search

folbricht / routedns

DNS stub resolver, proxy and router with support for DoT, DoH, DoQ, and DTLS
BSD 3-Clause "New" or "Revised" License
451 stars 62 forks source link

Block based on Return-Code (RCODE) #96

Open cbuijs opened 3 years ago

cbuijs commented 3 years ago

Just wondering how difficult it is to add a response group based on return-code, either the number or text-base version.

See here: Return Codes

For example you could generate a more appropriate response on NXDOMAIN by facilitating an IP-Address pointing to a landing-page or try another query against another DNS server.

folbricht commented 3 years ago

It might be best to have some sort of response router here, one that can "retry" a query if the response matches certain conditions. Like so

[routers.router1]
type="response"
resolver=["google-udp"]
routes = [
  { rcode = 2, resolver="static-1" }, # SERVFAIL
  { rcode = 3, resolver="static-2" }, # NXDOMAIN
]

It could also be done much simpler, without the multi-routing piece

[groups.response-reroute]
type = "response-reroute"
resolvers = ["google-dot"] # Default
rcode = 3 # NXDOMAIN
reroute-resolver = "static-1" # Some static response

Thoughts?

cbuijs commented 3 years ago

I think the router one is much cleaner, but both would get the job done.

cbuijs commented 1 year ago

Duplicate of #241