From f39b7598ea19c634f9caaf77ef81b6d3610fbfc3 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <rgacogne-github@coredump.fr>
Date: Thu, 19 Nov 2015 10:39:18 +0100
Subject: [PATCH] Add DisableValidationAction() and addDisableValidationRule()

---
 pdns/README-dnsdist.md |  1 +
 pdns/dnsdist-lua.cc    | 13 +++++++++++++
 pdns/dnsrulactions.hh  | 14 ++++++++++++++
 3 files changed, 28 insertions(+)

diff --git a/pdns/README-dnsdist.md b/pdns/README-dnsdist.md
index 5a4a75c41..01f118ba6 100644
--- a/pdns/README-dnsdist.md
+++ b/pdns/README-dnsdist.md
@@ -592,6 +592,7 @@ Here are all functions:
    * `DropAction()`: drop these packets
    * `NoRecurseAction()`: strip RD bit from the question, let it go through
    * `TCAction()`: create answer to query with TC and RD bits set, to move to TCP/IP
+   * `DisableValidationAction()`: set the CD bit in the question, let it go through
  * Specialist rule generators
    * addAnyTCRule(): generate TC=1 answers to ANY queries, moving them to TCP
    * setDNSSECPool(): move queries requesting DNSSEC processing to this pool
diff --git a/pdns/dnsdist-lua.cc b/pdns/dnsdist-lua.cc
index 32c12f848..b24878384 100644
--- a/pdns/dnsdist-lua.cc
+++ b/pdns/dnsdist-lua.cc
@@ -373,6 +373,10 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
       return std::shared_ptr<DNSAction>(new TCAction);
     });
 
+  g_lua.writeFunction("DisableValidationAction", []() {
+      return std::shared_ptr<DNSAction>(new DisableValidationAction);
+    });
+
 
   g_lua.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional<int> ipv4trunc, boost::optional<int> ipv6trunc) {
       return std::shared_ptr<DNSRule>(new MaxQPSIPRule(qps, ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64)));
@@ -414,6 +418,15 @@ vector<std::function<void(void)>> setupLua(bool client, const std::string& confi
 	  });
     });
 
+  g_lua.writeFunction("addDisableValidationRule", [](luadnsrule_t var) {
+      auto rule=makeRule(var);
+	g_rulactions.modify([rule](decltype(g_rulactions)::value_type& rulactions) {
+	    rulactions.push_back({
+		rule,
+		  std::make_shared<DisableValidationAction>()  });
+	  });
+    });
+
 
   g_lua.writeFunction("addQPSPoolRule", [](luadnsrule_t var, int limit, string pool) {
       auto rule = makeRule(var);
diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh
index 6e16825cf..a12668d94 100644
--- a/pdns/dnsrulactions.hh
+++ b/pdns/dnsrulactions.hh
@@ -279,3 +279,17 @@ public:
     return "set rd=0";
   }
 };
+
+class DisableValidationAction : public DNSAction
+{
+public:
+  DNSAction::Action operator()(const ComboAddress& remote, const DNSName& qname, uint16_t qtype, dnsheader* dh, int len, string* ruleresult) const override
+  {
+    dh->cd = true;
+    return Action::HeaderModify;
+  }
+  string toString() const override
+  {
+    return "set cd=1";
+  }
+};
-- 
2.40.0