vADC Docs

HowTo: Respond directly to DNS requests using libDNS.rts

by on ‎04-10-2013 08:21 AM - edited on ‎05-13-2016 05:40 AM by PaulWallace (1,413 Views)

 This article uses the libDNS.rts trafficscript library as described in libDNS.rts: Interrogating and managing DNS traffic in Stingray.

 

In this example, we intercept DNS requests. If the client is seeking to resolve www.site.com and they are based in the UK, then we respond directly with a CNAME response, directing them to resolve www.site.co.uk instead.

 

Request rule

 

import libDNS.rts as dns;

$request = request.get();

$packet = dns.convertRawDataToObject($request, "udp");

# Ignore unparsable packets and query responses to avoid

# attacks like the one described in CVE-2004-0789.

if( hash.count( $packet ) == 0 || $packet["qr"] == "1" ) {

   break;

}

$host = dns.getQuestion( $packet )["host"];

$country = geo.getCountry( request.getRemoteIP() );


if( $host == "www.site.com." && $country == "GB" ) {


   $packet = dns.addResponse($packet, "answer",

      "www.site.com", "www.site.co.uk.", "CNAME", "IN", "60", []);

   $packet["qr"] = 1;


   request.sendResponse( dns.convertObjectToRawData($packet, "udp"));

}
Contributors