The DNSQuestion (dq) object¶
A DNSQuestion or dq object is available in several hooks and Lua actions.
This object contains details about the current state of the question.
This state can be modified from the various hooks.
-
class
DNSQuestion¶ The DNSQuestion object has several attributes, many of them read-only:
-
dh¶ The DNSHeader (dh) object of this query.
-
ecsOverride¶ Whether an existing ECS value should be overridden, settable.
-
ecsPrefixLength¶ The ECS prefix length to use, settable.
-
len¶ The length of the data starting at
DNSQuestion.dh, including any trailing bytes following the DNS message.
-
localaddr¶ ComboAddress of the local bind this question was received on.
-
qtype¶ QType (as an unsigned integer) of this question. Can be compared against the pre-defined constants like
DNSQType.A, DNSQType.AAAA``.
-
remoteaddr¶ ComboAddress of the remote client.
-
size¶ The total size of the buffer starting at
DNSQuestion.dh.
-
skipCache¶ Whether to skip cache lookup / storing the answer for this question, settable.
-
tcp¶ Whether the query was received over TCP.
-
useECS¶ Whether to send ECS to the backend, settable.
It also supports the following methods:
-
:getDO() → bool¶ New in version 1.2.0.
Get the value of the DNSSEC OK bit.
Returns: true if the DO bit was set, false otherwise
-
:getEDNSOptions() → table¶ New in version 1.3.3.
Return the list of EDNS Options, if any.
Returns: A table of EDNSOptionView objects, indexed on the ECS Option code
-
:getHTTPHeaders() → table¶ New in version 1.4.0.
Return the HTTP headers for a DoH query, as a table whose keys are the header names and values the header values.
Returns: A table of HTTP headers
-
:getHTTPHost() → string¶ New in version 1.4.0.
Return the HTTP Host for a DoH query, which may or may not contain the port.
Returns: The host of the DoH query
-
:getHTTPPath() → string¶ New in version 1.4.0.
Return the HTTP path for a DoH query.
Returns: The path part of the DoH query URI
-
:getHTTPQueryString() → string¶ New in version 1.4.0.
Return the HTTP query string for a DoH query.
Returns: The query string part of the DoH query URI
-
:getHTTPScheme() → string¶ New in version 1.4.0.
Return the HTTP scheme for a DoH query.
Returns: The scheme of the DoH query, for example ‘’http’’ or ‘’https’’
-
:getServerNameIndication() → string¶ New in version 1.4.0.
Return the TLS Server Name Indication (SNI) value sent by the client over DoT or DoH, if any. See
SNIRule()for more information, especially about the availability of SNI over DoH.Returns: A string containing the TLS SNI value, if any
-
:getTag(key) → string¶ New in version 1.2.0.
Get the value of a tag stored into the DNSQuestion object.
Parameters: key (string) – The tag’s key Returns: The tag’s value if it was set, an empty string otherwise
-
:getTagArray() → table¶ New in version 1.2.0.
Get all the tags stored into the DNSQuestion object.
Returns: A table of tags, using strings as keys and values
-
:getTrailingData() → string¶ New in version 1.4.0.
Get all data following the DNS message.
Returns: The trailing data as a null-safe string
-
:sendTrap(reason)¶ New in version 1.2.0.
Send an SNMP trap.
Parameters: reason (string) – An optional string describing the reason why this trap was sent
-
:setHTTPResponse(status, body, contentType="")¶ New in version 1.4.0.
Set the HTTP status code and content to immediately send back to the client. For HTTP redirects (3xx), the string supplied in ‘’body’’ should be the URL to redirect to. For 200 responses, the value of the content type header can be specified via the ‘’contentType’’ parameter. In order for the response to be sent, the QR bit should be set before returning and the function should return Action.HeaderModify.
Parameters: - status (int) – The HTTP status code to return
- body (string) – The body of the HTTP response, or a URL if the status code is a redirect (3xx)
- contentType (string) – The HTTP Content-Type header to return for a 200 response, ignored otherwise. Default is ‘’application/dns-message’’.
-
:setTag(key, value)¶ New in version 1.2.0.
Set a tag into the DNSQuestion object.
Parameters: - key (string) – The tag’s key
- value (string) – The tag’s value
-
:setTagArray(tags)¶ New in version 1.2.0.
Set an array of tags into the DNSQuestion object.
Parameters: tags (table) – A table of tags, using strings as keys and values
-
:setTrailingData(tail) → bool¶ New in version 1.4.0.
Set the data following the DNS message, overwriting anything already present.
Parameters: tail (string) – The new data Returns: true if the operation succeeded, false otherwise
-
DNSResponse object¶
-
class
DNSResponse¶ This object has all the functions and members of a DNSQuestion and some more
-
:editTTLs(func)¶ The function
funcis invoked for every entry in the answer, authority and additional section.funcpoints to a function with the following prototype:myFunc(section, qclass, qtype, ttl)All parameters to
funcare integers:sectionis the section in the packet and can be compared to DNS Packet Sectionsqclassis the QClass of the record. Can be compared to DNSClassqtypeis the QType of the record. Can be e.g. compared toDNSQType.A,DNSQType.AAAAconstants and the like.ttlis the current TTL
This function must return an integer with the new TTL. Setting this TTL to 0 to leaves it unchanged
Parameters: func (string) – The function to call to edit TTLs.
-
DNSHeader (dh) object¶
-
class
DNSHeader¶ This object holds a representation of a DNS packet’s header.
-
:getRD() → bool¶ Get recursion desired flag.
-
:setRD(rd)¶ Set recursion desired flag.
Parameters: rd (bool) – State of the RD flag
-
:setTC(tc)¶ Set truncation flag (TC).
Parameters: tc (bool) – State of the TC flag
-
:setQR(qr)¶ Set Query/Response flag. Setting QR to true means “This is an answer packet”.
Parameters: qr (bool) – State of the QR flag
-
:getCD() → bool¶ Get checking disabled flag.
-
:setCD(cd)¶ Set checking disabled flag.
Parameters: cd (bool) – State of the CD flag
-