0

I'm trying to make pnds-recursor resolve a host name to a different A record when the query comes from the internal network (as this will be routed through VPN then).

For that I've set up a LUA script which is implementing a preresolve function:

pdnslog("pdns-recursor Lua script starting!", pdns.loglevels.Warning)

function preresolve(dq)
    if dq.qtype == pdns.A
    then
        if dq.qname:equal("<host.to.resolve>")
        then
            dq.rcode=0 -- make it a normal answer
            netMask = newNMG()
            netMask:addMask("172.28.0.0/14")
            netMask:addMask("xxxx:xxx:5:f1:0:0:0:0/64")
            if netMask:match(dq.remoteaddr)
            then
                dq:addAnswer(pdns.A, "<internal IP>")
            else
                dq:addAnswer(pdns.A, "<public IP>")
            end
            return true
        end
  end
  return false
end

Now the weird thing: For some client which come from 192.168.23.x this works, for others, it returns the internal IP although the remote IP of the client is not within the ranges specified above.

Anyone has a clue why it is not working as expected?

Thanks

Dennis
  • 11
  • 2
  • I think I found the solution. It might be a caching problem, when internal clients request the IP, recursor will cache the result for some time. Maybe turning off the packet cache will help. I try, when it works, I'll confirm. – Dennis Mar 20 '20 at 08:22

1 Answers1

0

Ok, indeed the option

disable-packetcache=yes

in recursor.conf did the trick. Just in case someone else has a similar problem.

Dennis
  • 11
  • 2