Skip to content

Instantly share code, notes, and snippets.

View ahupowerdns's full-sized avatar

bert hubert ahupowerdns

418 followers · 0 following
View GitHub Profile
@ahupowerdns
ahupowerdns / pdnsutil-rrsig.md
Created January 24, 2016 15:04 
$ pdnsutil create-zone ds9a.nl ns1.powerdns.com
Creating empty zone 'ds9a.nl.'
Also adding one NS record

$ pdnsutil add-record ds9a.nl @ A 1.2.3.4
$ pdnsutil add-record ds9a.nl "*" CNAME ds9a.nl
$ pdnsutil list-zone ds9a.nl
*.ds9a.nl.      3600    IN      CNAME   ds9a.nl.
ds9a.nl.        3600    IN      A       1.2.3.4
@ahupowerdns
ahupowerdns / addmac-dnsdist.conf
Last active January 27, 2016 10:28
addLocal("0.0.0.0")
newServer("192.168.5.123:5300")
addAction(AllRule(), MacAddrAction(65001))
-- using LuaAction, the MAC address could be hashed or truncated, for increased privacy
@ahupowerdns
ahupowerdns / macfilter.lua
Last active January 27, 2016 10:43
filter={}
filter["192.168.5.24"]={["b8:27:eb:0c:88:27"]=1, ["00:0d:b9:36:6f:79"]= 1}
filter["10.0.0.1"]={["06:31:25:7a:84:6b"]=1}
-- note that the filtering could be more than binary, but specify lots of categories
-- see https://i.imgur.com/wGwNHl7.png for inspiration
baddomains=newDS()
baddomains:add("xxx")
@ahupowerdns
ahupowerdns / macfilter-2.lua
Last active November 11, 2016 19:34
-- load this and the previous snippet as 'lua-dns-script=macfilter.lua'
function macPrint(a)
return string.format("%02x:%02x:%02x:%02x:%02x:%02x", a:byte(1), a:byte(2), a:byte(3), a:byte(4), a:byte(5), a:byte(6))
end
function preresolve(dq)
print("Got question for "..dq.qname:toString().." from "..dq.remoteaddr:toString().." to "..dq.localaddr:toString())
local a=dq:getEDNSOption(65001)
if(a ~= nil) then
@ahupowerdns
ahupowerdns / try-it-out
Last active January 27, 2016 10:50
pi@raspberrypi ~ $ /sbin/ifconfig eth0 | head -1
eth0 Link encap:Ethernet HWaddr b8:27:eb:0c:88:27
pi@raspberrypi ~ $ dig www.ds9a.xxx @192.168.5.24 +short
blockingserver.powerdns.com.
ahu@ahucer:~$ /sbin/ifconfig eth0 | head -1
eth0 Link encap:Ethernet HWaddr 90:fb:e9:3b:61:dc
ahu@ahucer:~$ dig www.ds9a.xxx @192.168.5.24
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10412
@ahupowerdns
ahupowerdns / master-pdns-conf
Last active January 29, 2016 20:51
local-address=0.0.0.0
launch=gsqlite3
gsqlite3-database=/etc/powerdns/powerdns.sqlite3
master
daemon
guardian
@ahupowerdns
ahupowerdns / populate-sqlite3
Created January 29, 2016 20:45
# sqlite3 /etc/powerdns/powerdns.sqlite3 < /usr/share/doc/pdns-backend-sqlite3/schema.sqlite3.sql
@ahupowerdns
ahupowerdns / create-zone-example
Created January 29, 2016 21:00
# pdnsutil create-zone example.com ns1.example.com
Creating empty zone 'example.com.'
Also adding one NS record
# pdnsutil add-record example.com ns1 A 192.168.1.2
New rrset:
ns1.example.com. IN A 3600 192.168.1.2
# pdnsutil list-zone example.com
example.com. 3600 IN NS ns1.example.com.
example.com. 3600 IN SOA ns1.example.com hostmaster.example.com 1 10800 3600 604800 3600
@ahupowerdns
ahupowerdns / powerdns-slave-startup
Last active January 30, 2016 12:16
Jan 29 22:35:45 1 slave domain needs checking, 0 queued for AXFR
Jan 29 22:35:45 Received serial number updates for 1 zones, had 0 timeouts
Jan 29 22:35:45 Domain 'example.com.' is stale, master serial 1, our serial 0
Jan 29 22:35:45 Initiating transfer of 'example.com.' from remote '192.168.1.2:53'
Jan 29 22:35:45 AXFR started for 'example.com.'
Jan 29 22:35:45 Transaction started for 'example.com.'
Jan 29 22:35:45 AXFR done for 'example.com.', zone committed with serial number 1
@ahupowerdns
ahupowerdns / show-zone
Created February 2, 2016 09:42
# pdnsutil show-zone example.com
This is a Master zone
Last SOA serial number we notified: 0 != 1 (serial in the database)
Zone is not actively secured
Metadata items:
ALLOW-AXFR-FROM AUTO-NS
No keys for zone 'example.com.'.