Compare commits
18 Commits
d4807ec9da
...
d47b265a06
Author | SHA1 | Date |
---|---|---|
Muhammad Nuzaihan Bin Kamal Luddin | d47b265a06 | |
Muhammad Nuzaihan Bin Kamal Luddin | b24401e77c | |
Muhammad Nuzaihan Bin Kamal Luddin | c8f16cc97c | |
Muhammad Nuzaihan Bin Kamal Luddin | 5507ec986f | |
Muhammad Nuzaihan Bin Kamal Luddin | fee8a01942 | |
Muhammad Nuzaihan Bin Kamal Luddin | 2e9b9408d2 | |
Muhammad Nuzaihan Bin Kamal Luddin | f8599ea6fb | |
Muhammad Nuzaihan Bin Kamal Luddin | 18b5e47238 | |
Muhammad Nuzaihan Bin Kamal Luddin | a7847d744e | |
Muhammad Nuzaihan Bin Kamal Luddin | 04031c10f8 | |
Muhammad Nuzaihan Bin Kamal Luddin | 84831eff33 | |
Muhammad Nuzaihan Bin Kamal Luddin | a7a4b22282 | |
Muhammad Nuzaihan Bin Kamal Luddin | 7f8faa1b9a | |
Muhammad Nuzaihan Bin Kamal Luddin | bfed004837 | |
Muhammad Nuzaihan Bin Kamal Luddin | 1e79a8f8d6 | |
Muhammad Nuzaihan Bin Kamal Luddin | 18e8f0f1ce | |
Muhammad Nuzaihan Bin Kamal Luddin | 4d041317df | |
Muhammad Nuzaihan Bin Kamal Luddin | 9ea2a332c5 |
|
@ -414,3 +414,46 @@ int manager_parse_config_file(Manager *m) {
|
|||
return 0;
|
||||
|
||||
}
|
||||
|
||||
int config_parse_refuse_record_types(
|
||||
const char *unit,
|
||||
const char *filename,
|
||||
unsigned line,
|
||||
const char *section,
|
||||
unsigned section_line,
|
||||
const char *lvalue,
|
||||
int ltype,
|
||||
const char *rvalue,
|
||||
void *data,
|
||||
void *userdata) {
|
||||
|
||||
Manager *m = ASSERT_PTR(userdata);
|
||||
int r;
|
||||
Set *refused_records = NULL;
|
||||
|
||||
refused_records = set_free(refused_records);
|
||||
|
||||
for (const char *p = rvalue;;) {
|
||||
_cleanup_free_ char *word = NULL;
|
||||
r = extract_first_word(&p, &word, ",", EXTRACT_UNQUOTE);
|
||||
if (r < 0)
|
||||
return log_syntax_parse_error(unit, filename, line, r, lvalue, rvalue);
|
||||
|
||||
if (r == 0)
|
||||
break;
|
||||
|
||||
r = dns_type_from_string(word);
|
||||
if (r < 0) {
|
||||
log_syntax(unit, LOG_WARNING, filename, line, r, "Invalid DNS record type, ignoring: %s", word);
|
||||
continue;
|
||||
}
|
||||
|
||||
r = set_ensure_put(&refused_records, NULL, INT_TO_PTR(r));
|
||||
if (r < 0)
|
||||
return log_oom();
|
||||
}
|
||||
|
||||
m->refuse_record_types = refused_records;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
|
|
@ -24,3 +24,4 @@ CONFIG_PARSER_PROTOTYPE(config_parse_dns_servers);
|
|||
CONFIG_PARSER_PROTOTYPE(config_parse_search_domains);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_mode);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_dns_stub_listener_extra);
|
||||
CONFIG_PARSER_PROTOTYPE(config_parse_refuse_record_types);
|
||||
|
|
|
@ -480,6 +480,12 @@ int dns_query_new(
|
|||
|
||||
assert(m);
|
||||
|
||||
/* Check for records that is refused and refuse query for the records if matched in configuration */
|
||||
DNS_QUESTION_FOREACH(key, question_utf8)
|
||||
if (set_contains(m->refuse_record_types, INT_TO_PTR(key->type))) {
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(ENOANO), "Got request for %s record that is refused.", dns_type_to_string(key->type));
|
||||
}
|
||||
|
||||
if (question_bypass) {
|
||||
/* It's either a "bypass" query, or a regular one, but can't be both. */
|
||||
if (question_utf8 || question_idna)
|
||||
|
|
|
@ -996,6 +996,12 @@ static void dns_stub_process_query(Manager *m, DnsStubListenerExtra *l, DnsStrea
|
|||
(DNS_PACKET_CD(p) ? SD_RESOLVED_NO_VALIDATE | SD_RESOLVED_NO_CACHE : 0)|
|
||||
(DNS_PACKET_DO(p) ? SD_RESOLVED_REQUIRE_PRIMARY : 0)|
|
||||
SD_RESOLVED_CLAMP_TTL);
|
||||
|
||||
/* Refuse query if there is -ENOSYS */
|
||||
if (r == -ENOANO) {
|
||||
return (void) dns_stub_send_failure(m, l, s, p, DNS_RCODE_REFUSED, false);
|
||||
}
|
||||
|
||||
if (r < 0) {
|
||||
log_error_errno(r, "Failed to generate query object: %m");
|
||||
dns_stub_send_failure(m, l, s, p, DNS_RCODE_SERVFAIL, false);
|
||||
|
|
|
@ -33,3 +33,4 @@ Resolve.ResolveUnicastSingleLabel, config_parse_bool, 0,
|
|||
Resolve.DNSStubListenerExtra, config_parse_dns_stub_listener_extra, 0, offsetof(Manager, dns_extra_stub_listeners)
|
||||
Resolve.CacheFromLocalhost, config_parse_bool, 0, offsetof(Manager, cache_from_localhost)
|
||||
Resolve.StaleRetentionSec, config_parse_sec, 0, offsetof(Manager, stale_retention_usec)
|
||||
Resolve.RefuseRecordTypes, config_parse_refuse_record_types, 0, offsetof(Manager, refuse_record_types)
|
||||
|
|
|
@ -137,6 +137,9 @@ struct Manager {
|
|||
struct stat etc_hosts_stat;
|
||||
bool read_etc_hosts;
|
||||
|
||||
/* List of refused DNS Record Types*/
|
||||
Set *refuse_record_types;
|
||||
|
||||
OrderedSet *dns_extra_stub_listeners;
|
||||
|
||||
/* Local DNS stub on 127.0.0.53:53 */
|
||||
|
|
|
@ -35,3 +35,4 @@
|
|||
#ReadEtcHosts=yes
|
||||
#ResolveUnicastSingleLabel=no
|
||||
#StaleRetentionSec=0
|
||||
#RefuseRecordTypes=
|
||||
|
|
Loading…
Reference in New Issue