Hello list,
I'm trying to implement a DNS update policy script in PDNS Auth 4.1.1-1
(Ubuntu 18.04 LTS).
# Enable DNS update, allow updates from everywhere, but restrict
# changes via policy script
dnsupdate=yes
allow-dnsupdate-from=0.0.0.0/0,::/0
lua-dnsupdate-policy-script=/etc/powerdns/dnsupdate-policy.lua
A problem (?) arises, when accessing the TSIG key name:
function updatepolicy(input)
print(input:getTsigName())
return false
end
using an nsupdate without key:
$ nsupdate <<EOF
server 127.0.0.53 53
zone example.com
update add example.com 300 A 127.0.0.1
EOF
update failed: SERVFAIL
which will throw an exception:
UPDATE (37896) from 127.0.0.1 for example.com: Caught std:exception:
Exception thrown by a callback function called by Lua; Sending ServFail!
I expected getTsigName() to return either nil or an empty string, and
nsupdate to report REFUSED, not SERVFAIL.
Guarding the method call with pcall results in the same behaviour:
function getTsigKeyName(input)
input:getTsigKey()
end
function updatepolicy(input)
local ok, val = pcall(getTsigKeyName, input)
print(ok, val)
return false
end
Looking at the code [1], I'm not sure why accessing an already defined
[2] class member throws an exception (but I'm no C++ developer)...
Is this normal? How do I get a REFUSED when the TSIG key is missing?
Thanks,
Dominik
[1]: https://github.com/PowerDNS/pdns/blob/rec-4.1.1/pdns/lua-auth4.cc#L215
[2]: https://github.com/PowerDNS/pdns/blob/rec-4.1.1/pdns/lua-auth4.cc#L277
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
