Request filters - DNS

Request logger - DNS

This request filter simply logs the requests to the specified output, which can either be the standard log, using a specific logger name, or a file.

Parameters

None of the parameters are required. If none are specified, the logging will go to the standard log.

  • File name : if empty, then the logging will go to the standard log. If specified, the file will be created if necessary, and appended to.

  • Use timestamp in file name : if selected, and a file name is provided, then a timestamp will be added to the file name.

  • Logger name : if specified, the logging will be done using the specified logger.

  • Format: If specified, the format of the log entries. Available variables are $ts for the timestamp, $clientIp for the IP address of the client, $thread for the thread ID, and $message for the text of the log entry.

  • Question types:(comma-separated strings or regexes) If specified, only requests with at least one question with one of the specified types will be logged. Example: A,MX,PTR.

  • Question names (comma-separated strings or regexes) If specified, only requests with at least one question with one of the specified names will be logged. Example: foo.com,regex:.*\.bar\.com

  • Client IPs (comma-separated strings or regexes) If specified, only requests from the specified client(s) will be logged. Example: 12.34.56.78,0:0:0:0:0:0:0:1,regex:26:06:47:00.*

JavaScript request filter - DNS

This request filter passes the packet to your JavaScript code, which can do almost anything it wants to it. Keep in mind that the packet still needs to make sense to its destination!

Parameters

None of the parameters are required. If no parameters are specified, then this filter will be invoked for all request packets. You can specify a subset of the packets using the following parameters:

  • Question types : a comma-separated list of types, for instance A,MX,PTR. This filter will be invoked only for packets with at least one question with one of these types.

  • Question names : a comma-separated list of names, some of which can be regular expression if prefixed with regex: -- for instance: www.foo.com,regex:.+\.bar\.com (see the documentation on regular expressions for more details).If this is specified, then this filter will be invoked only for packets with at least one question matching one of these names or regular expressions.

  • Client IPs (comma-separated strings or regexes) If specified, only requests from the specified client(s) will be logged. Example: 12.34.56.78,0:0:0:0:0:0:0:1,regex:26:06:47:00.*

The JavaScript code can do whatever it wants to the packet -- see the API documentation for more details.

Address lookup filter - DNS

This request filter allows you to reject or respond to address requests of type A (IP4) and AAAA (IP6) without writing any code.

Parameters

All parameters are optional. If no parameters are specified, then the request will be responded to with an empty response.

  • Question types: the types of queries to respond to. Can be empty, or A, or AAAA, or A,AAAA. Empty means A,AAAA.

  • Question names : a comma-separated list of names, some of which can be regular expression if prefixed with regex: -- for instance: www.foo.com,regex:.+\.bar\.com (see the documentation on regular expressions for more details).If this is specified, then this filter will be invoked only for packets with at least one question matching one of these names or regular expressions.

  • Client IPs (comma-separated strings or regexes) If specified, only requests from the specified client(s) will be logged. Example: 12.34.56.78,0:0:0:0:0:0:0:1,regex:26:06:47:00.*

  • Skip packet : if selected, the packet is simply dropped and no response is sent.

  • Response code : if specified, the response code to send back to the client. Valid values are typically: 0=success, 1=format error, 2=server failure,3=domain does not exist, 4=not implemented, 5=refused. See the original RFC for details. If left blank, 0 will be returned.

  • Set authoritative : if selected, the response will be marked as authoritative.

  • Answer for IP4 : if requests of type A are enabled, then use that value as the answer. Must be a valid IP4 address if specified.

  • Answer for IP6 : if requests of type AAAA are enabled, then use that value as the answer. Must be a valid IP6 address if specified.

  • Time to live : if specified, the TTL for the answer. If unspecified, the default value is 3600 (one hour).