This article uses the libDNS.rts trafficscript library as described in libDNS.rts: Interrogating and managing DNS traffic in Stingray.
In this example, we intercept DNS requests. If the client is seeking to resolve www.site.com and they are based in the UK, then we respond directly with a CNAME response, directing them to resolve www.site.co.uk instead.
Request rule
import libDNS.rts as dns;
$request = request.get();
$packet = dns.convertRawDataToObject($request, "udp");
# Ignore unparsable packets and query responses to avoid
# attacks like the one described in CVE-2004-0789.
if( hash.count( $packet ) == 0 || $packet["qr"] == "1" ) {
break;
}
$host = dns.getQuestion( $packet )["host"];
$country = geo.getCountry( request.getRemoteIP() );
if( $host == "www.site.com." && $country == "GB" ) {
$packet = dns.addResponse($packet, "answer",
"www.site.com", "www.site.co.uk.", "CNAME", "IN", "60", []);
$packet["qr"] = 1;
request.sendResponse( dns.convertObjectToRawData($packet, "udp"));
}
