Last active
September 14, 2015 12:41
-
-
Save cmouse/762af1a8736e886349c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
--- Domain blacklist/override - LUA evaluation script | |
--- | |
--- v0.1 (20141025) - Ciro Iriarte <ciro.iriarte@gmail.com> | |
--- - First release | |
--- v0.2 (20141029) - Ciro Iriarte <ciro.iriarte@gmail.com> | |
--- - Added verification for *.arpa requests, exit inmediatly | |
--- - Added support for "domain ending in", with *.badboy.com | |
--- - ToDo: cleanup duplicated code? | |
--- v0.3 (20141215) - Ciro Iriarte <ciro.iriarte@gmail.com> | |
--- - Fixed a bug with character evaluation that allowed an infinite loop | |
--- v0.4 (20141217) - Ciro Iriarte <ciro.iriarte@gmail.com> | |
--- - Limit loop to 127 iterations (max allowed levels on a domain), protects us from infinite loop scenarios | |
--- - Open CDB file just once. This will require a script reload on update. | |
--- - Normalize queries to lowercase | |
function endswith(s, send) | |
return #s >= #send and s:find(send, #s-#send+1, true) and true or false | |
end | |
function preresolve ( remoteip, domain, qtype ) | |
domain = string.lower( domain ) | |
orig_domain = domain | |
if endswith (domain,".arpa.") then | |
return -1, {} | |
end | |
resp=db:get(domain) | |
if resp == nil then | |
guard = 128 | |
while domain ~= "" and guard > 0 | |
do | |
guard = guard-1 | |
domain = domain:gsub("[^%.]*%.(.*)", "%1") | |
---print ("Looking for = *." .. domain) | |
resp=db:get("*." .. domain) | |
if resp ~= nil then | |
---print ("++> Got match") | |
rtype, rvalue = resp:match("([^,]+),([^,]+)") | |
---print("Tipo: " .. rtype .. "| Valor: " .. rvalue) | |
ret={ | |
{qtype=rtype, ttl=1, place="1", content=rvalue}, | |
} | |
if tonumber(rtype) == pdns.CNAME then | |
return "followCNAMERecords", 0, ret | |
else | |
return 0, ret | |
end | |
else | |
---print ("--> didn't get match") | |
end | |
end | |
if guard == 0 then | |
pdnslog("Got stuck at '" .. domain .. "' when called with '" .. orig_domain .. "'", pdns.loglevels.Warning) | |
---print("Got stuck at '" .. domain .. "' when called with '" .. orig_domain .. "'") | |
end | |
return -1, {} | |
else | |
rtype, rvalue = resp:match("([^,]+),([^,]+)") | |
---print("Tipo: " .. rtype .. "| Valor: " .. rvalue) | |
ret={ | |
{qtype=rtype, ttl=1, place="1", content=rvalue}, | |
} | |
if tonumber(rtype) == pdns.CNAME then | |
return "followCNAMERecords", 0, ret | |
else | |
return 0, ret | |
end | |
end | |
end | |
cdb = require("cdb") | |
db = assert(cdb.open("/etc/powerdns/blacklist.cdb")) | |
--preresolve ( "10.1.1.1","pelota.twi-tter.com","TXT") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment