dns_intern: set RA flag on answers from auth for own zones
This commit is contained in:
parent
29d008ca04
commit
9179a8a1f6
@ -9,17 +9,27 @@ newServer({address='127.0.0.1:5300', pool='authdns'})
|
||||
newServer({address='127.0.0.1:5353', pool='resolve'})
|
||||
|
||||
{% if dns_secondary is defined %}
|
||||
-- allow AXFR/IXFR only from slaves
|
||||
-- allow AXFR/IXFR only from secondary
|
||||
addAction(AndRule({OrRule({QTypeRule(DNSQType.AXFR), QTypeRule(DNSQType.IXFR)}), NotRule(makeRule("{{ dns_secondary }}"))}), RCodeAction(DNSRCode.REFUSED))
|
||||
{% endif %}
|
||||
|
||||
-- allow NOTIFY only from master
|
||||
-- allow NOTIFY only from primary
|
||||
addAction(AndRule({OpcodeRule(DNSOpcode.Notify), NotRule(makeRule("{{ dns_primary }}"))}), RCodeAction(DNSRCode.REFUSED))
|
||||
|
||||
-- use auth servers for own zones
|
||||
addAction('binary.kitchen', PoolAction('authdns'))
|
||||
addAction('23.172.in-addr.arpa', PoolAction('authdns'))
|
||||
|
||||
-- function to set RA flag
|
||||
function setRA(dq)
|
||||
dq.dh:setRA(true)
|
||||
return DNSResponseAction.None
|
||||
end
|
||||
|
||||
-- set RA flag for queries to own zones
|
||||
addResponseAction('binary.kitchen', LuaResponseAction(setRA))
|
||||
addResponseAction('23.172.in-addr.arpa', LuaResponseAction(setRA))
|
||||
|
||||
-- use resolver for anything else
|
||||
addAction(AllRule(), PoolAction('resolve'))
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user