Содержание

DNS Response Substitution

Purpose

The DNS response substitution service allows changing the IP addresses returned by the DNS server for specific domain names. This allows influencing DNS server responses by overriding IP addresses in server replies for certain types of DNS queries specified in the service settings.
This service is effective for controlling client DNS queries and redirecting them to alternative IP addresses. It is particularly useful when you need to direct the user to a different resource than the one requested.

Service Operation Scheme

  1. The client makes a specific type of query to the DNS server (e.g., A record type).
  2. The DNS server returns a response (for A record type, this is an IPv4 address).
  3. DPI sees the query and checks if the substitution service is assigned to this client.
  4. If the service is assigned, DPI modifies the original DNS server response according to the specified rules in the service.
  5. DPI forwards the modified response to the client. The client does not notice the modification and considers the response legitimate.

Configuration

  1. Create a text file and add DNS substitution rules to it by specifying the domain name, DNS record type, and the IP address that will be returned in the response for that domain. Wildcard (*) for domains is supported.
    Supported DNS record types:
    • A — IPv4 address;
    • AAAA — IPv6 address.
      vi test.txt
google.com A 192.0.2.1
example.com AAAA 2001:db8:85a3::8a2e:370:7334
*.fb.com A 203.0.113.5
  2. Use the dns2dic utility to convert the text file into a binary format understandable by DPI:
    cat test.txt | dns2dic test.bin
  3. Place the resulting binary file in the directory from which DPI will read it:
    cp test.bin /var/lib/dpi/dns.bin
  4. Create a service profile:
    fdpi_ctrl load profile --service 19 --profile.name test_193 --profile.json '{ "dns_list" : "/var/lib/dpi/dns.bin" }'

Management

max_profiles_serv19 — setting for the maximum number of profiles. The default is 32.

Command format: 

fdpi_ctrl [command] --service 19 [options list] [login or vchannel]

Enabling the service: 

fdpi_ctrl load --service 19 --profile.name test_193 --login test 
#or
fdpi_ctrl load --service 19 --profile.name test_193 --vchannel 1

Disabling the service: 

fdpi_ctrl del --service 19 --profile.name test_193 --login test
#or
fdpi_ctrl del --service 19 --profile.name test_193 --vchannel 1