[dnsdist] How to execute SpoofAction in LuaResponseAction

[KagurazakaNyaa]

Now I try to add a tag to dr in LuaResponseAction and use dr:restart() to re-trigger the query, but it doesn't seem to route the request correctly based on the tag.

config

local function readCloudflareFastIPs()
    local cloudflare_fast = ReadFile("/etc/dnsdist/data/cloudflare_fast.txt")
    return cloudflare_fast
end

function makeQueryRestartable(dq)
    -- make it possible to restart that query later
    -- by keeping a copy of the initial DNS payload around
    dq:setRestartable()
    return DNSAction.None
end
-- if response has cloudflare ip ,tag it and restart
local function tagResponseCloudflare(dr)
    if dr.pool == 'local' then
        return DNSResponseAction.None
    end
    local packet = dr:getContent()
    if string.len(packet) == 0 then
        return DNSResponseAction.Drop
    end
    local overlay = newDNSPacketOverlay(packet)
    local count = overlay:getRecordsCountInSection(DNSSection.Answer)
    for i = 0, count - 1 do
        local record = overlay:getRecord(i)
        local parser = parsers[recordTypes[record.type]]
        if parser then
            local ca = parser(packet, record.contentOffset + 1, record.contentLength)
            if cloudflare_netmask_group:match(ca) then
                print("cloudflare IP: " .. ca:tostring() .. ", need replace")
                dr:setTag("cloudflare_fast", "need_replace")
                dr:restart()
                print("dropping resp")
                return DNSResponseAction.Drop
            end
        end
    end
    return DNSResponseAction.None
end

local cloudflare_fast_bypass = SetTagAction("cloudflare_fast", "bypass")
local cloudflare_fast_replace = TagRule("cloudflare_fast", "need_replace")
local fast_cloudflare_action = SpoofAction(readCloudflareFastIPs())
local cloudflare_fast_qtype = OrRule({ QTypeRule(DNSQType.A), QTypeRule(DNSQType.AAAA) })
local cloudflare_fast_not_optimized = NotRule(TagRule("cloudflare_fast"))
local cloudflare_fast_need_optimize = AndRule({ cloudflare_fast_not_optimized, cloudflare_fast_qtype })

-- if dq is set cloudflare_fast, spoof
addAction(cloudflare_fast_replace, fast_cloudflare_action, { name = "cloudflare_fast_spoof" })

-- unmatch china domains and proxy domains request will use local pool first and proecss in response actions
addAction(AllRule(), LuaAction(makeQueryRestartable), { name = "make_query_restartable" })
addAction(AllRule(), PoolAction("local"), { name = "default_use_local" })

-- post process
addResponseAction(cloudflare_fast_need_optimize, LuaResponseAction(tagResponseCloudflare),
    { name = "tag_cloudflare_resp_fast" })

cloudflare_fast.txt

104.31.221.176
104.31.230.80
104.31.147.21
104.31.223.195
104.31.97.33

test

I tried to execute the request nslookup chat.waw-eve.com 127.0.0.1, and it returned

Server:		127.0.0.1
Address:	127.0.0.1#53


Non-authoritative answer:
Name:	chat.waw-eve.com
Address: 104.21.70.120
Name:	chat.waw-eve.com
Address: 172.67.223.100
Name:	chat.waw-eve.com
Address: 2606:4700:3030::ac43:df64
Name:	chat.waw-eve.com
Address: 2606:4700:3030::6815:4678

The log shows the following

cloudflare IP: 104.21.70.120, need replace
dropping resp
cloudflare IP: 2606:4700:3030::6815:4678, need replace

Therefore, it can be confirmed that the request is correctly routed to tagResponseCloudflare and dr:restart() is triggered.

However, the returned result is not replaced, and I see on the webui that addAction(cloudflare_fast_replace, fast_cloudflare_action, { name = "cloudflare_fast_spoof" }) is not triggered

[rgacogne]

What is happening is that you seem to expect the "query" rules (the ones added via addAction) to be executed for a restarted query, which is not the case because most of the time it is not what the user wants. Cache miss rules are executed, if that helps.
I'm not sure I understand what your actual needs are, and I cannot really test the configuration you shared here anyway because some parts are missing (ReadFile, parsers at least).

[rgacogne]

In the meantime, one option might be to add a packet cache to your pool, and call SpoofAction from the "cache-miss" chain (so added via addCacheMissAction, not that this requires running a master build of dnsdist since this directive/rules chain was added after 1.9.x). I did not test it but in theory it should work.

[KagurazakaNyaa]

In the meantime, one option might be to add a packet cache to your pool, and call SpoofAction from the "cache-miss" chain (so added via addCacheMissAction, not that this requires running a master build of dnsdist since this directive/rules chain was added after 1.9.x). I did not test it but in theory it should work.

It can be noted from the document that the Action type of addCacheMissAction is DNSDistRuleAction instead of DNSDistResponseRuleAction, so the matching Action type is DNSAction instead of DNSResponseAction. The parameter passed in to this Action seems to be dq instead of dr, so the returned content cannot be parsed correctly.
Maybe I should insert the rules into addCacheHitResponseAction or addCacheInsertedResponseAction?

[rgacogne]

The rules chain related to addCacheMissAction is a question rules chain, not a a response one, yes. That's the whole point since you want to get a DNSQuestion object to be able to use DNSQuestion:spoof() from a custom Lua rule, or SpoofAction. If you try to use a response rules chain you will gain nothing compared to addResponseAction.

[rgacogne]

So, what I'm suggesting is:

• do the parsing in a response rule chain, like you are doing today. Restart your query after setting a tag like you are currently doing, ensuring there is a packet cache associated to the pool you are routing the restarted query to ;
• intercept the restarted query via addCacheMissAction instead of addAction, matching the tag as needed, and there you can call SpoofAction.

[KagurazakaNyaa]

So, what I'm suggesting is:

* do the parsing in a response rule chain, like you are doing today. Restart your query after setting a tag like you are currently doing, ensuring there is a packet cache associated to the pool you are routing the restarted query to ;

* intercept the restarted query via `addCacheMissAction` instead of `addAction`, matching the tag as needed, and there you can call `SpoofAction`.

Tested on powerdns/dnsdist-master:latest, this method is effective