Skip to content

5 : Supported Records and how they are processed

Jump to bottom
Chris Buijs edited this page Jan 12, 2018 · 11 revisions

Queries:

  • All record-types.
  • Matching is done against the NAME field (query name).
  • Returns redirected address (if used) for A, CNAME, MX, NS, PTR, SRV and ANY.
    • AAAA is not supported for redirection yet, will result in a REFUSED when matched against blacklist.
    • For CNAME, MX, NS, PTR and SRV returns a canonical name which is fabricated/generated (dns-firewall.redirected), pointing to a fabricated/generated A record (with redirected address).
    • returns REFUSED for any other type not supported when matching blacklist.
  • If TXT record, it will return "BLOCKED BY DNS-FIREWALL" as response if matched to blacklist.

Responses:

  • Same process as for Queries, but also includes matching of IP-Addresses in responses coming back.
    • Returns redirected/fabricated/generated responses as in the query process.
  • Matching is done against the DATA field (target name). It will take into consideration the IP-addresses and domain-name only and skips any other values (as in MX, SOA and SRV records).
  • All other record-types are ignored and not processed (e.g. normal DNS resolution process will happen). Normally these are (or can be) catched during the query process if needed.

Clone this wiki locally