Commit Diff
Diff:
8be9de15186214083fd9903c4ca16fcf7d5e922a
e3a24a0fbd54e7e68685aca8891b54584c427256
Commit:
e3a24a0fbd54e7e68685aca8891b54584c427256
Tree:
9d1d97f0b349ce74bce15ed6d0ace2522741724e
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Wed Sep 30 10:07:31 2020 UTC
Message:
add a max-udp-payload option that is setable (defaults to 0xffff and will most likely always be overridden by edns0) that allows an operator to force udp sizes, just in case there is resolvers out there that don't do 1232 size by means of edns0. This makes us compliant to DNS Flag day 2020. https://dnsflagday.net/2020/ Tested on OpenBSD
blob - 08b53e1dd62c1eacf976f08bdfe17bd9afff4222
blob + db8b06424169d246ae9f4683ebab873ae5fc278d
--- additional.c
+++ additional.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: additional.c,v 1.39 2020/08/08 05:51:48 pjp Exp $
+ * $Id: additional.c,v 1.40 2020/09/30 10:07:31 pjp Exp $
*/
#include <sys/types.h>
@@ -671,7 +671,7 @@ additional_opt(struct question *question, char *reply,
memset(answer->name, 0, sizeof(answer->name));
answer->type = htons(DNS_TYPE_OPT);
- answer->class = htons(question->edns0len);
+ answer->class = htons(MIN(question->edns0len, replylen));
if (dnssec && question->dnssecok)
rcode = DNSSEC_OK;
blob - e6cffe0cd059b6caf21457266f206a6818381395
blob + fa26912792164a15f446efa77d9a2281960986c6
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.141 2020/08/26 07:17:26 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.142 2020/09/30 10:07:31 pjp Exp $
*/
@@ -268,6 +268,7 @@ extern int passlist;
extern int tsig;
extern int dnssec;
extern int raxfrflag;
+extern u_int max_udp_payload;
static int reload = 0;
static int mshutdown = 0;
@@ -2179,7 +2180,7 @@ forwardudp:
memcpy((char *)&sforward->header, buf, sizeof(struct dns_header));
sforward->type = question->hdr->qtype;
sforward->class = question->hdr->qclass;
- sforward->edns0len = question->edns0len;
+ sforward->edns0len = MIN(question->edns0len, max_udp_payload);
sforward->dnssecok = question->dnssecok;
if (question->tsig.have_tsig && question->tsig.tsigverified) {
blob - 47603142a3abaa5f96f12e7e87f0b6b051807ca4
blob + 6578a3eebd3c27ceb78581a0ff5ab0838693f9b8
--- parse.y
+++ parse.y
@@ -21,7 +21,7 @@
*/
/*
- * $Id: parse.y,v 1.116 2020/09/25 06:28:05 pjp Exp $
+ * $Id: parse.y,v 1.117 2020/09/30 10:07:31 pjp Exp $
*/
%{
@@ -204,6 +204,7 @@ time_t time_changed;
int dnssec = 0;
int raxfrflag = 0;
int tcpanyonly = 0;
+u_int max_udp_payload = 0xffff; /* 65535 */
char *check_rr(char *, char *, int, int *);
int fill_a(ddDB *, char *, char *, int, char *);
@@ -1365,6 +1366,10 @@ optionsstatement:
ratelimit = 1;
ratelimit_packets_per_second = $2;
dolog(LOG_DEBUG, "ratelimiting to %d packets per second\n", ratelimit_packets_per_second);
+ } else if (strcasecmp($1, "max-udp-payload") == 0) {
+ max_udp_payload = $2;
+
+ dolog(LOG_DEBUG, "max-udp-payload is now %u\n", max_udp_payload);
}
}
blob - 6117b790cf109eb690a6904614f6d478bcd1d307
blob + 131334cfc9c93ce683516641efdec3e807254f4f
--- reply.c
+++ reply.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: reply.c,v 1.113 2020/09/30 07:23:58 pjp Exp $
+ * $Id: reply.c,v 1.114 2020/09/30 10:07:31 pjp Exp $
*/
#include <sys/types.h>
@@ -154,6 +154,7 @@ void set_reply_flags(struct rbtree *, struct dns_hea
extern int debug, verbose, dnssec, tcpanyonly;
extern char *versionstring;
extern uint8_t vslen;
+extern u_int max_udp_payload;
@@ -208,7 +209,7 @@ reply_a(struct sreply *sreply, int *sretlen, ddDB *db)
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -414,7 +415,7 @@ reply_nsec3param(struct sreply *sreply, int *sretlen,
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -627,7 +628,7 @@ reply_nsec3(struct sreply *sreply, int *sretlen, ddDB
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
/* RFC 5155 section 7.2.8 */
@@ -851,7 +852,7 @@ reply_caa(struct sreply *sreply, int *sretlen, ddDB *d
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -1047,7 +1048,7 @@ reply_hinfo(struct sreply *sreply, int *sretlen, ddDB
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -1244,7 +1245,7 @@ reply_rp(struct sreply *sreply, int *sretlen, ddDB *db
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -1444,7 +1445,7 @@ reply_nsec(struct sreply *sreply, int *sretlen, ddDB *
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -1649,7 +1650,7 @@ reply_ds(struct sreply *sreply, int *sretlen, ddDB *db
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -1855,7 +1856,7 @@ reply_dnskey(struct sreply *sreply, int *sretlen, ddDB
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -2047,7 +2048,7 @@ reply_rrsig(struct sreply *sreply, int *sretlen, ddDB
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -2181,7 +2182,7 @@ reply_aaaa(struct sreply *sreply, int *sretlen, ddDB *
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -2380,7 +2381,7 @@ reply_mx(struct sreply *sreply, int *sretlen, ddDB *db
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -2725,7 +2726,7 @@ reply_ns(struct sreply *sreply, int *sretlen, ddDB *db
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -3128,7 +3129,7 @@ reply_cname(struct sreply *sreply, int *sretlen, ddDB
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -3470,7 +3471,7 @@ reply_ptr(struct sreply *sreply, int *sretlen, ddDB *d
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -3668,7 +3669,7 @@ reply_soa(struct sreply *sreply, int *sretlen, ddDB *d
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
/* st */
@@ -3927,7 +3928,7 @@ reply_txt(struct sreply *sreply, int *sretlen, ddDB *d
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
/* st */
@@ -4123,7 +4124,7 @@ reply_version(struct sreply *sreply, int *sretlen, ddD
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
/* st */
@@ -4257,7 +4258,7 @@ reply_tlsa(struct sreply *sreply, int *sretlen, ddDB *
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -4453,7 +4454,7 @@ reply_sshfp(struct sreply *sreply, int *sretlen, ddDB
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -4649,7 +4650,7 @@ reply_naptr(struct sreply *sreply, int *sretlen, ddDB
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -4878,7 +4879,7 @@ reply_srv(struct sreply *sreply, int *sretlen, ddDB *d
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
@@ -5145,7 +5146,7 @@ reply_nxdomain(struct sreply *sreply, int *sretlen, dd
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -5873,7 +5874,7 @@ reply_noerror(struct sreply *sreply, int *sretlen, ddD
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -6179,7 +6180,7 @@ reply_any(struct sreply *sreply, int *sretlen, ddDB *d
}
if (! istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
/* st */
@@ -7584,7 +7585,7 @@ reply_badvers(struct sreply *sreply, int *sretlen, ddD
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -7706,7 +7707,7 @@ reply_generic(struct sreply *sreply, int *sretlen, ddD
}
if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
+ replysize = MIN(q->edns0len, max_udp_payload);
odh = (struct dns_header *)&reply[0];
repomaster@centroid.eu