Commit Diff
Diff:
b0a7237623dfb5cf90944a52d5067ad769096efb
959d1769707545fbe2f8b0bd8a5a30db00f2f79d
Commit:
959d1769707545fbe2f8b0bd8a5a30db00f2f79d
Tree:
a46328cdaefce60a88d869a8ad0ff92a7e110814
Author:
pbug <pbug@delphinusdns.org>
Committer:
pbug <pbug@delphinusdns.org>
Date:
Mon Apr 5 11:54:13 2010 UTC
Message:
* change BUILD_REPLY macro to build_reply() function * fixed A and AAAA answers with tcp, this was a bug * bumped version to 3 in the configfile * added "wildcard-only-for" command to configfile where a slinked list determines who will be wildcarded for, much like a firewall rule * fixed getmask() function that wouldn't allow a rightshift of 32 * did the same for the getmask6 function * removed the -W flag * updated README, examples and manpage tested on FreeBSD, OpenBSD, Linux
blob - 692256aaff492f1bbb5dd7d5caf8c088c5dc6c7a
blob + 1da36fbddb52d76c440c2f5b3eeb660953a958b4
--- Makefile.linux
+++ Makefile.linux
@@ -11,7 +11,8 @@ build:
$(CC) $(CFLAGS) -c parse.c
$(CC) $(CFLAGS) -c reply.c
$(CC) $(CFLAGS) -c region.c
- $(CC) $(CFLAGS) -o wildcarddnsd additional.o main.o parse.o reply.o region.o $(LDADD)
+ $(CC) $(CFLAGS) -c wildcard.c
+ $(CC) $(CFLAGS) -o wildcarddnsd additional.o main.o parse.o reply.o region.o wildcard.o $(LDADD)
install:
blob - 2a41f0ee87367ded54cc72b5379582db050ead18
blob + 3ca6d32c093f7115324c8d25c223473b3133141c
--- README
+++ README
@@ -1,4 +1,4 @@
-$Id: README,v 1.14 2010/03/28 16:01:54 pbug Exp $
+$Id: README,v 1.15 2010/04/05 11:54:13 pbug Exp $
1. README
2. WHY WILDCARDNS?
@@ -24,9 +24,9 @@ day the author has a better understanding of it. Comp
other DNS implementations is not fair since many of those implementation
fix Wildcarddns's faults on the Internet. It is recommended that if this
daemon is used on the Internet that logging be turned on to learn from it
-and the DNS system. Understand what it means to use the -W flag and what
-it means to a neighbouring DNS server if the -W flag is left off. Use the
-tool "dig" that comes with bind9 to debug Wildcarddns. If you like to
+and the DNS system.
+
+Use the tool "dig" that comes with bind9 to debug Wildcarddns. If you like to
program, then you can fork Wildcarddns and make your own creation, or you
can send patches to the author who may implement them into the code.
@@ -52,7 +52,7 @@ do this manually. Also by default the config file is
wildcarddnsd.
A sample config file exists with the sources. example7.conf was a real life
-config once (used with -W flag).
+config once.
4. COMPATIBILITY
blob - 5024a20779a141091b6116ca46f265731204018f
blob + aa8ba1c0c083bb4dd35dfd2638e0b92bccbaf276
--- TODO
+++ TODO
@@ -10,7 +10,8 @@ Here are a few things nice to have but not necessarily
Here are some ideas for the config file:
-wildcard-only-for "wildcard everyone" {
+wildcard-only-for "wildcard everyone" { [done]
+ ::/0;
0.0.0.0/0;
; this is a comment
; if this option isn't mentioned, then wildcarding is off
blob - 962cadc2fa58b11aeff5a892e4436795aece7df8
blob + cd0117b4a726f529a51a7e55b3958e2a655c408f
--- db.h
+++ db.h
@@ -111,29 +111,9 @@ struct sreply {
struct domain *sd2; /* CNAME to second resolved domain */
u_int8_t region; /* region of question */
int istcp; /* when set it's tcp */
+ int wildcard; /* wildcarding boolean */
};
-/*
- * the BUILD_REPLY macro fills struct sreply with given information,
- * It's hoped that this will speed up things instead of a build_reply()
- * function.
- * (hopefully the only macro in the program !!!!)
- */
-
-#define BUILD_REPLY(reply, so0, buf0, len0, q0, sa0, salen0, sd10, sd20, aregion, istcp) \
- do { \
- reply.so = so0; \
- reply.buf = buf0; \
- reply.len = len0; \
- reply.q = q0; \
- reply.sa = sa0; \
- reply.salen = salen0; \
- reply.sd1 = sd10; \
- reply.sd2 = sd20; \
- reply.region = aregion; \
- reply.istcp = istcp; \
- } while (0);
-
int parse_file(DB *db, char *);
DB * opendatabase(DB *);
blob - 3bda16607148c4ff84044a6f002965059b09c231
blob + cfb229ddb409267496aa5f15397ad82e252791b6
--- example1.conf
+++ example1.conf
@@ -4,7 +4,24 @@
#
#
-version "2";
+version "3";
+
+; WARNING - the way wildcarddnsd originally implemented wildcarding is
+; wrong and can cause damage on the Internet (DoS), it can
+; also cause damage on someone using wildcarding, so it's best
+; to turn it off. By default anyone wanting to turn wildcarding
+; on should enable the "wildcard-only-for" block as shown below.
+;
+; comment the below block to turn wildcarding off
+;
+wildcard-only-for "my IP's" {
+ 2001:a60:f074::8/128;
+ ::1/128;
+ ; this is a comment
+ ; if this option isn't mentioned, then wildcarding is off
+ ; this will remove the -W option in the command line
+}
+
zone "default" {
; comments must be at the beginning of a new line, # and ; is allowed
blob - d04d30a35a9c939d7245ccc90da01332af7e4422
blob + 4c50d92c58d655f614a4d571e20660c3c0091730
--- example2.conf
+++ example2.conf
@@ -4,8 +4,29 @@
#
#
-version "2";
+version "3";
+
+# wildcarddns - RR configuration file
+#
+#
+
+version "3";
+
+; WARNING - the way wildcarddnsd originally implemented wildcarding is
+; wrong and can cause damage on the Internet (DoS), it can
+; also cause damage on someone using wildcarding, so it's best
+; to turn it off. By default anyone wanting to turn wildcarding
+; on should enable the "wildcard-only-for" block as shown below.
+;
+; comment the below to turn wildcarding off
+wildcard-only-for "wildcard everyone" {
+ 0.0.0.0/0;
+ ::/0;
+ ; this is a comment
+ ; if this option isn't mentioned, then wildcarding is off
+ ; this will remove the -W option in the command line
+}
zone "default" {
;
blob - ff2f15959b036958e7bccfde052855a40359088d
blob + e63e3e5c0f72acaacc5533c5493d9e641415cdd5
--- example3.conf
+++ example3.conf
@@ -1,5 +1,5 @@
# wildcarddns - RR configuration file
-version "2";
+version "3";
zone "centroid.eu" {
# serial, refresh, retry, expire, zone time to live (no spaces)
blob - df009e872ba8dc3d52009ec3030dae66a391dc84
blob + dc14989ef25aadba5580337c7a672bf1700ae205
--- example4.conf
+++ example4.conf
@@ -1,6 +1,22 @@
; sample config file that is in production.
;
-version "2";
+version "3";
+
+; WARNING - the way wildcarddnsd originally implemented wildcarding is
+; wrong and can cause damage on the Internet (DoS), it can
+; also cause damage on someone using wildcarding, so it's best
+; to turn it off. By default anyone wanting to turn wildcarding
+; on should enable the "wildcard-only-for" block as shown below.
+;
+; To enable wildcarding uncomment the below...
+;
+;wildcard-only-for "wildcard everyone" {
+; ::/0;
+; 0.0.0.0/0;
+; ; this is a comment
+; ; if this option isn't mentioned, then wildcarding is off
+; ; this will remove the -W option in the command line
+;}
; this is for the host dione.centroid.eu which is in Panama
; it serves best for the Americas and Australia (?)
blob - 07ccec3ef117399180204c5f88f15b9a52ebbd80
blob + aae9d19b7b027337917ab10c669c758ccc13aede
--- example7.conf
+++ example7.conf
@@ -1,6 +1,24 @@
; sample config file that is in production.
;
-version "2";
+version "3";
+
+; WARNING - the way wildcarddnsd originally implemented wildcarding is
+; wrong and can cause damage on the Internet (DoS), it can
+; also cause damage on someone using wildcarding, so it's best
+; to turn it off. By default anyone wanting to turn wildcarding
+; on should enable the "wildcard-only-for" block as shown below.
+;
+; To enable wildcarding uncomment the below...
+;
+;wildcard-only-for "wildcard everyone" {
+; ::/0;
+; 0.0.0.0/0;
+; ; this is a comment
+; ; if this option isn't mentioned, then wildcarding is off
+; ; this will remove the -W option in the command line
+;}
+
+
; this is for the host dione.centroid.eu which is in Panama
; it serves best for the Americas and Australia (?)
blob - 62aa5cea195e551109bbf8f01b8f5b0e14e59789
blob + 52c16d5aa42b860e7a61a496e4f06dc5b355b9d3
--- main.c
+++ main.c
@@ -35,8 +35,8 @@ struct question * build_question(char *, int);
struct question * build_fake_question(char *, int, u_int16_t);
void mainloop(int *, int *, int, char **, DB *);
int free_question(struct question *);
-int lookup_zone(DB *, struct question *, struct domain *, int *, char *);
-int get_soa(DB *, struct question *, struct domain *);
+int lookup_zone(DB *, struct question *, struct domain *, int *, char *, int);
+int get_soa(DB *, struct question *, struct domain *, int);
extern void reply_notimpl(struct sreply *);
extern void reply_nxdomain(struct sreply *);
@@ -51,12 +51,15 @@ extern void reply_mx(struct sreply *, DB *);
extern void reply_ns(struct sreply *, DB *);
extern void reply_txt(struct sreply *);
extern u_int8_t find_region(struct sockaddr_storage *sst, int family);
+extern int find_wildcard(struct sockaddr_storage *sst, int family);
+extern void init_wildcard(void);
extern void collects_init(void);
char * dns_label(char *, int *);
int compress_label(char *, int, int);
int memcasecmp(char *, char *, int);
char * get_dns_type(int dnstype);
+void build_reply(struct sreply *reply, int so, char *buf, int len, struct question *q, struct sockaddr *sa, socklen_t slen, struct domain *sd1, struct domain *sd2, u_int8_t region, int istcp, int wildcard);
/* aliases */
@@ -83,7 +86,6 @@ struct typetable {
/* global variables */
extern char *__progname;
-static int Wflag = 0;
static int lflag = 0;
/* singly linked list for tcp operations */
@@ -98,13 +100,14 @@ struct tcps {
int maxlen;
int so;
int isv6;
- int region;
+ u_int8_t region;
+ int wildcard;
time_t time;
SLIST_ENTRY(tcps) entries;
} *tn1, *tn2, *tnp;
-static const char rcsid[] = "$Id: main.c,v 1.49 2010/04/01 20:05:04 pbug Exp $";
+static const char rcsid[] = "$Id: main.c,v 1.50 2010/04/05 11:54:13 pbug Exp $";
/*
* MAIN - set up arguments, set up database, set up sockets, call mainloop
@@ -145,7 +148,7 @@ main(int argc, char *argv[])
exit(1);
}
- while ((ch = getopt(argc, argv, "b:f:i:lp:W")) != -1) {
+ while ((ch = getopt(argc, argv, "b:f:i:lp:")) != -1) {
switch (ch) {
case 'b':
bflag = 1;
@@ -172,11 +175,8 @@ main(int argc, char *argv[])
case 'p':
port = atoi(optarg) & 0xffff;
break;
- case 'W':
- Wflag = 1;
- break;
default:
- fprintf(stderr, "usage: dnsserver [-W] [-i interface] [-b bindaddress] [-f configfile] [-p portnumber]\n");
+ fprintf(stderr, "usage: wildcarddnsd [-i interface] [-b bindaddress] [-f configfile] [-p portnumber]\n");
exit (1);
}
}
@@ -226,6 +226,7 @@ main(int argc, char *argv[])
}
#endif
+ init_wildcard();
if (parse_file(db, conffile) < 0) {
syslog(LOG_INFO, "parsing config file failed");
@@ -901,13 +902,13 @@ memcasecmp(char *b1, char *b2, int len)
int
-lookup_zone(DB *db, struct question *question, struct domain *sd, int *lzerrno, char *replystring)
+lookup_zone(DB *db, struct question *question, struct domain *sd, int *lzerrno, char *replystring, int wildcard)
{
int plen, onemore = 0;
int ret = 0;
int returnval;
- int wildcarding = 0;
+ int w = 0;
char *wildlookup = "*";
char *p;
@@ -944,16 +945,8 @@ lookup_zone(DB *db, struct question *question, struct
#endif
if (ret != 0) {
- /*
- * With the W flag set we just want to reply
- * NXDOMAIN if there was no match, this breaks
- * the wildcarddns function.
- */
-
- if (Wflag) {
- wildcarding = 1;
- }
-
+ if (! wildcard)
+ w = 1;
/* next label */
if (*p != 0) {
plen -= (*p + 1);
@@ -974,13 +967,19 @@ lookup_zone(DB *db, struct question *question, struct
memcpy((char *)sd, (char *)data.data, data.size);
snprintf(replystring, DNS_MAXNAME, "%s", sd->zonename);
- if (Wflag) {
- if (wildcarding && !sd->ns_type) {
+ /*
+ * If we're not wildcarding and ns_type is 0, NXDOMAIN
+ */
+ if (! wildcard)
+ if (w && sd->ns_type == 0) {
*lzerrno = ERR_NXDOMAIN;
return -1;
}
- }
+ /*
+ * we're of ns_type > 0, return an NS record
+ */
+
if (sd->ns_type > 0) {
returnval = DNS_TYPE_NS;
*lzerrno = ERR_NOERROR;
@@ -1084,6 +1083,15 @@ lookup_zone(DB *db, struct question *question, struct
} while (*p != 0 && ret != 0);
if (ret != 0) {
+ /*
+ * somehow we managed to get here and wildcardding is off
+ * return with NXDOMAIN
+ */
+ if (! wildcard) {
+ *lzerrno = ERR_NXDOMAIN;
+ return -1;
+ }
+
memset(&key, 0, sizeof(key));
memset(&data, 0, sizeof(data));
@@ -1255,7 +1263,7 @@ build_fake_question(char *name, int namelen, u_int16_t
*/
int
-get_soa(DB *db, struct question *question, struct domain *sd)
+get_soa(DB *db, struct question *question, struct domain *sd, int wildcard)
{
int plen;
int ret = 0;
@@ -1285,7 +1293,11 @@ get_soa(DB *db, struct question *question, struct doma
#endif
if (ret != 0) {
- if (Wflag)
+ /*
+ * If we're not wildcarding end the search here and
+ * return with -1
+ */
+ if (! wildcard)
return -1;
plen -= (*p + 1);
@@ -1360,6 +1372,7 @@ mainloop(int *udp, int *tcp, int sockcount, char **ide
int so;
int type0, type1;
int lzerrno;
+ int wildcard = 0;
u_int32_t received_ttl;
#ifdef __FreeBSD__
@@ -1494,12 +1507,14 @@ mainloop(int *udp, int *tcp, int sockcount, char **ide
sin6 = (struct sockaddr_in6 *)from;
inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, (char *)&address, sizeof(address));
aregion = find_region((struct sockaddr_storage *)sin6, AF_INET6);
+ wildcard = find_wildcard((struct sockaddr_storage *)sin6, AF_INET6);
} else if (from->sa_family == AF_INET) {
is_ipv6 = 0;
fromlen = sizeof(struct sockaddr_in);
sin = (struct sockaddr_in *)from;
inet_ntop(AF_INET, (void *)&sin->sin_addr, (char *)&address, sizeof(address));
+ wildcard = find_wildcard((struct sockaddr_storage *)sin, AF_INET);
aregion = find_region((struct sockaddr_storage *)sin, AF_INET);
} else {
syslog(LOG_INFO, "TCP packet received on descriptor %u interface \"%s\" had weird address family (%u), drop", so, ident[i], from->sa_family);
@@ -1544,6 +1559,7 @@ mainloop(int *udp, int *tcp, int sockcount, char **ide
tn1->ident = strdup(ident[i]);
tn1->address = strdup(address);
tn1->region = aregion;
+ tn1->wildcard = wildcard;
tn1->time = time(NULL);
SLIST_INSERT_HEAD(&tcpshead, tn1, entries);
@@ -1619,7 +1635,10 @@ mainloop(int *udp, int *tcp, int sockcount, char **ide
syslog(LOG_INFO, "TCP packet on descriptor %u interface \"%s\" header from %s has no question, drop", so, tnp->ident, tnp->address);
/* format error */
- BUILD_REPLY(sreply, so, pbuf, len, NULL, from, fromlen, NULL, NULL, tnp->region, istcp);
+ build_reply( &sreply, so, pbuf, len, NULL,
+ from, fromlen, NULL, NULL, tnp->region,
+ istcp, tnp->wildcard);
+
reply_fmterror(&sreply);
syslog(LOG_INFO, "TCP question on descriptor %d interface \"%s\" from %s, did not have question of 1 replying format error", so, tnp->ident, tnp->address);
goto drop;
@@ -1634,7 +1653,7 @@ mainloop(int *udp, int *tcp, int sockcount, char **ide
/* goto drop beyond this point should goto out instead */
fakequestion = NULL;
- if ((type0 = lookup_zone(db, question, &sd0, &lzerrno, (char *)&replystring)) < 0) {
+ if ((type0 = lookup_zone(db, question, &sd0, &lzerrno, (char *)&replystring, wildcard)) < 0) {
switch (lzerrno) {
default:
@@ -1658,10 +1677,12 @@ mainloop(int *udp, int *tcp, int sockcount, char **ide
*/
memset(&sd0, 0, sizeof(sd0));
- (void)get_soa(db, question, &sd0);
+ (void)get_soa(db, question, &sd0, wildcard);
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply( &sreply, so, pbuf, len,
+ question, from, fromlen,
+ &sd0, NULL, tnp->region, istcp,
+ tnp->wildcard);
reply_noerror(&sreply);
goto tcpout;
@@ -1683,10 +1704,12 @@ tcpnxdomain:
*/
memset(&sd0, 0, sizeof(sd0));
- (void)get_soa(db, question, &sd0);
+ (void)get_soa(db, question, &sd0, wildcard);
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply( &sreply, so, pbuf, len, question,
+ from, fromlen, &sd0, NULL,
+ tnp->region, istcp, tnp->wildcard);
+
reply_nxdomain(&sreply);
goto tcpout;
case DNS_TYPE_CNAME:
@@ -1696,7 +1719,7 @@ tcpnxdomain:
break;
}
- type1 = lookup_zone(db, fakequestion, &sd1, &lzerrno, (char *)&fakereplystring);
+ type1 = lookup_zone(db, fakequestion, &sd1, &lzerrno, (char *)&fakereplystring, wildcard);
/* break CNAMES pointing to CNAMES */
if (type1 == DNS_TYPE_CNAME)
type1 = 0;
@@ -1717,8 +1740,10 @@ tcpnxdomain:
case DNS_CLASS_IN:
break;
default:
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, NULL, NULL, tnp->region, istcp);
+ build_reply( &sreply, so, pbuf, len, question,
+ from, fromlen, NULL, NULL, tnp->region,
+ istcp, tnp->wildcard);
+
reply_notimpl(&sreply);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
goto tcpout;
@@ -1727,18 +1752,21 @@ tcpnxdomain:
switch (ntohs(question->hdr->qtype)) {
case DNS_TYPE_A:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
+ build_reply(&sreply, so, pbuf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL), \
- tnp->region, istcp);
+ tnp->region, istcp, tnp->wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+
+ build_reply(&sreply, so, pbuf, len, question,
+ from, fromlen, &sd0, NULL,
+ tnp->region, istcp, tnp->wildcard);
+
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_A) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_a(&sreply, db);
break; /* must break here */
}
@@ -1747,18 +1775,18 @@ tcpnxdomain:
case DNS_TYPE_AAAA:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
+ build_reply(&sreply, so, pbuf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL), \
- tnp->region, istcp);
+ tnp->region, istcp, tnp->wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_AAAA) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from,
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from,
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_aaaa(&sreply, db);
break; /* must break here */
}
@@ -1767,18 +1795,18 @@ tcpnxdomain:
case DNS_TYPE_MX:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
+ build_reply(&sreply, so, pbuf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL), \
- tnp->region, istcp);
+ tnp->region, istcp, tnp->wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_MX) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_mx(&sreply, db);
break; /* must break here */
}
@@ -1786,20 +1814,20 @@ tcpnxdomain:
break;
case DNS_TYPE_SOA:
if (type0 == DNS_TYPE_SOA) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_soa(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ns(&sreply, db);
break;
}
break;
case DNS_TYPE_NS:
if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ns(&sreply, db);
}
break;
@@ -1807,12 +1835,12 @@ tcpnxdomain:
case DNS_TYPE_CNAME:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ns(&sreply, db);
break;
}
@@ -1820,18 +1848,18 @@ tcpnxdomain:
case DNS_TYPE_PTR:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
+ build_reply(&sreply, so, pbuf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL) \
- , tnp->region, istcp);
+ , tnp->region, istcp, tnp->wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_PTR) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from,
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from,
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_ptr(&sreply);
break; /* must break here */
}
@@ -1839,8 +1867,8 @@ tcpnxdomain:
case DNS_TYPE_TXT:
if (type0 == DNS_TYPE_TXT) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, tnp->region, istcp, tnp->wildcard);
reply_txt(&sreply);
}
break;
@@ -1856,13 +1884,13 @@ tcpnxdomain:
*/
if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, tnp->wildcard);
reply_ns(&sreply, db);
} else {
- BUILD_REPLY(sreply, so, pbuf, len, question, from, \
- fromlen, NULL, NULL, tnp->region, istcp);
+ build_reply(&sreply, so, pbuf, len, question, from, \
+ fromlen, NULL, NULL, tnp->region, istcp, tnp->wildcard);
reply_notimpl(&sreply);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
@@ -1951,6 +1979,10 @@ tcpnxdomain:
sin6 = (struct sockaddr_in6 *)from;
inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, (char *)&address, sizeof(address));
aregion = find_region((struct sockaddr_storage *)sin6, AF_INET6);
+ wildcard = find_wildcard((struct sockaddr_storage *)sin6, AF_INET6);
+#if 0
+ syslog(LOG_INFO, "wildcarding is %s", (wildcard ? "on" : "off"));
+#endif
} else if (from->sa_family == AF_INET) {
is_ipv6 = 0;
@@ -1958,6 +1990,7 @@ tcpnxdomain:
sin = (struct sockaddr_in *)from;
inet_ntop(AF_INET, (void *)&sin->sin_addr, (char *)&address, sizeof(address));
aregion = find_region((struct sockaddr_storage *)sin, AF_INET);
+ wildcard = find_wildcard((struct sockaddr_storage *)sin, AF_INET);
} else {
syslog(LOG_INFO, "packet received on descriptor %u interface \"%s\" had weird address family (%u), drop", so, ident[i], from->sa_family);
goto drop;
@@ -1985,7 +2018,7 @@ tcpnxdomain:
syslog(LOG_INFO, "on descriptor %u interface \"%s\" header from %s has no question, drop", so, ident[i], address);
/* format error */
- BUILD_REPLY(sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, wildcard);
reply_fmterror(&sreply);
syslog(LOG_INFO, "question on descriptor %d interface \"%s\" from %s, did not have question of 1 replying format error", so, ident[i], address);
goto drop;
@@ -2000,7 +2033,7 @@ tcpnxdomain:
/* goto drop beyond this point should goto out instead */
fakequestion = NULL;
- if ((type0 = lookup_zone(db, question, &sd0, &lzerrno, (char *)&replystring)) < 0) {
+ if ((type0 = lookup_zone(db, question, &sd0, &lzerrno, (char *)&replystring, wildcard)) < 0) {
switch (lzerrno) {
default:
syslog(LOG_INFO, "invalid lzerrno! dropping");
@@ -2023,10 +2056,10 @@ tcpnxdomain:
*/
memset(&sd0, 0, sizeof(sd0));
- (void)get_soa(db, question, &sd0);
+ (void)get_soa(db, question, &sd0, wildcard);
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_noerror(&sreply);
goto udpout;
@@ -2048,10 +2081,10 @@ udpnxdomain:
*/
memset(&sd0, 0, sizeof(sd0));
- (void)get_soa(db, question, &sd0);
+ (void)get_soa(db, question, &sd0, wildcard);
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_nxdomain(&sreply);
goto udpout;
case DNS_TYPE_CNAME:
@@ -2061,7 +2094,7 @@ udpnxdomain:
break;
}
- type1 = lookup_zone(db, fakequestion, &sd1, &lzerrno, (char *)&fakereplystring);
+ type1 = lookup_zone(db, fakequestion, &sd1, &lzerrno, (char *)&fakereplystring, wildcard);
/* break CNAMES pointing to CNAMES */
if (type1 == DNS_TYPE_CNAME)
type1 = 0;
@@ -2082,8 +2115,8 @@ udpnxdomain:
case DNS_CLASS_IN:
break;
default:
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, NULL, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, NULL, NULL, aregion, istcp, wildcard);
reply_notimpl(&sreply);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
goto udpout;
@@ -2092,18 +2125,18 @@ udpnxdomain:
switch (ntohs(question->hdr->qtype)) {
case DNS_TYPE_A:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
+ build_reply(&sreply, so, buf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL), \
- aregion, istcp);
+ aregion, istcp, wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_A) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_a(&sreply, db);
break; /* must break here */
}
@@ -2112,18 +2145,18 @@ udpnxdomain:
case DNS_TYPE_AAAA:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
+ build_reply(&sreply, so, buf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL), \
- aregion, istcp);
+ aregion, istcp, wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_AAAA) {
- BUILD_REPLY(sreply, so, buf, len, question, from,
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from,
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_aaaa(&sreply, db);
break; /* must break here */
}
@@ -2132,18 +2165,18 @@ udpnxdomain:
case DNS_TYPE_MX:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
+ build_reply(&sreply, so, buf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL), \
- aregion, istcp);
+ aregion, istcp, wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_MX) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_mx(&sreply, db);
break; /* must break here */
}
@@ -2151,20 +2184,20 @@ udpnxdomain:
break;
case DNS_TYPE_SOA:
if (type0 == DNS_TYPE_SOA) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_soa(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
break;
}
break;
case DNS_TYPE_NS:
if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
}
break;
@@ -2172,12 +2205,12 @@ udpnxdomain:
case DNS_TYPE_CNAME:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
break;
}
@@ -2185,26 +2218,26 @@ udpnxdomain:
case DNS_TYPE_PTR:
if (type0 == DNS_TYPE_CNAME) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
+ build_reply(&sreply, so, buf, len, question, from, \
fromlen, &sd0, ((type1 > 0) ? &sd1 : NULL) \
- , aregion, istcp);
+ , aregion, istcp, wildcard);
reply_cname(&sreply);
} else if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
break;
} else if (type0 == DNS_TYPE_PTR) {
- BUILD_REPLY(sreply, so, buf, len, question, from,
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from,
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ptr(&sreply);
break; /* must break here */
}
break;
case DNS_TYPE_TXT:
if (type0 == DNS_TYPE_TXT) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_txt(&sreply);
}
break;
@@ -2218,14 +2251,14 @@ udpnxdomain:
*/
if (type0 == DNS_TYPE_NS) {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, &sd0, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, &sd0, NULL, aregion, istcp, wildcard);
reply_ns(&sreply, db);
} else {
- BUILD_REPLY(sreply, so, buf, len, question, from, \
- fromlen, NULL, NULL, aregion, istcp);
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, NULL, NULL, aregion, istcp, wildcard);
reply_notimpl(&sreply);
snprintf(replystring, DNS_MAXNAME, "NOTIMPL");
}
@@ -2254,3 +2287,28 @@ udpnxdomain:
/* NOTREACHED */
}
+
+/*
+ * BUILD_REPLY - a function that populates struct reply from arguments, doesn't
+ * return anything. This replaces the alias BUILD_REPLY.
+ *
+ */
+
+void
+build_reply(struct sreply *reply, int so, char *buf, int len, struct question *q, struct sockaddr *sa, socklen_t slen, struct domain *sd1, struct domain *sd2, u_int8_t region, int istcp, int wildcard)
+{
+ reply->so = so;
+ reply->buf = buf;
+ reply->len = len;
+ reply->q = q;
+ reply->sa = sa;
+ reply->salen = slen;
+ reply->sd1 = sd1;
+ reply->sd2 = sd2;
+ reply->region = region;
+ reply->istcp = istcp;
+ reply->wildcard = wildcard;
+
+ return;
+}
+
blob - 863cb7f7c59a0637cb3b537514b588dddbef73bf
blob + fc9d5e8105f524f5fc1095ac7300fdc609f7e749
--- parse.c
+++ parse.c
@@ -33,6 +33,7 @@ extern char * dns_label(char *, int *);
extern u_int8_t find_region(struct sockaddr_storage *sst, int family);
extern void init_region(void);
extern int insert_region(char *address, char *prefix, u_int8_t region);
+extern int insert_wildcard(char *address, char *prefixlen);
struct myrr_lookup {
char *name;
@@ -52,7 +53,9 @@ struct myrr_lookup {
{ NULL, 0 },
};
-enum { CMD_TYPE_VERSION = 1, CMD_TYPE_REGION, CMD_TYPE_ZONE, CMD_TYPE_INCLUDE };
+enum { CMD_TYPE_VERSION = 1, CMD_TYPE_REGION,
+ CMD_TYPE_ZONE, CMD_TYPE_INCLUDE,
+ CMD_TYPE_WILDCARDONLYFOR };
struct cmd_lookup {
char *name;
@@ -62,20 +65,22 @@ struct cmd_lookup {
{ "region ", CMD_TYPE_REGION },
{ "zone ", CMD_TYPE_ZONE },
{ "include ", CMD_TYPE_INCLUDE },
+ { "wildcard-only-for ", CMD_TYPE_WILDCARDONLYFOR },
{ NULL, 0},
};
-#define CONFIG_START 0x1
-#define CONFIG_VERSION 0x2
-#define CONFIG_REGION 0x4
-#define CONFIG_ZONE 0x8
-#define CONFIG_INCLUDE 0x10
+#define CONFIG_START 0x1
+#define CONFIG_VERSION 0x2
+#define CONFIG_REGION 0x4
+#define CONFIG_ZONE 0x8
+#define CONFIG_INCLUDE 0x10
+#define CONFIG_WILDCARDONLYFOR 0x20
-#define WILDCARDVERSION 2
+#define WILDCARDVERSION 3
static u_int32_t config = 0;
-static const char rcsid[] = "$Id: parse.c,v 1.23 2010/04/01 20:05:04 pbug Exp $";
+static const char rcsid[] = "$Id: parse.c,v 1.24 2010/04/05 11:54:13 pbug Exp $";
/*
* PARSE_FILE - parse the configfile XXX rewrite me in yacc :(
@@ -260,6 +265,22 @@ parse_file(DB *db, char *file)
confstatus |= CONFIG_REGION;
confstatus &= ~CONFIG_START;
goto loop;
+ case CMD_TYPE_WILDCARDONLYFOR:
+ if ((config & CONFIG_VERSION) != CONFIG_VERSION) {
+ syslog(LOG_INFO, "must have version at top of config\n");
+ fclose(f);
+ return (-1);
+ }
+ if (strchr(starttoken, '{') == NULL) {
+ syslog(LOG_INFO, "must have opening brace ('{') in wildcard-only-for entry on line %d", line);
+ fclose(f);
+ return (-1);
+ }
+ config |= CONFIG_WILDCARDONLYFOR;
+
+ confstatus |= CONFIG_WILDCARDONLYFOR;
+ confstatus &= ~CONFIG_START;
+ goto loop;
} /* switch */
break;
@@ -1092,6 +1113,43 @@ skip:
return (-1);
}
} /* CONFIG_REGION */
+ if (confstatus & CONFIG_WILDCARDONLYFOR) {
+ if (*starttoken == '}') {
+ confstatus &= ~(CONFIG_WILDCARDONLYFOR);
+ confstatus |= CONFIG_START;
+ region++;
+ goto loop;
+ }
+
+ p = strchr(starttoken, '/');
+ if (p == NULL) {
+ if (*starttoken == '\n')
+ goto loop;
+
+ syslog(LOG_INFO, "(31) malformed line, line %d", line);
+ fclose(f);
+ return (-1);
+ }
+
+ *p++ = '\0';
+
+ address = starttoken;
+ starttoken = p;
+
+ p = strchr(starttoken, ';');
+ if (p == NULL) {
+ syslog(LOG_INFO, "(32) malformed line, line %d, must have closing semi-colon", line);
+ fclose(f);
+ return (-1);
+ }
+
+ *p = '\0';
+ if (insert_wildcard(address, starttoken) < 0) {
+ syslog(LOG_INFO, "address on line %d, is malformed", line);
+ fclose(f);
+ return (-1);
+ }
+ } /* CONFIG_WILDCARDONLYFOR */
loop:
continue;
blob - 8145315e7a7b76c9fcb705fe78e25e06bc5c61bb
blob + 081efa819e18ced9648625d9aed72a27a55c1bef
--- region.c
+++ region.c
@@ -48,7 +48,7 @@ struct entry {
} *n1, *n2, *np;
-static const char rcsid[] = "$Id: region.c,v 1.4 2010/03/27 10:25:20 pbug Exp $";
+static const char rcsid[] = "$Id: region.c,v 1.5 2010/04/05 11:54:13 pbug Exp $";
/*
* INIT_REGION - initialize the region singly linked list
@@ -208,6 +208,10 @@ getmask(int prefixlen)
{
in_addr_t ret = 0xffffffff;
+ /* I know it's cheating */
+ if (prefixlen > 31)
+ return (htonl(ret));
+
ret >>= prefixlen; /* 0x00ffffff */
ret = ~ret; /* 0xff000000 */
@@ -236,9 +240,11 @@ getmask6(int prefixlen, struct sockaddr_in6 *sin6)
nm[3] = (nm[2] + 1);
for (i = 0, j = 0; j < prefixlen; j++) {
- *nm[i] >>= 1;
- if (*nm[i] == 0)
+ if (*nm[i] == 1) {
+ *nm[i] = 0;
i++;
+ } else
+ *nm[i] >>= 1;
}
*nm[0] = htonl(~ *nm[0]);
*nm[1] = htonl(~ *nm[1]);
blob - 6efb93559ff0284bc143dff749afccac649b82c6
blob + 900e7ad635780288b4e33b086730cc06ca7c850f
--- reply.c
+++ reply.c
@@ -49,10 +49,10 @@ extern int additional_ptr(char *, int, struct domain *
extern struct question * build_fake_question(char *, int, u_int16_t);
extern int free_question(struct question *);
-extern int lookup_zone(DB *, struct question *, struct domain *, int *, char *);
+extern int lookup_zone(DB *, struct question *, struct domain *, int *, char *, int);
void update_db(DB *, struct domain *);
-struct domain * Lookup_zone(DB *db, char *name, int namelen, u_int16_t type);
+struct domain * Lookup_zone(DB *db, char *name, int namelen, u_int16_t type, int);
void collects_init(void);
@@ -67,7 +67,7 @@ struct collects {
} *cn1, *cn2, *cnp;
-static const char rcsid[] = "$Id: reply.c,v 1.21 2010/04/01 20:05:04 pbug Exp $";
+static const char rcsid[] = "$Id: reply.c,v 1.22 2010/04/05 11:54:13 pbug Exp $";
/*
* REPLY_A() - replies a DNS question (*q) on socket (so)
@@ -83,7 +83,6 @@ reply_a(struct sreply *sreply, DB *db)
int a_count;
int mod, pos;
int ttlhack = 0;
- u_int16_t *plen;
struct answer {
char name[2];
@@ -107,11 +106,7 @@ reply_a(struct sreply *sreply, DB *db)
u_int8_t region = sreply->region;
int istcp = sreply->istcp;
- if (istcp) {
- plen = (u_int16_t *)&reply[0];
- odh = (struct dns_header *)&reply[2];
- } else
- odh = (struct dns_header *)&reply[0];
+ odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -119,10 +114,7 @@ reply_a(struct sreply *sreply, DB *db)
return;
}
- if (istcp) {
- memcpy(&reply[2], buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
- } else
- memcpy(&reply, buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
+ memcpy(&reply, buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
memset((char *)&odh->query, 0, sizeof(u_int16_t));
outlen += (q->hdr->namelen + 4);
@@ -138,12 +130,8 @@ reply_a(struct sreply *sreply, DB *db)
odh->additional = 0;
/* skip dns header, question name, qtype and qclass */
- if (istcp)
- answer = (struct answer *)(&reply[2] + sizeof(struct dns_header) +
+ answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
q->hdr->namelen + 4);
- else
- answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
- q->hdr->namelen + 4);
/* if we aren't a balance record our region code is 0xff so check */
if (sd->region[sd->a_ptr] != 0xff) {
@@ -198,14 +186,24 @@ reply_a(struct sreply *sreply, DB *db)
odh->answer = htons(a_count);
}
- if (istcp)
- *plen = htons(outlen);
-
out:
if (istcp) {
- if (send(so, reply, outlen + 2, 0) < 0) {
- syslog(LOG_INFO, "sendto: %m");
+ char *tmpbuf;
+ u_int16_t *plen;
+
+ tmpbuf = malloc(outlen + 2);
+ if (tmpbuf == NULL) {
+ syslog(LOG_INFO, "malloc: %m");
}
+ plen = (u_int16_t *)tmpbuf;
+ *plen = htons(outlen);
+
+ memcpy(&tmpbuf[2], reply, outlen);
+
+ if (send(so, tmpbuf, outlen + 2, 0) < 0) {
+ syslog(LOG_INFO, "send: %m");
+ }
+ free(tmpbuf);
} else {
if (sendto(so, reply, outlen, 0, sa, salen) < 0) {
syslog(LOG_INFO, "sendto: %m");
@@ -236,7 +234,6 @@ reply_aaaa(struct sreply *sreply, DB *db)
int outlen;
int aaaa_count;
int mod, pos;
- u_int16_t *plen;
struct answer {
char name[2];
@@ -259,26 +256,15 @@ reply_aaaa(struct sreply *sreply, DB *db)
int istcp = sreply->istcp;
-#if 0
- memset(&reply, 0, sizeof(reply));
-#endif
+ odh = (struct dns_header *)&reply[0];
- if (istcp) {
- plen = (u_int16_t *)&reply[0];
- odh = (struct dns_header *)&reply[2];
- } else
- odh = (struct dns_header *)&reply[0];
-
outlen = sizeof(struct dns_header);
if (len > sizeof(reply)) {
return;
}
- if (istcp) {
- memcpy(&reply[2], buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
- } else
- memcpy(&reply, buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
+ memcpy(&reply, buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
memset((char *)&odh->query, 0, sizeof(u_int16_t));
outlen += (q->hdr->namelen + 4);
@@ -294,12 +280,8 @@ reply_aaaa(struct sreply *sreply, DB *db)
odh->additional = 0;
/* skip dns header, question name, qtype and qclass */
- if (istcp)
- answer = (struct answer *)(&reply[2] + sizeof(struct dns_header) +
+ answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
q->hdr->namelen + 4);
- else
- answer = (struct answer *)(&reply[0] + sizeof(struct dns_header) +
- q->hdr->namelen + 4);
aaaa_count = 0;
@@ -334,11 +316,22 @@ reply_aaaa(struct sreply *sreply, DB *db)
out:
if (istcp) {
+ char *tmpbuf;
+ u_int16_t *plen;
+
+ tmpbuf = malloc(outlen + 2);
+ if (tmpbuf == NULL) {
+ syslog(LOG_INFO, "malloc: %m");
+ }
+ plen = (u_int16_t *)tmpbuf;
*plen = htons(outlen);
- if (send(so, reply, outlen + 2, 0) < 0) {
- syslog(LOG_INFO, "sendto: %m");
+ memcpy(&tmpbuf[2], reply, outlen);
+
+ if (send(so, tmpbuf, outlen + 2, 0) < 0) {
+ syslog(LOG_INFO, "send: %m");
}
+ free(tmpbuf);
} else {
if (sendto(so, reply, outlen, 0, sa, salen) < 0) {
syslog(LOG_INFO, "sendto: %m");
@@ -390,6 +383,7 @@ reply_mx(struct sreply *sreply, DB *db)
int salen = sreply->salen;
struct domain *sd = sreply->sd1;
int istcp = sreply->istcp;
+ int wildcard = sreply->wildcard;
odh = (struct dns_header *)&reply[0];
@@ -435,7 +429,7 @@ reply_mx(struct sreply *sreply, DB *db)
name = sd->mx[mx_count]->exchange;
namelen = sd->mx[mx_count]->exchangelen;
- sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_A));
+ sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_A), wildcard);
if (sd0 != NULL) {
cn1 = malloc(sizeof(struct collects));
if (cn1 != NULL) {
@@ -450,7 +444,7 @@ reply_mx(struct sreply *sreply, DB *db)
}
}
}
- sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_AAAA));
+ sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_AAAA), wildcard);
if (sd0 != NULL) {
cn1 = malloc(sizeof(struct collects));
if (cn1 != NULL) {
@@ -576,6 +570,7 @@ reply_ns(struct sreply *sreply, DB *db)
int salen = sreply->salen;
struct domain *sd = sreply->sd1;
int istcp = sreply->istcp;
+ int wildcard = sreply->wildcard;
#if 0
memset(&reply, 0, sizeof(reply));
@@ -644,7 +639,7 @@ reply_ns(struct sreply *sreply, DB *db)
memcpy((char *)&answer->ns, (char *)name, namelen);
- sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_A));
+ sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_A), wildcard);
if (sd0 != NULL) {
cn1 = malloc(sizeof(struct collects));
if (cn1 != NULL) {
@@ -660,7 +655,7 @@ reply_ns(struct sreply *sreply, DB *db)
}
}
- sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_AAAA));
+ sd0 = Lookup_zone(db, name, namelen, htons(DNS_TYPE_AAAA), wildcard);
if (sd0 != NULL) {
cn1 = malloc(sizeof(struct collects));
if (cn1 != NULL) {
@@ -1384,7 +1379,6 @@ reply_notimpl(struct sreply *sreply)
char reply[512];
struct dns_header *odh;
int outlen;
- u_int16_t *plen;
int so = sreply->so;
char *buf = sreply->buf;
@@ -1398,11 +1392,7 @@ reply_notimpl(struct sreply *sreply)
struct question *q = sreply->q;
#endif
- if (istcp) {
- plen = (u_int16_t *)&reply[0];
- odh = (struct dns_header *)&reply[2];
- } else
- odh = (struct dns_header *)&reply[0];
+ odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -1410,10 +1400,7 @@ reply_notimpl(struct sreply *sreply)
return;
}
- if (istcp) {
- memcpy(&reply[2], buf, len);
- } else
- memcpy(&reply, buf, len);
+ memcpy(&reply, buf, len);
memset((char *)&odh->query, 0, sizeof(u_int16_t));
@@ -1422,11 +1409,24 @@ reply_notimpl(struct sreply *sreply)
HTONS(odh->query);
+
if (istcp) {
- *plen = htons(len);
- if (send(so, reply, len + 2, 0) < 0) {
+ char *tmpbuf;
+ u_int16_t *plen;
+
+ tmpbuf = malloc(outlen + 2);
+ if (tmpbuf == NULL) {
+ syslog(LOG_INFO, "malloc: %m");
+ }
+ plen = (u_int16_t *)tmpbuf;
+ *plen = htons(outlen);
+
+ memcpy(&tmpbuf[2], reply, outlen);
+
+ if (send(so, tmpbuf, outlen + 2, 0) < 0) {
syslog(LOG_INFO, "send: %m");
}
+ free(tmpbuf);
} else {
if (sendto(so, reply, len, 0, sa, salen) < 0) {
syslog(LOG_INFO, "sendto: %m");
@@ -1692,7 +1692,6 @@ reply_fmterror(struct sreply *sreply)
char reply[512];
struct dns_header *odh;
int outlen;
- u_int16_t *plen;
int so = sreply->so;
int len = sreply->len;
@@ -1703,11 +1702,7 @@ reply_fmterror(struct sreply *sreply)
memset(&reply, 0, sizeof(reply));
- if (istcp) {
- plen = (u_int16_t *)&reply[0];
- odh = (struct dns_header *)&reply[2];
- } else
- odh = (struct dns_header *)&reply[0];
+ odh = (struct dns_header *)&reply[0];
outlen = sizeof(struct dns_header);
@@ -1724,10 +1719,22 @@ reply_fmterror(struct sreply *sreply)
HTONS(odh->query);
if (istcp) {
- *plen = htons(sizeof(struct dns_header));
- if (send(so, reply, *plen + 2, 0) < 0) {
+ char *tmpbuf;
+ u_int16_t *plen;
+
+ tmpbuf = malloc(outlen + 2);
+ if (tmpbuf == NULL) {
+ syslog(LOG_INFO, "malloc: %m");
+ }
+ plen = (u_int16_t *)tmpbuf;
+ *plen = htons(outlen);
+
+ memcpy(&tmpbuf[2], reply, outlen);
+
+ if (send(so, tmpbuf, outlen + 2, 0) < 0) {
syslog(LOG_INFO, "send: %m");
}
+ free(tmpbuf);
} else {
if (sendto(so, reply, sizeof(struct dns_header), 0, sa, salen) < 0) {
syslog(LOG_INFO, "sendto: %m");
@@ -2022,7 +2029,7 @@ update_db(DB *db, struct domain *sd)
*/
struct domain *
-Lookup_zone(DB *db, char *name, int namelen, u_int16_t type)
+Lookup_zone(DB *db, char *name, int namelen, u_int16_t type, int wildcard)
{
struct domain *sd;
struct question *fakequestion;
@@ -2043,7 +2050,7 @@ Lookup_zone(DB *db, char *name, int namelen, u_int16_t
return (NULL);
}
- mytype = lookup_zone(db, fakequestion, sd, &lzerrno, (char *)&fakereplystring);
+ mytype = lookup_zone(db, fakequestion, sd, &lzerrno, (char *)&fakereplystring, wildcard);
if (mytype < 0) {
free(sd);
blob - 68f4744263bbf2cb738978748b36867814ef1037
blob + 90baf5ce425ee4db8d806a040a3aead4fd0c4db9
--- wildcarddns.conf
+++ wildcarddns.conf
@@ -1,6 +1,6 @@
; sample config file that is in production.
;
-version "2";
+version "3";
; this is for the host dione.centroid.eu which is in Panama
; it serves best for the Americas and Australia (?)
blob - a5a3d3e5d2040b3cd34294b4e751a1312e32a733
blob + 0189cdbfc4e548e29856a2d896229840fa0f8b9d
--- wildcarddnsd.8
+++ wildcarddnsd.8
@@ -42,7 +42,6 @@
.Oc
.Op Fl l
.Op Fl p Ar port
-.Op Fl W
.Sh DESCRIPTION
.Nm
is the daemon that runs Wildcard DNS.
@@ -94,8 +93,6 @@ should listen on. This can be useful when using
.Nm
with
.Xr pf 4 .
-.It Fl W
-Wildcarding is turned off, a nonexistent record returns NXDOMAIN.
.El
.Sh FILES
.Pa /etc/wildcarddns.conf
blob - 49da37d988c0fdd7751cd1d76248d8735a8efd74
blob + eb5f6159d612627e80101edcc9eb505c5939a146
--- wildcarddnsd.cat8
+++ wildcarddnsd.cat8
@@ -5,7 +5,7 @@ NNAAMMEE
SSYYNNOOPPSSIISS
wwiillddccaarrddddnnssdd [[--bb _a_d_d_r_e_s_s] [...]] [--ff _f_i_l_e] [[--ii _i_n_t_e_r_f_a_c_e] [...]] [--ll]
- [--pp _p_o_r_t] [--WW]
+ [--pp _p_o_r_t]
DDEESSCCRRIIPPTTIIOONN
wwiillddccaarrddddnnssdd is the daemon that runs Wildcard DNS.
@@ -30,8 +30,6 @@ DDEESSCCRRIIPPTTIIOONN
--pp _p_o_r_t
Specifies the _p_o_r_t that wwiillddccaarrddddnnssdd should listen on. This can
be useful when using wwiillddccaarrddddnnssdd with pf(4).
-
- --WW Wildcarding is turned off, a nonexistent record returns NXDOMAIN.
FFIILLEESS
_/_e_t_c_/_w_i_l_d_c_a_r_d_d_n_s_._c_o_n_f
repomaster@centroid.eu