pdns icon indicating copy to clipboard operation
pdns copied to clipboard
verified publisher icon PowerDNS

Lua FFI: Get OPT section function

Open wjgauthier opened this issue 1 year ago • 2 comments

  • Program: dnsdist
  • Issue type: Feature request

Short description

I am using Lua FFI to spoof responses, but I cannot currently handle cases where a client requests an unknown EDNS version (two of the ISC EDNS Compliance checks) because there is no function available to retrieve the OPT section.

Usecase

In my Lua script for spoofing responses, I would like to return BADVERS if the client requests anything other than EDNS version 0, which is the correct way of handling unknown EDNS versions (https://ednscomp.isc.org/).

Description

Implementing an ffi.C.dnsdist_ffi_dnsquestion_get_opt_section function that returns the requested EDNS version (along with other options) would allow me to handle unknown EDNS versions correctly.

wjgauthier avatar Aug 20 '24 08:08 wjgauthier

I see we already have an accessor for the DNSSEC OK bit (dnsdist_ffi_dnsquestion_get_do) and for EDNS options (dnsdist_ffi_dnsquestion_get_edns_options). There is no other flag defined as far as I know, so I guess we only need new accessors for the version and the extended rcode, or did you have something else in mind?

rgacogne avatar Aug 20 '24 10:08 rgacogne

You are right. We would only need accessors for the version and the extended rcode. Thank you!

wjgauthier avatar Aug 20 '24 13:08 wjgauthier