Support templates in static-responder

[folbricht]

Adds support for passing a regex that's applied to the question string and can then be used to customize the answers from a static-responder like so

[groups.static]
type   = "static-responder"
question = '^(\d+)-(\d+)-(\d+)-(\d+)\.rebind\.$'
answer = ["IN A $1.$2.$3.$4"]

[groups.static]
type      = "static-responder"
question  = '^(.+)\.$'
answer    = [ "IN A 0.0.0.0" ]
edns0-ede = { code = 15, text = "IP $1 is in the blocklist" }

Implements #366

[Anuskuss]

Full config

[resolvers.cloudflare]
protocol = "dot"
address  = "1.1.1.1"

[groups.rebind]
type     = "static-responder"
question = '^(\d+)-(\d+)-(\d+)-(\d+)\.rebind\.$'
answer   = ["IN A $1.$2.$3.$4"]

[groups.blocklist-resolver]
type      = "static-responder"
question  = '^(.+)\.$'
answer    = [ "IN A 0.0.0.0" ]
edns0-ede = { code = 15, text = "IP $1 is in the blocklist" }

[groups.blocklist]
type               = "response-blocklist-ip"
resolvers          = [ "cloudflare" ]
blocklist-resolver = "blocklist-resolver"
blocklist          = [ "93.184.216.34" ] # example.com

[routers.router]
routes = [
  { resolver = "rebind", name = '\.rebind\.$' },
  { resolver = "blocklist", name = '^example\.com\.$' },
  { resolver = "cloudflare" }
]

[listeners.udp]
protocol = "udp"
address  = ":5300"
resolver = "router"

[listeners.tcp]
protocol = "tcp"
address  = ":5300"
resolver = "router"

First part seems to work:

$ dig @127.0.0.1 -p5300 +noall +answer +comments 1-2-3-4.rebind
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15258
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; ANSWER SECTION:
1-2-3-4.rebind.		3600	IN	A	1.2.3.4

Second part is almost correct but doesn't work how I need it to:

$ dig @127.0.0.1 -p5300 +noall +answer +comments example.com   
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5193
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; EDE: 15 (Blocked): (IP example.com is in the blocklist)
;; ANSWER SECTION:
example.com.		3600	IN	A	0.0.0.0

The question should ideally be context-aware, meaning if the value came from a listener or e.g. blocklist-v2, the regex would parse the query name but since it came from response-blocklist-ip it should've been the IP address. Also since the IP doesn't end in a dot one can save some memory by just using $0 You'll still have to specify question though (maybe that restriction could be lifted in the future).

Edit: Actually now that I'm thinking about it, it should not strictly be the query name but rather the "reason" why the group got called, e.g. if blocklist-format = "regexp" and blocklist = [ '^.+\.example\.com\.$' ] then ideally it could return something like EDE: 15 (Blocked): (Blocked by "^.+\.example\.com"). I don't wanna feature creep this too much though but I definitely need at least the IP address.

[groups.blocklist-resolver-ip]
type      = "static-responder"
question  = '.+'
edns0-ede = { code = 15, text = "IP $0 is in the blocklist" }

[groups.blocklist-resolver-domain]
type      = "static-responder"
question  = '^(.+)\.$'
edns0-ede = { code = 15, text = "Domain $1 is in the blocklist" }

[groups.blocklist-ip]
type               = "response-blocklist-ip"
blocklist-resolver = "blocklist-resolver-ip"
blocklist          = [ "93.184.216.34" ]

[groups.blocklist-domain]
type               = "blocklist-v2"
blocklist-resolver = "blocklist-resolver-domain"
blocklist-format   = "domain"
blocklist          = [ "example.com" ]

P.S. Also you should probably get rid of that warning at some point (it's probably very low on your todo list).

[folbricht]

It's not possible to pass information about where a query came from to a group, that's by design. Based on your example though, perhaps adding something like edns0-ede = { code = 15, text = "IP $0 is in the blocklist" } directly to the blocklist would make a lot more sense. Giving the blocklist the ability to block and respond with extended error codes.

[folbricht]

The warning should be fixed now too

[Anuskuss]

Based on your example though, perhaps adding something like edns0-ede = { code = 15, text = "IP $0 is in the blocklist" } directly to the blocklist would make a lot more sense.

I think that's a good compromise 👍

[folbricht]

#373 adds edns0-ede to blocklist-v2 directly. It's actually more powerful than just the regex implementation here. I'll probably change this one to match.