This article uses the libDNS.rts trafficscript library as described in libDNS.rts: Interrogating and managing DNS traffic in Stingray.
In this example, we inspect DNS requests. If the client is seeking to resolve www.site.*, we rewrite the request to resolve www.site.com instead before passing the DNS request on to the real DNS server.
We also need to patch up the DNS response to restore the correct value for the 'question'.
Request rule
import libDNS.rts as dns;
$data = request.get();
# Create a data structure holding the contents of the DNS request
$packet = dns.convertRawDataToObject( $data, "udp" );
# Get the Question section from the request
$question = dns.getQuestion( $packet );
$host = $question["host"];
if( string.wildmatch( $host, "www.site.*" ) && $host != "www.site.com" ) {
# We'll rewrite the question, We also need to store the original value so that we can restore it in the response
connection.data.set( "question", $question );
$packet = dns.setQuestion( $packet, "www.site.com", $question["type"], $question["class"] );
request.set( dns.convertObjectToRawData( $packet, "udp" ));
}
Response rule
import libDNS.rts as dns;
$question = connection.data.get( "question" );
if( !$question ) break; # We don't need to patch up the response
$data = response.get();
$packet = dns.convertRawDataToObject( $data, "udp" );
$packet = dns.setQuestion($packet, $question["host"], $question["type"], $question["class"] );
# Set the name of each Answer RR to what was asked for in the question
$i = 0;
while( $i < $packet["answercount"] ) {
$packet["answer"][$i++]["name"] = $question["host"];
}
# Convert the data structure back into raw data and set it as the response
response.set( dns.convertObjectToRawData( $packet, "udp" ));
