cancel
Showing results for 
Search instead for 
Did you mean: 

HowTo: Respond directly to DNS requests using libDNS.rts

 This article uses the libDNS.rts trafficscript library as described in libDNS.rts: Interrogating and managing DNS traffic in Stingray.

 

In this example, we intercept DNS requests. If the client is seeking to resolve www.site.com and they are based in the UK, then we respond directly with a CNAME response, directing them to resolve www.site.co.uk instead.

 

Request rule

 

import libDNS.rts as dns;

$request = request.get();

$packet = dns.convertRawDataToObject($request, "udp");

# Ignore unparsable packets and query responses to avoid

# attacks like the one described in CVE-2004-0789.

if( hash.count( $packet ) == 0 || $packet["qr"] == "1" ) {

   break;

}

$host = dns.getQuestion( $packet )["host"];

$country = geo.getCountry( request.getRemoteIP() );


if( $host == "www.site.com." && $country == "GB" ) {


   $packet = dns.addResponse($packet, "answer",

      "www.site.com", "www.site.co.uk.", "CNAME", "IN", "60", []);

   $packet["qr"] = 1;


   request.sendResponse( dns.convertObjectToRawData($packet, "udp"));

}
Version history
Revision #:
1 of 1
Last update:
‎04-10-2013 08:21:AM
Updated by:
 
Labels (1)