Skip to content

Commit 69929b0

Browse files
DL6ERDL6ER
committed
Migrate to new PowerDNS 5.0 commands
Signed-off-by: Dominik <[email protected]>
1 parent 8737877 commit 69929b0

3 files changed

Lines changed: 104 additions & 81 deletions

File tree

.devcontainer/devcontainer.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "FTL x86_64 Build Env",
3-
"image": "ghcr.io/pi-hole/ftl-build:nightly",
3+
"image": "ghcr.io/pi-hole/ftl-build:v2.15",
44
"runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
55
"customizations": {
66
"vscode": {

src/dnsmasq_interface.c

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -467,17 +467,29 @@ size_t _FTL_make_answer(struct dns_header *header, char *limit, const size_t len
467467

468468
// Overwrite with IP address if requested
469469
if(redirecting)
470+
{
471+
log_debug(DEBUG_QUERIES, "Using regex redirected A address");
470472
memcpy(&addr, &redirect_addr4, sizeof(addr));
473+
}
471474
else if(config.dns.blocking.mode.v.blocking_mode == MODE_IP ||
472475
config.dns.blocking.mode.v.blocking_mode == MODE_IP_NODATA_AAAA ||
473476
forced_ip)
474477
{
475478
if(hostn && config.dns.reply.host.force4.v.b)
479+
{
480+
log_debug(DEBUG_QUERIES, "Using dns.reply.host.force4");
476481
memcpy(&addr, &config.dns.reply.host.v4.v.in_addr, sizeof(addr.addr4));
482+
}
477483
else if(!hostn && config.dns.reply.blocking.force4.v.b)
484+
{
485+
log_debug(DEBUG_QUERIES, "Using dns.reply.blocking.force4");
478486
memcpy(&addr, &config.dns.reply.blocking.v4.v.in_addr, sizeof(addr.addr4));
487+
}
479488
else
489+
{
490+
log_debug(DEBUG_QUERIES, "Using next_iface A address");
480491
memcpy(&addr, &next_iface.addr4, sizeof(addr.addr4));
492+
}
481493
}
482494

483495
// Debug logging
@@ -503,16 +515,28 @@ size_t _FTL_make_answer(struct dns_header *header, char *limit, const size_t len
503515

504516
// Overwrite with IP address if requested
505517
if(redirecting)
518+
{
519+
log_debug(DEBUG_QUERIES, "Using regex redirected AAAA address");
506520
memcpy(&addr, &redirect_addr6, sizeof(addr));
521+
}
507522
else if(config.dns.blocking.mode.v.blocking_mode == MODE_IP ||
508523
forced_ip)
509524
{
510525
if(hostn && config.dns.reply.host.force6.v.b)
526+
{
527+
log_debug(DEBUG_QUERIES, "Using dns.reply.host.force6");
511528
memcpy(&addr, &config.dns.reply.host.v6.v.in6_addr, sizeof(addr.addr6));
529+
}
512530
else if(!hostn && config.dns.reply.blocking.force6.v.b)
531+
{
532+
log_debug(DEBUG_QUERIES, "Using dns.reply.blocking.force6");
513533
memcpy(&addr, &config.dns.reply.blocking.v6.v.in6_addr, sizeof(addr.addr6));
534+
}
514535
else
536+
{
537+
log_debug(DEBUG_QUERIES, "Using next_iface AAAA address");
515538
memcpy(&addr, &next_iface.addr6, sizeof(addr.addr6));
539+
}
516540
}
517541

518542
// Debug logging

test/pdns/setup.sh

Lines changed: 79 additions & 80 deletions
Original file line numberDiff line numberDiff line change
@@ -40,139 +40,138 @@ else
4040
exit 1
4141
fi
4242
# Create zone ftl
43-
pdnsutil create-zone ftl ns1.ftl
44-
pdnsutil disable-dnssec ftl
43+
pdnsutil zone create ftl ns1.ftl
4544

4645
# Create A records
47-
pdnsutil add-record ftl. a A 192.168.1.1
48-
pdnsutil add-record ftl. gravity A 192.168.1.2
49-
pdnsutil add-record ftl. denied A 192.168.1.3
50-
pdnsutil add-record ftl. allowed A 192.168.1.4
51-
pdnsutil add-record ftl. gravity-allowed A 192.168.1.5
52-
pdnsutil add-record ftl. antigravity A 192.168.1.6
53-
pdnsutil add-record ftl. x.y.z.abp.antigravity A 192.168.1.7
54-
pdnsutil add-record ftl. regex1 A 192.168.2.1
55-
pdnsutil add-record ftl. regex2 A 192.168.2.2
56-
pdnsutil add-record ftl. regex5 A 192.168.2.3
57-
pdnsutil add-record ftl. regexA A 192.168.2.4
58-
pdnsutil add-record ftl. regex-REPLYv4 A 192.168.2.5
59-
pdnsutil add-record ftl. regex-REPLYv6 A 192.168.2.6
60-
pdnsutil add-record ftl. regex-REPLYv46 A 192.168.2.7
61-
pdnsutil add-record ftl. regex-A A 192.168.2.8
62-
pdnsutil add-record ftl. regex-notA A 192.168.2.9
63-
pdnsutil add-record ftl. any A 192.168.3.1
46+
pdnsutil rrset add ftl. a.ftl. A 192.168.1.1
47+
pdnsutil rrset add ftl. gravity.ftl. A 192.168.1.2
48+
pdnsutil rrset add ftl. denied.ftl. A 192.168.1.3
49+
pdnsutil rrset add ftl. allowed.ftl. A 192.168.1.4
50+
pdnsutil rrset add ftl. gravity-allowed.ftl. A 192.168.1.5
51+
pdnsutil rrset add ftl. antigravity.ftl. A 192.168.1.6
52+
pdnsutil rrset add ftl. x.y.z.abp.antigravity.ftl. A 192.168.1.7
53+
pdnsutil rrset add ftl. regex1.ftl. A 192.168.2.1
54+
pdnsutil rrset add ftl. regex2.ftl. A 192.168.2.2
55+
pdnsutil rrset add ftl. regex5.ftl. A 192.168.2.3
56+
pdnsutil rrset add ftl. regexA.ftl. A 192.168.2.4
57+
pdnsutil rrset add ftl. regex-REPLYv4.ftl. A 192.168.2.5
58+
pdnsutil rrset add ftl. regex-REPLYv6.ftl. A 192.168.2.6
59+
pdnsutil rrset add ftl. regex-REPLYv46.ftl. A 192.168.2.7
60+
pdnsutil rrset add ftl. regex-A.ftl. A 192.168.2.8
61+
pdnsutil rrset add ftl. regex-notA.ftl. A 192.168.2.9
62+
pdnsutil rrset add ftl. any.ftl. A 192.168.3.1
6463

6564
# Create AAAA records
66-
pdnsutil add-record ftl. aaaa AAAA fe80::1c01
67-
pdnsutil add-record ftl. regex-REPLYv4 AAAA fe80::2c01
68-
pdnsutil add-record ftl. regex-REPLYv6 AAAA fe80::2c02
69-
pdnsutil add-record ftl. regex-REPLYv46 AAAA fe80::2c03
70-
pdnsutil add-record ftl. any AAAA fe80::3c01
71-
pdnsutil add-record ftl. gravity-aaaa AAAA fe80::4c01
65+
pdnsutil rrset add ftl. aaaa.ftl. AAAA fe80::1c01
66+
pdnsutil rrset add ftl. regex-REPLYv4.ftl. AAAA fe80::2c01
67+
pdnsutil rrset add ftl. regex-REPLYv6.ftl. AAAA fe80::2c02
68+
pdnsutil rrset add ftl. regex-REPLYv46.ftl. AAAA fe80::2c03
69+
pdnsutil rrset add ftl. any.ftl. AAAA fe80::3c01
70+
pdnsutil rrset add ftl. gravity-aaaa.ftl. AAAA fe80::4c01
7271

7372
# Create CNAME records
74-
pdnsutil add-record ftl. cname-1 CNAME gravity.ftl
75-
pdnsutil add-record ftl. cname-2 CNAME cname-1.ftl
76-
pdnsutil add-record ftl. cname-3 CNAME cname-2.ftl
77-
pdnsutil add-record ftl. cname-4 CNAME cname-3.ftl
78-
pdnsutil add-record ftl. cname-5 CNAME cname-4.ftl
79-
pdnsutil add-record ftl. cname-6 CNAME cname-5.ftl
80-
pdnsutil add-record ftl. cname-7 CNAME cname-6.ftl
81-
pdnsutil add-record ftl. cname-ok CNAME a.ftl
73+
pdnsutil rrset add ftl. cname-1.ftl. CNAME gravity.ftl.
74+
pdnsutil rrset add ftl. cname-2.ftl. CNAME cname-1.ftl.
75+
pdnsutil rrset add ftl. cname-3.ftl. CNAME cname-2.ftl.
76+
pdnsutil rrset add ftl. cname-4.ftl. CNAME cname-3.ftl.
77+
pdnsutil rrset add ftl. cname-5.ftl. CNAME cname-4.ftl.
78+
pdnsutil rrset add ftl. cname-6.ftl. CNAME cname-5.ftl.
79+
pdnsutil rrset add ftl. cname-7.ftl. CNAME cname-6.ftl.
80+
pdnsutil rrset add ftl. cname-ok.ftl. CNAME a.ftl.
8281

8382
# Create CNAME for SOA test domain
84-
pdnsutil add-record ftl. soa CNAME ftl
83+
pdnsutil rrset add ftl. soa.ftl. CNAME ftl.
8584

8685
# Create CNAME for NODATA tests
87-
pdnsutil add-record ftl. aaaa-cname CNAME gravity-aaaa.ftl
88-
pdnsutil add-record ftl. a-cname CNAME gravity.ftl
86+
pdnsutil rrset add ftl. aaaa-cname.ftl. CNAME gravity-aaaa.ftl.
87+
pdnsutil rrset add ftl. a-cname.ftl. CNAME gravity.ftl.
8988

9089
# Create PTR records
91-
pdnsutil add-record ftl. ptr PTR ptr.ftl.
90+
pdnsutil rrset add ftl. ptr.ftl. PTR ptr.ftl.
9291

9392
# Other testing records
94-
pdnsutil add-record ftl. srv SRV "0 1 80 a.ftl"
95-
pdnsutil add-record ftl. txt TXT "\"Some example text\""
93+
pdnsutil rrset add ftl. srv.ftl. SRV "0 1 80 a.ftl"
94+
pdnsutil rrset add ftl. txt.ftl. TXT "\"Some example text\""
9695
# We want this to output $1 without expansion
9796
# shellcheck disable=SC2016
98-
pdnsutil add-record ftl. naptr NAPTR '10 10 "u" "smtp+E2U" "!.*([^\.]+[^\.]+)$!mailto:postmaster@$1!i" .'
99-
pdnsutil add-record ftl. naptr NAPTR '20 10 "s" "http+N2L+N2C+N2R" "" ftl.'
100-
pdnsutil add-record ftl. mx MX "50 ns1.ftl."
97+
pdnsutil rrset add ftl. naptr.ftl. NAPTR '10 10 "u" "smtp+E2U" "!.*([^\.]+[^\.]+)$!mailto:postmaster@$1!i" .'
98+
pdnsutil rrset add ftl. naptr.ftl. NAPTR '20 10 "s" "http+N2L+N2C+N2R" "" ftl.'
99+
pdnsutil rrset add ftl. mx.ftl. MX "50 ns1.ftl."
101100

102101
# SVCB + HTTPS
103-
pdnsutil add-record ftl. svcb SVCB '1 port="80"'
104-
pdnsutil add-record ftl. regex-multiple SVCB '1 port="80"'
105-
pdnsutil add-record ftl. regex-notMultiple SVCB '1 port="80"'
102+
pdnsutil rrset add ftl. svcb.ftl. SVCB '1 port="80"'
103+
pdnsutil rrset add ftl. regex-multiple.ftl. SVCB '1 port="80"'
104+
pdnsutil rrset add ftl. regex-notMultiple.ftl. SVCB '1 port="80"'
106105

107106
# HTTPS
108-
pdnsutil add-record ftl. https HTTPS '1 . alpn="h3,h2"'
109-
pdnsutil add-record ftl. regex-multiple HTTPS '1 . alpn="h3,h2"'
110-
pdnsutil add-record ftl. regex-notMultiple HTTPS '1 . alpn="h3,h2"'
107+
pdnsutil rrset add ftl. https.ftl. HTTPS '1 . alpn="h3,h2"'
108+
pdnsutil rrset add ftl. regex-multiple.ftl. HTTPS '1 . alpn="h3,h2"'
109+
pdnsutil rrset add ftl. regex-notMultiple.ftl. HTTPS '1 . alpn="h3,h2"'
111110

112111
# ANY
113-
pdnsutil add-record ftl. regex-multiple A 192.168.3.12
114-
pdnsutil add-record ftl. regex-multiple AAAA fe80::3f41
115-
pdnsutil add-record ftl. regex-notMultiple A 192.168.3.12
116-
pdnsutil add-record ftl. regex-notMultiple AAAA fe80::3f41
112+
pdnsutil rrset add ftl. regex-multiple.ftl. A 192.168.3.12
113+
pdnsutil rrset add ftl. regex-multiple.ftl. AAAA fe80::3f41
114+
pdnsutil rrset add ftl. regex-notMultiple.ftl. A 192.168.3.12
115+
pdnsutil rrset add ftl. regex-notMultiple.ftl. AAAA fe80::3f41
117116

118117
# TXT
119-
pdnsutil add-record ftl. any TXT "\"Some example text\""
118+
pdnsutil rrset add ftl. any.ftl. TXT "\"Some example text\""
120119

121-
# NOERROR
122-
pdnsutil add-record ftl. noerror A
120+
# NOERROR: Create a record that returns NOERROR but no data
121+
pdnsutil rrset add ftl. noerror.ftl. NS ns1.ftl.
123122

124123
# Blocked Cisco Umbrella IP (https://support.opendns.com/hc/en-us/articles/227986927-What-are-the-Cisco-Umbrella-Block-Page-IP-Addresses)
125-
pdnsutil add-record ftl. umbrella A 146.112.61.104
126-
pdnsutil add-record ftl. umbrella AAAA ::ffff:146.112.61.104
124+
pdnsutil rrset add ftl. umbrella.ftl. A 146.112.61.104
125+
pdnsutil rrset add ftl. umbrella.ftl. AAAA ::ffff:9270:3d68 #::ffff:146.112.61.104
127126

128127
# Special record which consists of both blocked and non-blocked IP
129-
pdnsutil add-record ftl. umbrella-multi A 1.2.3.4
130-
pdnsutil add-record ftl. umbrella-multi A 146.112.61.104
131-
pdnsutil add-record ftl. umbrella-multi A 8.8.8.8
128+
pdnsutil rrset add ftl. umbrella-multi.ftl. A 1.2.3.4
129+
pdnsutil rrset add ftl. umbrella-multi.ftl. A 146.112.61.104
130+
pdnsutil rrset add ftl. umbrella-multi.ftl. A 8.8.8.8
132131

133132
# Null address
134-
pdnsutil add-record ftl. null A 0.0.0.0
135-
pdnsutil add-record ftl. null AAAA ::
133+
pdnsutil rrset add ftl. null.ftl. A 0.0.0.0
134+
pdnsutil rrset add ftl. null.ftl. AAAA ::
136135

137136
# Create valid internal DNSSEC zone
138-
pdnsutil create-zone dnssec ns1.ftl
139-
pdnsutil add-record dnssec. a A 192.168.4.1
140-
pdnsutil add-record dnssec. aaaa AAAA fe80::4c01
141-
pdnsutil secure-zone dnssec
137+
pdnsutil zone create dnssec ns1.ftl
138+
pdnsutil rrset add dnssec. a.dnssec. A 192.168.4.1
139+
pdnsutil rrset add dnssec. aaaa.dnssec. AAAA fe80::4c01
140+
pdnsutil zone secure dnssec
142141
# Export zone DS records and convert to dnsmasq trust-anchor format
143142
# Example:
144143
# dnssec. IN DS 42206 8 2 6d2007e292483fa061db37011676d9592649d1600e5b2ece1326f792ebedd412 ; ( SHA256 digest )
145144
# --->
146145
# trust-anchor=dnssec.,42206,8,2,6d2007e292483fa061db37011676d9592649d1600e5b2ece1326f792ebedd412
147-
pdnsutil export-zone-ds dnssec. | head -n1 | awk '{FS=" "; OFS=""; print "trust-anchor=",$1,",",$4,",",$5,",",$6,",",$7}' > /etc/dnsmasq.d/02-trust-anchor.conf
146+
pdnsutil zone export-ds dnssec. | head -n1 | awk '{FS=" "; OFS=""; print "trust-anchor=",$1,",",$4,",",$5,",",$6,",",$7}' > /etc/dnsmasq.d/02-trust-anchor.conf
148147

149148
# Create intentionally broken DNSSEC (BOGUS) zone
150149
# The only difference to above is that this zone is signed with a key that is
151150
# not in the trust chain
152151
# It will cause the DNSSEC validation to fail with error message:
153152
# unsupported DS digest
154-
pdnsutil create-zone bogus ns1.ftl
155-
pdnsutil add-record bogus. a A 192.168.5.1
156-
pdnsutil add-record bogus. aaaa AAAA fe80::5c01
157-
pdnsutil secure-zone bogus
153+
pdnsutil zone create bogus ns1.ftl
154+
pdnsutil rrset add bogus. a.bogus. A 192.168.5.1
155+
pdnsutil rrset add bogus. aaaa.bogus. AAAA fe80::5c01
156+
pdnsutil zone secure bogus
158157

159158
# Create reverse lookup zone
160-
pdnsutil create-zone arpa ns1.ftl
161-
pdnsutil add-record arpa. 1.1.168.192.in-addr PTR ftl.
162-
pdnsutil add-record arpa. 2.1.168.192.in-addr PTR a.ftl.
163-
pdnsutil add-record arpa. 1.0.c.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6 PTR ftl.
164-
pdnsutil add-record arpa. 2.0.c.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6 PTR aaaa.ftl.
159+
pdnsutil zone create arpa ns1.ftl
160+
pdnsutil rrset add arpa. 1.1.168.192.in-addr.arpa. PTR ftl.
161+
pdnsutil rrset add arpa. 2.1.168.192.in-addr.arpa. PTR a.ftl.
162+
pdnsutil rrset add arpa. 1.0.c.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. PTR ftl.
163+
pdnsutil rrset add arpa. 2.0.c.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. PTR aaaa.ftl.
165164

166165
# Calculates the ‘ordername’ and ‘auth’ fields for all zones so they comply with
167166
# DNSSEC settings. Can be used to fix up migrated data. Can always safely be
168167
# run, it does no harm.
169-
pdnsutil rectify-all-zones
168+
pdnsutil zone rectify-all
170169

171170
# Do final checking
172-
pdnsutil check-zone ftl
173-
pdnsutil check-zone arpa
171+
pdnsutil zone check ftl
172+
pdnsutil zone check arpa
174173

175-
pdnsutil list-all-zones
174+
pdnsutil zone list-all
176175

177176
echo "********* Done installing PowerDNS configuration **********"
178177

0 commit comments

Comments
 (0)