Custom Redirects

DL6ER · September 11, 2021, 5:01pm

Thanks. Your independent tests helped a lot. The new feature has already been reviewed and approved. It'll be part of the next Pi-hole release and is already part of the currently running beta.

Anuskuss · September 12, 2021, 5:29pm

You should create a test case for .;reply=1.1.1.1;reply=2.2.2.2, because the behaviour might change in the future. I've created a redirect to an IPv4 server (that's not under my control), which has a mirror server, so my RegExp looks like the example above. It's convenient for me to have them both in the same place, so I'd just have to alter the string slightly in case the main server goes down. Although I'd prefer it a little more if the parser was first-occurrence instead of overriding/undefined.

DL6ER · September 13, 2021, 7:08am

Last occurrence is slightly easier to code as we don't need to store if the variable had already been set. Setting to 0.0.0.0 could otherwise not be differentiated from not seeing the value at all.

Undefined behavior does not occur, it is always replacing. For the other extensions, we have repeated-setting warnings, however, we don't have this here because it is explicitly permitted.

Anuskuss · May 21, 2022, 8:03am

Sorry for necroing this thread but I recently encountered a problem in my setup and this would be the perfect candidate for a workaround:
I have software in my network which relies on DNS rebinding. My router has DNS rebinding protection which I have turned off. Still, sometimes the rebinding just fails for whatever reason - maybe it doesn't restore the rebind after a router restart or simply can't rebind again after a software restart. Anyway, you could potentially emulate the rebind with ;reply= and in my case the rules would look like this:

^(\d{1,3})-(\d{1,3})-(\d{1,3})-(\d{1,3})\.mydns\.jdownloader\.org$;reply=$1.$2.$3.$4

^([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})\.mydns\.jdownloader\.org$;reply=$1:$2:$3:$4:$5:$6:$7:$8

I know this doesn't seem terribly useful for the average Pi-hole user and implementing this will bump up the complexity immensly. Just wanted to share this in case this looks interesting to somebody.

Right now I'm using a simple Local DNS Record to make this work for my local static IPv4 (it checks for 10.6, 192.168 and localhost). Can't do the same for the IPv6 though because it only checks the public 2a02 which is bound to change.

DanSchaper · May 21, 2022, 6:44pm

We only handle the domain name, we don't see anything past .org in your example. There isn't any way we could see the URL or be able to return a URL. We only return IP addresses.

Anuskuss · May 21, 2022, 10:00pm

I think you forgot about the Regex syntax which was introduced here:

^(\d{1,3})-(\d{1,3})-(\d{1,3})-(\d{1,3})\.mydns\.jdownloader\.org$;reply=$1.$2.$3.$4
 └──────────────────────────────┬───────────────────────────────┘        └────┬────┘
                              Domain                                       Redirect

DanSchaper · May 21, 2022, 10:47pm

Okay, then I'm not understanding what you mean.

Can you show an example of what would be sent to Pi-hole and what the expected result would be?

Anuskuss · May 23, 2022, 7:22am

Well, the blacklist entry above will match

192-168-0-1.mydns.jdownloader.org

but instead of blocking the request via the BLOCKINGMODE, it will reply with an IP address instead. That address is defined in the ;reply= block and uses capture groups to assemble the response:

192.168.0.1

DL6ER · May 23, 2022, 6:55pm

The technical realization of FTL regex extensions is that if there is a semicolon, everything before gets interpreted as regular expression, and everything thereafter is fed into a config parser. Hence, back referencing from the config file part into the regex matches would be a really complex (even if not entirely impossible) task. It would still be a whole lot of work and I'm wondering for what we're doing this.
Writing a patch for the software that replies on DNS rebinding may be easier to do...

DanSchaper · May 24, 2022, 2:58am

In the meantime, you could use one of the standard block modes to return 192.168.0.1 for all of the domains and then set up a proxy/nginx/lighttpd that sends the http requests to the endpoint that you would like to redirect them to.

Anuskuss · May 26, 2022, 9:51am

Yeah, I already "hardcoded" that IPv4 domain because it's static. Everything works as the software just needs one successful response (to enable a direct connection). It's probably too much work for such a niche feature - just was curious to hear your thoughts.