search

PowerDNS / pdns

PowerDNS Authoritative, PowerDNS Recursor, dnsdist
https://www.powerdns.com/
GNU General Public License v2.0
3.62k stars 902 forks source link

Lua FFI: Get OPT section function #14567

Closed wjgauthier closed 3 days ago

wjgauthier commented 3 weeks ago

Short description

I am using Lua FFI to spoof responses, but I cannot currently handle cases where a client requests an unknown EDNS version (two of the ISC EDNS Compliance checks) because there is no function available to retrieve the OPT section.

Usecase

In my Lua script for spoofing responses, I would like to return BADVERS if the client requests anything other than EDNS version 0, which is the correct way of handling unknown EDNS versions (https://ednscomp.isc.org/).

Description

Implementing an ffi.C.dnsdist_ffi_dnsquestion_get_opt_section function that returns the requested EDNS version (along with other options) would allow me to handle unknown EDNS versions correctly.

rgacogne commented 3 weeks ago

I see we already have an accessor for the DNSSEC OK bit (dnsdist_ffi_dnsquestion_get_do) and for EDNS options (dnsdist_ffi_dnsquestion_get_edns_options). There is no other flag defined as far as I know, so I guess we only need new accessors for the version and the extended rcode, or did you have something else in mind?

wjgauthier commented 3 weeks ago

You are right. We would only need accessors for the version and the extended rcode. Thank you!