Compare commits

...

18 Commits

Author SHA1 Message Date
Muhammad Nuzaihan Bin Kamal Luddin d47b265a06
Merge b24401e77c into b7eefa1996 2024-11-21 10:52:17 +01:00
Muhammad Nuzaihan Bin Kamal Luddin b24401e77c set variable to be freed 2024-09-20 19:36:28 +08:00
Muhammad Nuzaihan Bin Kamal Luddin c8f16cc97c fix all as recommended 2024-09-20 18:41:18 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 5507ec986f log invalid dns type with error message 2024-09-18 01:55:35 +08:00
Muhammad Nuzaihan Bin Kamal Luddin fee8a01942 remove unneeded string variable and directly use the data 2024-09-17 18:15:35 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 2e9b9408d2 change log_info to log_debug 2024-09-17 16:25:02 +08:00
Muhammad Nuzaihan Bin Kamal Luddin f8599ea6fb fix: finish up work as recommended 2024-09-17 16:23:48 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 18b5e47238 remove strv.h from include in resolved-dns-stub.c so it is cleaner 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin a7847d744e generate missing header files 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 04031c10f8 fix meson and make ci/cd happy 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 84831eff33 Revert "make ci/cd pipelines happy"
This reverts commit 69a6d3b193.
2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin a7a4b22282 make ci/cd pipelines happy 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 7f8faa1b9a remove dns-type-c 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin bfed004837 do not cleanup and free Set * 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 1e79a8f8d6 Rework RecordRefuseType
* Add new configuration parser which translates configuration values to int
* Store ints in Set*
* Check value if exists in set in DNS stub when user queries
2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 18e8f0f1ce remove stub 2024-09-17 02:28:55 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 4d041317df rework to use RefuseRecordTypes= 2024-09-17 02:28:54 +08:00
Muhammad Nuzaihan Bin Kamal Luddin 9ea2a332c5 add an option to explicitly disable query IPv6 AAAA 2024-09-17 02:28:54 +08:00
7 changed files with 61 additions and 0 deletions

View File

@ -414,3 +414,46 @@ int manager_parse_config_file(Manager *m) {
return 0; return 0;
} }
int config_parse_refuse_record_types(
const char *unit,
const char *filename,
unsigned line,
const char *section,
unsigned section_line,
const char *lvalue,
int ltype,
const char *rvalue,
void *data,
void *userdata) {
Manager *m = ASSERT_PTR(userdata);
int r;
Set *refused_records = NULL;
refused_records = set_free(refused_records);
for (const char *p = rvalue;;) {
_cleanup_free_ char *word = NULL;
r = extract_first_word(&p, &word, ",", EXTRACT_UNQUOTE);
if (r < 0)
return log_syntax_parse_error(unit, filename, line, r, lvalue, rvalue);
if (r == 0)
break;
r = dns_type_from_string(word);
if (r < 0) {
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid DNS record type, ignoring: %s", word);
continue;
}
r = set_ensure_put(&refused_records, NULL, INT_TO_PTR(r));
if (r < 0)
return log_oom();
}
m->refuse_record_types = refused_records;
return 1;
}

View File

@ -24,3 +24,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dns_servers);
CONFIG_PARSER_PROTOTYPE(config_parse_search_domains); CONFIG_PARSER_PROTOTYPE(config_parse_search_domains);
CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_mode); CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_extra); CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_extra);
CONFIG_PARSER_PROTOTYPE(config_parse_refuse_record_types);

View File

@ -480,6 +480,12 @@ int dns_query_new(
assert(m); assert(m);
/* Check for records that is refused and refuse query for the records if matched in configuration */
DNS_QUESTION_FOREACH(key, question_utf8)
if (set_contains(m->refuse_record_types, INT_TO_PTR(key->type))) {
return log_debug_errno(SYNTHETIC_ERRNO(ENOANO), "Got request for %s record that is refused.", dns_type_to_string(key->type));
}
if (question_bypass) { if (question_bypass) {
/* It's either a "bypass" query, or a regular one, but can't be both. */ /* It's either a "bypass" query, or a regular one, but can't be both. */
if (question_utf8 || question_idna) if (question_utf8 || question_idna)

View File

@ -996,6 +996,12 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea
(DNS_PACKET_CD(p) ? SD_RESOLVED_NO_VALIDATE | SD_RESOLVED_NO_CACHE : 0)| (DNS_PACKET_CD(p) ? SD_RESOLVED_NO_VALIDATE | SD_RESOLVED_NO_CACHE : 0)|
(DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)| (DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
SD_RESOLVED_CLAMP_TTL); SD_RESOLVED_CLAMP_TTL);
/* Refuse query if there is -ENOSYS */
if (r == -ENOANO) {
return (void) dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
}
if (r < 0) { if (r < 0) {
log_error_errno(r, "Failed to generate query object: %m"); log_error_errno(r, "Failed to generate query object: %m");
dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false); dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);

View File

@ -33,3 +33,4 @@ Resolve.ResolveUnicastSingleLabel, config_parse_bool, 0,
Resolve.DNSStubListenerExtra, config_parse_dns_stub_listener_extra, 0, offsetof(Manager, dns_extra_stub_listeners) Resolve.DNSStubListenerExtra, config_parse_dns_stub_listener_extra, 0, offsetof(Manager, dns_extra_stub_listeners)
Resolve.CacheFromLocalhost, config_parse_bool, 0, offsetof(Manager, cache_from_localhost) Resolve.CacheFromLocalhost, config_parse_bool, 0, offsetof(Manager, cache_from_localhost)
Resolve.StaleRetentionSec, config_parse_sec, 0, offsetof(Manager, stale_retention_usec) Resolve.StaleRetentionSec, config_parse_sec, 0, offsetof(Manager, stale_retention_usec)
Resolve.RefuseRecordTypes, config_parse_refuse_record_types, 0, offsetof(Manager, refuse_record_types)

View File

@ -137,6 +137,9 @@ struct Manager {
struct stat etc_hosts_stat; struct stat etc_hosts_stat;
bool read_etc_hosts; bool read_etc_hosts;
/* List of refused DNS Record Types*/
Set *refuse_record_types;
OrderedSet *dns_extra_stub_listeners; OrderedSet *dns_extra_stub_listeners;
/* Local DNS stub on 127.0.0.53:53 */ /* Local DNS stub on 127.0.0.53:53 */

View File

@ -35,3 +35,4 @@
#ReadEtcHosts=yes #ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no #ResolveUnicastSingleLabel=no
#StaleRetentionSec=0 #StaleRetentionSec=0
#RefuseRecordTypes=