ahupowerdns

#include <atomic>
#include <utility>
#include <functional>

/* goal, replace:
   if(x < 1)
     ++c0_1;
   else if(x < 10)
     ++c1_10;
   else if(x< 100)

ahupowerdns

> xfr = QTypeRule(dnsdist.AXFR)
> print(xfr)
userdata: 0x55dc39b27cd8
> a2 = OrRule({xfr})
> print(xfr)
userdata: 0x55dc39b27cd8
> xfr:toString()
Segmentation fault (core dumped)

ahupowerdns

LUA Record Type for Lua-powered DNS records for standards based fail-over and geographical load balancing

GitHub branch -> https://github.com/ahupowerdns/pdns/tree/luarec

Recently, many zone owners could not migrate away from Dyn since they were benefiting from non-standardised DNS-based failover and geographical loadbalancing features. What you see below is an attempt to get standards based but flexible equivalents of these currently proprietary features. Here is a zone:

$TTL 60
lua.br. IN      SOA     a.lua.br. nstld.verisign-grs.com. (
        2016032300      ; Serial
        14400           ; Refresh

ahupowerdns

googleset = newDS()

-- https://www.google.com/supported_domains
--  (echo 'return{' ; for a in $(curl https://www.google.com/supported_domains | sed s/^\\.//) ; do echo \"$a\",; done ; echo '}') > googledomains.lua


googleset:add(dofile("googledomains.lua"))

function handleSafeSearch(dq)
         if(googleset:check(dq.qname)) then

ahupowerdns

malwareips=newNMG()
malwareips:addMasks(dofile("blacklist.ip"))

function postresolve(dq)
        -- print("postresolve called for ",dq.qname:toString())
        local records = dq:getRecords()
        local changed = false
        for k,v in pairs(records) do
                if v.type == pdns.A or v.type == pdns.AAAA
                then

ahupowerdns

CVE-2015-7547 mitigation script

In response to CVE-2015-7547, we are developing this Lua script which should protect your users, at a slight risk of disrupting specific queries which naturally deliver very large responses.

Run the script below by setting: lua-dns-script=stop-cve-2015-7547.lua - or use rec_control reload-lua-script stop-cve-2015-7547.lua at runtime.

Please continue to check this page for updates.

function postresolve ( remoteip, domain, qtype, records, origrcode )

ahupowerdns

# pdnsutil show-zone example.com 
This is a Master zone
Last SOA serial number we notified: 0 != 1 (serial in the database)
Zone is not actively secured
Metadata items: 
	ALLOW-AXFR-FROM	AUTO-NS
No keys for zone 'example.com.'.

ahupowerdns

Jan 29 22:35:45 1 slave domain needs checking, 0 queued for AXFR
Jan 29 22:35:45 Received serial number updates for 1 zones, had 0 timeouts
Jan 29 22:35:45 Domain 'example.com.' is stale, master serial 1, our serial 0
Jan 29 22:35:45 Initiating transfer of 'example.com.' from remote '192.168.1.2:53'
Jan 29 22:35:45 AXFR started for 'example.com.'
Jan 29 22:35:45 Transaction started for 'example.com.'
Jan 29 22:35:45 AXFR done for 'example.com.', zone committed with serial number 1

ahupowerdns

# pdnsutil create-zone example.com ns1.example.com
Creating empty zone 'example.com.'
Also adding one NS record
# pdnsutil add-record example.com ns1 A 192.168.1.2
New rrset:
ns1.example.com. IN A 3600 192.168.1.2

# pdnsutil list-zone example.com
example.com.    3600    IN      NS      ns1.example.com.
example.com.    3600    IN      SOA     ns1.example.com hostmaster.example.com 1 10800 3600 604800 3600

ahupowerdns

# sqlite3 /etc/powerdns/powerdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql