summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorLucas Christian <lucas@lucasec.com>2020-10-05 14:35:17 -0500
committerLucas Christian <lucas@lucasec.com>2020-10-06 11:14:31 -0500
commite9cac63933ae9ddbb13a64406cff77640ab901dc (patch)
treef9fb72642db37ebdd685921fa9fef1daee99aca1 /src
parent5accf7227858cde303e0c49f8c36408ef4c5fb93 (diff)
downloadvyos-1x-e9cac63933ae9ddbb13a64406cff77640ab901dc.tar.gz
vyos-1x-e9cac63933ae9ddbb13a64406cff77640ab901dc.zip
pdns_recursor: T2964: Expose query-local-address to dns config.
In certain split DNS configurations, there is a need for more fine-grained control over the local address DNS forwarding uses to issue queries. The current pdns_recursor configuration allows the recursor to send queries from any available address on the interface the OS selects for the query, with no option to limit queries to a particular address or set of addresses. This commit exposes the `query-local-address` option in `recursor.conf` to users via the `service` `dns` `forwarding` `source-address` config node. If the parameter is unspecified, the default value of 0.0.0.0 (any IPv4 address) and :: (any IPv6 address) are used to match current behavior. Users who want more control can specify one or more IPv4 and IPv6 addresses to issue queries from. Per pdns_recursor docs, the recursor will load balance queries between any available addresses in the pools. Since IPv4 and IPv6 are different pools, note that specifying only one type of address will disable issuing queries for the other address family.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/dns_forwarding.py16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/conf_mode/dns_forwarding.py b/src/conf_mode/dns_forwarding.py
index 5101c1e79..2187b3c73 100755
--- a/src/conf_mode/dns_forwarding.py
+++ b/src/conf_mode/dns_forwarding.py
@@ -26,6 +26,7 @@ from vyos.util import chown
from vyos.util import vyos_dict_search
from vyos.template import render
from vyos.xml import defaults
+from vyos.validate import is_ipv6
from vyos import ConfigError
from vyos import airbag
@@ -65,6 +66,21 @@ def get_config(config=None):
if conf.exists(base_nameservers_dhcp):
dns.update({'system_name_server_dhcp': conf.return_values(base_nameservers_dhcp)})
+ # Split the source_address property into separate IPv4 and IPv6 lists
+ # NOTE: In future versions of pdns-recursor (> 4.4.0), this logic can be removed
+ # as both IPv4 and IPv6 addresses can be specified in a single setting.
+ source_address_v4 = []
+ source_address_v6 = []
+
+ for source_address in dns['source_address']:
+ if is_ipv6(source_address):
+ source_address_v6.append(source_address)
+ else:
+ source_address_v4.append(source_address)
+
+ dns.update({'source_address_v4': source_address_v4})
+ dns.update({'source_address_v6': source_address_v6})
+
return dns
def verify(dns):