1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
.. SPDX-License-Identifier: GPL-3.0-or-later
.. _mod-renumber:
IP address renumbering
======================
The module renumbers addresses in answers to different address space.
e.g. you can redirect malicious addresses to a blackhole, or use private address ranges
in local zones, that will be remapped to real addresses by the resolver.
.. warning:: While requests are still validated using DNSSEC, the signatures
are stripped from final answer. The reason is that the address synthesis
breaks signatures. You can see whether an answer was valid or not based on
the AD flag.
Example configuration
---------------------
.. code-block:: lua
modules = {
renumber = {
-- Source subnet, destination subnet
{'10.10.10.0/24', '192.168.1.0'},
-- Remap /16 block to localhost address range
{'166.66.0.0/16', '127.0.0.0'},
-- Remap /26 subnet (64 ip addresses)
{'166.55.77.128/26', '127.0.0.192'},
-- Remap a /32 block to a single address
{'2001:db8::/32', '::1!'},
}
}
.. TODO: renumber.name() hangs in vacuum, kind of. No occurrences in code or docs, and probably bad UX.
|
