cmouse/ciro.lua

## ciro.lua
---
--- Domain blacklist/override - LUA evaluation script
---
--- v0.1 (20141025) - Ciro Iriarte <ciro.iriarte@gmail.com>
--- - First release
--- v0.2 (20141029) - Ciro Iriarte <ciro.iriarte@gmail.com>
--- - Added verification for *.arpa requests, exit inmediatly
--- - Added support for "domain ending in", with *.badboy.com
--- - ToDo: cleanup duplicated code?
--- v0.3 (20141215) - Ciro Iriarte <ciro.iriarte@gmail.com>
--- - Fixed a bug with character evaluation that allowed an infinite loop
--- v0.4 (20141217) - Ciro Iriarte <ciro.iriarte@gmail.com>
--- - Limit loop to 127 iterations (max allowed levels on a domain), protects us from infinite loop scenarios
--- - Open CDB file just once. This will require a script reload on update.
--- - Normalize queries to lowercase

function endswith(s, send)
        return #s >= #send and s:find(send, #s-#send+1, true) and true or false
end

function preresolve ( remoteip, domain, qtype )

        domain = string.lower( domain )
        orig_domain = domain

        if endswith (domain,".arpa.") then
                return -1, {}
        end

        resp=db:get(domain)

        if resp == nil then
                guard = 128
                while domain ~= "" and guard > 0
                do
                        guard = guard-1
                        domain = domain:gsub("[^%.]*%.(.*)", "%1")
                        ---print ("Looking for = *." .. domain)
                        resp=db:get("*." .. domain)
                        if resp ~= nil then
                                ---print ("++> Got match")

                                rtype, rvalue = resp:match("([^,]+),([^,]+)")
                                ---print("Tipo: " .. rtype .. "| Valor: " .. rvalue)

                                ret={
                                        {qtype=rtype, ttl=1, place="1", content=rvalue},
                                }

                                if tonumber(rtype) == pdns.CNAME then
                                        return "followCNAMERecords", 0, ret
                                else
                                        return 0, ret
                                end
                        else
                                ---print ("--> didn't get match")
                        end
                end

                if guard == 0 then
                        pdnslog("Got stuck at '" .. domain .. "' when called with '" .. orig_domain .. "'", pdns.loglevels.Warning)
                        ---print("Got stuck at '" .. domain .. "' when called with '" .. orig_domain .. "'")
                end

                return -1, {}
        else

                rtype, rvalue = resp:match("([^,]+),([^,]+)")
                ---print("Tipo: " .. rtype .. "| Valor: " .. rvalue)
                ret={
                        {qtype=rtype, ttl=1, place="1", content=rvalue},
                }

                if tonumber(rtype) == pdns.CNAME then
                        return "followCNAMERecords", 0, ret
                else
                        return 0, ret
                end
        end

end

cdb = require("cdb")
db = assert(cdb.open("/etc/powerdns/blacklist.cdb"))
--preresolve ( "10.1.1.1","pelota.twi-tter.com","TXT")
	---
	--- Domain blacklist/override - LUA evaluation script
	---
	--- v0.1 (20141025) - Ciro Iriarte <ciro.iriarte@gmail.com>
	--- - First release
	--- v0.2 (20141029) - Ciro Iriarte <ciro.iriarte@gmail.com>
	--- - Added verification for *.arpa requests, exit inmediatly
	--- - Added support for "domain ending in", with *.badboy.com
	--- - ToDo: cleanup duplicated code?
	--- v0.3 (20141215) - Ciro Iriarte <ciro.iriarte@gmail.com>
	--- - Fixed a bug with character evaluation that allowed an infinite loop
	--- v0.4 (20141217) - Ciro Iriarte <ciro.iriarte@gmail.com>
	--- - Limit loop to 127 iterations (max allowed levels on a domain), protects us from infinite loop scenarios
	--- - Open CDB file just once. This will require a script reload on update.
	--- - Normalize queries to lowercase

	function endswith(s, send)
	return #s >= #send and s:find(send, #s-#send+1, true) and true or false
	end

	function preresolve ( remoteip, domain, qtype )

	domain = string.lower( domain )
	orig_domain = domain

	if endswith (domain,".arpa.") then
	return -1, {}
	end

	resp=db:get(domain)

	if resp == nil then
	guard = 128
	while domain ~= "" and guard > 0
	do
	guard = guard-1
	domain = domain:gsub("[^%.]%.(.)", "%1")
	---print ("Looking for = *." .. domain)
	resp=db:get("*." .. domain)
	if resp ~= nil then
	---print ("++> Got match")

	rtype, rvalue = resp:match("([^,]+),([^,]+)")
	---print("Tipo: " .. rtype .. "\| Valor: " .. rvalue)

	ret={
	{qtype=rtype, ttl=1, place="1", content=rvalue},
	}

	if tonumber(rtype) == pdns.CNAME then
	return "followCNAMERecords", 0, ret
	else
	return 0, ret
	end
	else
	---print ("--> didn't get match")
	end
	end

	if guard == 0 then
	pdnslog("Got stuck at '" .. domain .. "' when called with '" .. orig_domain .. "'", pdns.loglevels.Warning)
	---print("Got stuck at '" .. domain .. "' when called with '" .. orig_domain .. "'")
	end

	return -1, {}
	else

	rtype, rvalue = resp:match("([^,]+),([^,]+)")
	---print("Tipo: " .. rtype .. "\| Valor: " .. rvalue)
	ret={
	{qtype=rtype, ttl=1, place="1", content=rvalue},
	}

	if tonumber(rtype) == pdns.CNAME then
	return "followCNAMERecords", 0, ret
	else
	return 0, ret
	end
	end

	end

	cdb = require("cdb")
	db = assert(cdb.open("/etc/powerdns/blacklist.cdb"))
	--preresolve ( "10.1.1.1","pelota.twi-tter.com","TXT")