to the client. - - addAction(AllRule(), PoolAction("masterpool")) -- direct requests that are not RPZ to pool "masterpool" - - - addCacheHitResponseAction(AllRule(), RemoteLogResponseAction(rlCache, luaLogCache)) -- used to send out protobuf on cache hit - - - addResponseAction(AllRule(), RemoteLogResponseAction(rlFwd, luaLogForward)) -- used to send out protobuf on forward (normal) out - --- ----------------------------------------------------------------------------------------------- --- finished setting up script --- ----------------------------------------------------------------------------------------------- - - warnlog(string.format("Script finished ----------------- %s ", os.date("%X-%x"))) - diff --git a/zzz-gca-example/dnsdist2-debug.sh b/zzz-gca-example/dnsdist2-debug.sh deleted file mode 100755 index 1f2016305..000000000 --- a/zzz-gca-example/dnsdist2-debug.sh +++ /dev/null @@ -1,19 +0,0 @@ -echo "test-dnsdist2.sh - test dnsdist - debugging configuration" -echo "" -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -SLASH="/" -CFG_FILE="dnsdist-debug.conf" -CONFIG_FILE=$DIR$SLASH$CFG_FILE -echo "current directory: " $DIR -echo "" -echo "configuration file: " $CONFIG_FILE -echo "" -echo "cd ../pdns/dnsdistdist" -echo "" -cd ../pdns/dnsdistdist -echo "" -###echo "listen on port 5200 for requests" -###echo "" -###./dnsdist --config=$CONFIG_FILE --local=0.0.0.0:5200 - -./dnsdist --config=$CONFIG_FILE diff --git a/zzz-gca-example/dnsdist2.sh b/zzz-gca-example/dnsdist2.sh deleted file mode 100755 index 410d4de28..000000000 --- a/zzz-gca-example/dnsdist2.sh +++ /dev/null @@ -1,19 +0,0 @@ -echo "test-dnsdist2.sh - test dnsdist" -echo "" -DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -SLASH="/" -CFG_FILE="dnsdist.conf" -CONFIG_FILE=$DIR$SLASH$CFG_FILE -echo "current directory: " $DIR -echo "" -echo "configuration file: " $CONFIG_FILE -echo "" -echo "cd ../pdns/dnsdistdist" -echo "" -cd ../pdns/dnsdistdist -echo "" -###echo "listen on port 5200 for requests" -###echo "" -###./dnsdist --config=$CONFIG_FILE --local=0.0.0.0:5200 - -./dnsdist --config=$CONFIG_FILE diff --git a/zzz-gca-example/make-dnsdist2.sh b/zzz-gca-example/make-dnsdist2.sh deleted file mode 100755 index f4f952988..000000000 --- a/zzz-gca-example/make-dnsdist2.sh +++ /dev/null @@ -1,5 +0,0 @@ -echo "-------------- cd ../pdns/dnsdistdist -----------" -cd ../pdns/dnsdistdist -echo "-------------- make--------------------------------" -make - diff --git a/zzz-gca-example/protobuf-server2.sh b/zzz-gca-example/protobuf-server2.sh deleted file mode 100755 index 6bfc39340..000000000 --- a/zzz-gca-example/protobuf-server2.sh +++ /dev/null @@ -1,14 +0,0 @@ -echo "protobuf-server2 for testing dnsdist Seth Global Cyber Alliance 6/7/2017" - -cd ../contrib/ - -echo "" -echo "----------------------------" -echo "listening on 127.0.0.1:60000" -echo "----------------------------" -echo "" - -./ProtobufLogger.py 127.0.0.1 60000 - - - diff --git a/zzz-gca-example/test-protobuf-tag.sh b/zzz-gca-example/test-protobuf-tag.sh deleted file mode 100755 index 9a0103c88..000000000 --- a/zzz-gca-example/test-protobuf-tag.sh +++ /dev/null @@ -1,14 +0,0 @@ -cd ../regression-tests.dnsdist -DNSDISTBIN=../pdns/dnsdistdist/dnsdist ./runtests test_ProtobufTag.py - - -echo "-----------------------------------------------------------" -echo "-----------------------------------------------------------" -echo "-----------------------------------------------------------" -echo "-----------------------------------------------------------" -echo "-----------------------------------------------------------" -echo "-----------------------------------------------------------" - -cat nosetests.xml - -