initial commit

example-conf/nftables.conf

@@ -0,0 +1,66 @@
+#!/usr/sbin/nft -f
+
+define vnet4 = 198.18.0.0/16
+define vnet6 = 2001:db8:1234:5678::/80
+
+table inet uniwall {
+
+    map vmap4 { type ipv4_addr : ipv4_addr ; flags dynamic,timeout ; timeout 1m ; }
+    map vmap6 { type ipv6_addr : ipv6_addr ; flags dynamic,timeout ; timeout 1m ; }
+
+    chain rejectx {
+        reject with icmpx type host-unreachable
+        drop
+    }
+
+    chain dnat_tele4 {
+        meta nfproto ipv4 meta l4proto tcp dnat ip to ip daddr map @vmap4
+        meta nfproto ipv4 meta l4proto udp dnat ip to ip daddr map @vmap4
+        goto rejectx
+    }
+
+    chain dnat_tele6 {
+        meta nfproto ipv6 meta l4proto tcp dnat ip6 to ip6 daddr map @vmap6
+        meta nfproto ipv6 meta l4proto udp dnat ip6 to ip6 daddr map @vmap6
+        goto rejectx
+    }
+
+    chain dnat_map4 {
+        ip daddr vmap {
+            $vnet4 : goto dnat_tele4,
+        }
+        return
+    }
+
+    chain dnat_map6 {
+        ip6 daddr vmap {
+            $vnet6 : goto dnat_tele6,
+        }
+        return
+    }
+
+    chain nat_prerouting {
+        type nat hook prerouting priority dstnat;
+
+        meta nfproto vmap {
+            ipv4 : jump dnat_map4,
+            ipv6 : jump dnat_map6,
+        }
+    }
+
+    chain nat_output {
+        type nat hook output priority dstnat;
+
+        meta nfproto vmap {
+            ipv4 : jump dnat_map4,
+            ipv6 : jump dnat_map6,
+        }
+    }
+
+    chain nat_postrouting {
+        type nat hook postrouting priority srcnat;
+
+        meta oiftype != loopback masquerade
+    }
+
+}

example-conf/pdns.conf

@@ -0,0 +1,25 @@
+launch=remote
+remote-connection-string=http:url=http://127.0.0.1:8086/dns,post,post_json,timeout=6000
+consistent-backends=false
+zone-cache-refresh-interval=0
+
+non-local-bind=yes
+local-address-nonexist-fail=no
+local-address=127.0.0.1
+local-port=5371
+
+no-shuffle=on
+default-ttl=60
+
+cache-ttl=0
+query-cache-ttl=0
+negquery-cache-ttl=30
+max-cache-entries=0
+max-packet-cache-entries=0
+
+receiver-threads=2
+reuseport=yes
+tcp-fast-open=20
+
+disable-axfr=yes
+security-poll-suffix=

example-conf/systemd.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=PowerDNS Remote/HTTP backend example
+Wants=network-online.target
+After=network-online.target time-sync.target
+
+[Service]
+ExecStart=/usr/local/sbin/powerdns-remote-http-example -listen 127.0.0.1:8086 -ttl-fuzz -resolver-endpoint 127.0.0.1:53 -resolver-proto tcp -resolver-timeout 2.9s -cidr-ipv4 198.18.0.0/16 -cidr-ipv6 2001:db8:1234:5678::/80 -nft-table uniwall -nft-map-ipv4 vmap4 -nft-map-ipv6 vmap6 -soa-ns example.org. -soa-mbox dns.example.org.
+SyslogIdentifier=powerdns-remote-http-example
+Type=exec
+Restart=on-failure
+RestartSec=3
+StartLimitInterval=0
+RuntimeDirectory=powerdns-remote-http-example
+
+[Install]
+WantedBy=multi-user.target