Skip to content

Instantly share code, notes, and snippets.

View ahupowerdns's full-sized avatar

bert hubert ahupowerdns

402 followers · 0 following
View GitHub Profile
@ahupowerdns
ahupowerdns / stop-cve-2015-7547-with-powerdns-recursor.md
Last active April 21, 2023 17:14

CVE-2015-7547 mitigation script

In response to CVE-2015-7547, we are developing this Lua script which should protect your users, at a slight risk of disrupting specific queries which naturally deliver very large responses.

Run the script below by setting: lua-dns-script=stop-cve-2015-7547.lua - or use rec_control reload-lua-script stop-cve-2015-7547.lua at runtime.

Please continue to check this page for updates.

function postresolve ( remoteip, domain, qtype, records, origrcode )
@ahupowerdns
ahupowerdns / block.lua
Created April 15, 2016 08:27
malwareips=newNMG()
malwareips:addMasks(dofile("blacklist.ip"))
function postresolve(dq)
-- print("postresolve called for ",dq.qname:toString())
local records = dq:getRecords()
local changed = false
for k,v in pairs(records) do
if v.type == pdns.A or v.type == pdns.AAAA
then
@ahupowerdns
ahupowerdns / safesearch.lua
Created June 4, 2016 09:02
googleset = newDS()
-- https://www.google.com/supported_domains
-- (echo 'return{' ; for a in $(curl https://www.google.com/supported_domains | sed s/^\\.//) ; do echo \"$a\",; done ; echo '}') > googledomains.lua
googleset:add(dofile("googledomains.lua"))
function handleSafeSearch(dq)
if(googleset:check(dq.qname)) then
@ahupowerdns
ahupowerdns / lua.md
Last active January 31, 2024 15:01
The LUA record type for Lua-powered DNS records

LUA Record Type for Lua-powered DNS records for standards based fail-over and geographical load balancing

GitHub branch -> https://github.com/ahupowerdns/pdns/tree/luarec

Recently, many zone owners could not migrate away from Dyn since they were benefiting from non-standardised DNS-based failover and geographical loadbalancing features. What you see below is an attempt to get standards based but flexible equivalents of these currently proprietary features. Here is a zone:

$TTL 60
lua.br. IN      SOA     a.lua.br. nstld.verisign-grs.com. (
        2016032300      ; Serial
        14400           ; Refresh
@ahupowerdns
ahupowerdns / gist:52ac31e1cb2a2ccf77def94a98e3afd1
Created March 28, 2017 08:37
> xfr = QTypeRule(dnsdist.AXFR)
> print(xfr)
userdata: 0x55dc39b27cd8
> a2 = OrRule({xfr})
> print(xfr)
userdata: 0x55dc39b27cd8
> xfr:toString()
Segmentation fault (core dumped)
@ahupowerdns
ahupowerdns / increm.cc
Created October 4, 2017 19:53
#include <atomic>
#include <utility>
#include <functional>
/* goal, replace:
if(x < 1)
++c0_1;
else if(x < 10)
++c1_10;
else if(x< 100)
@ahupowerdns
ahupowerdns / increm2.cc
Created October 5, 2017 13:00
#include <atomic>
#include <iostream>
/* goal, replace:
if(x < 1)
++c0_1;
else if(x < 10)
++c1_10;
else if(x< 100)
++c10_100;
@ahupowerdns
ahupowerdns / increm3.cc
Created October 5, 2017 13:12
#include <atomic>
#include <iostream>
/* goal, replace:
if(x < 1)
++c0_1;
else if(x < 10)
++c1_10;
else if(x< 100)
++c10_100;
@ahupowerdns
ahupowerdns / y-axis.html
Created November 12, 2017 21:52
<!DOCTYPE html>
<meta charset="utf-8">
<style>
.axis text {
font: 10px sans-serif;
text-anchor: middle; /* or start or end */
}
@ahupowerdns
ahupowerdns / powerdns.org.zones
Last active January 31, 2024 14:53
$ORIGIN .
v6.powerdns.org 3600 IN NS lua-ns-v6.powerdns.org.
v6.powerdns.org 3600 IN SOA lua-ns-v6.powerdns.org hostmaster.v6.powerdns.org 1 10800 3600 604800 3600
whoami-ecs.v6.powerdns.org 60 IN LUA TXT "'ip: '..who:toString()..', netmask: '..(ecswho and ecswho:toString() or 'no ECS')"
whoami-port.v6.powerdns.org 60 IN LUA TXT "who:toStringWithPort()"
whoami.v6.powerdns.org 60 IN LUA AAAA "who:toString()"
whoami.v6.powerdns.org 60 IN LUA TXT "who:toString()"
;;;;;;;;;;;;;;