fix reload.certs.snidust action/hook

Seji64 · Sep 22, 2024 · 60ec9fd · 60ec9fd
1 parent e2baeca
commit 60ec9fd
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/configs/dnsdist/conf.d/00-SniDust.conf b/configs/dnsdist/conf.d/00-SniDust.conf
@@ -6,6 +6,21 @@ function trim(s)
     return s:match "^%s*(.*%S)" or ""
 end
 
+function ReloadCerts(dq)
+    infolog("[INFO] [SniDust] Reloading certs...")
+
+    -- prevent the query from going upstream
+    dq.dh:setQR(true)
+
+    -- load
+    reloadAllCertificates()
+
+    infolog("[INFO] [SniDust] Certs reloaded!")
+
+    -- respond with a local address just in case
+    return DNSAction.Spoof, "127.0.0.7"
+end
+
 -- read all the domains in a set
 function LoadBlocklists(smn, folder)
     f = io.popen('/bin/ls ' .. folder .. '*.lst')

diff --git a/configs/dnsdist/dnsdist.conf.template b/configs/dnsdist/dnsdist.conf.template
@@ -69,12 +69,12 @@ echo "-- query reload.domainlist.snidust.local to reload Blocklist"
 echo "addAction(AndRule({QNameRule(\"reload.domainlist.snidust.local\"),QTypeRule(\"A\")}),LuaAction(ReloadBlocklist))"
 echo ""
 
-echo "-- queryreload.acl.snidust.local to reload Blocklist"
+echo "-- query reload.acl.snidust.local to reload Blocklist"
 echo "addAction(AndRule({QNameRule(\"reload.acl.snidust.local\"),QTypeRule(\"A\")}),LuaAction(ReloadACL))"
 echo ""
 
-echo "-- queryreload.certs.snidust.local to reload certificates used for DoT"
-echo "addAction(AndRule({QNameRule(\"reload.certs.snidust.local\"),QTypeRule(\"A\")}),reloadAllCertificates())"
+echo "-- query reload.certs.snidust.local to reload certificates used for DoT"
+echo "addAction(AndRule({QNameRule(\"reload.certs.snidust.local\"),QTypeRule(\"A\")}),LuaAction(ReloadCerts))"
 echo ""
 
 if [ "${SPOOF_ALL_DOMAINS}" == "true" ]; then