Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix problem with --dnssec-timestamp

Browse Source 
whereby receipt of SIGHUP would erroneously engage timestamp checking.
This commit is contained in:
Kevin Darbyshire-Bryant
2016-07-11 21:03:27 +01:00
committed by Simon Kelley
parent 1d07667ac7
commit 06093a9a84
4 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -17,6 +17,10 @@ version 2.77
Thanks to Ivan Kokshaysky for the diagnosis and Thanks to Ivan Kokshaysky for the diagnosis and
patch. patch.
Fix problem with --dnssec-timestamp whereby receipt
of SIGHUP would erroneously engage timestamp checking.
Thanks to Kevin Darbyshire-Bryant for this work.
version 2.76 version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range Include 0.0.0.0/8 in DNS rebind checks. This range

7
src/dnsmasq.c
View File

@@ -750,7 +750,8 @@ int main (int argc, char **argv)
my_syslog(LOG_INFO, _("DNSSEC validation enabled")); my_syslog(LOG_INFO, _("DNSSEC validation enabled"));
if (option_bool(OPT_DNSSEC_TIME)) daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload")); my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
if (rc == 1) if (rc == 1)
@@ -1226,10 +1227,10 @@ static void async_event(int pipe, time_t now)
{ {
case EVENT_RELOAD: case EVENT_RELOAD:
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME)) if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
{ {
my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps")); my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
reset_option_bool(OPT_DNSSEC_TIME); daemon->dnssec_no_time_check = 0;
} }
#endif #endif
/* fall through */ /* fall through */

1
src/dnsmasq.h
View File

@@ -992,6 +992,7 @@ extern struct daemon {
#endif #endif
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
struct ds_config *ds; struct ds_config *ds;
int dnssec_no_time_check;
int back_to_the_future; int back_to_the_future;
char *timestamp_file; char *timestamp_file;
#endif #endif

5
src/dnssec.c
View File

@@ -522,15 +522,16 @@ static int check_date_range(u32 date_start, u32 date_end)
if (utime(daemon->timestamp_file, NULL) != 0) if (utime(daemon->timestamp_file, NULL) != 0)
my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno)); my_syslog(LOG_ERR, _("failed to update mtime on %s: %s"), daemon->timestamp_file, strerror(errno));
my_syslog(LOG_INFO, _("system time considered valid, now checking DNSSEC signature timestamps."));
daemon->back_to_the_future = 1; daemon->back_to_the_future = 1;
set_option_bool(OPT_DNSSEC_TIME); daemon->dnssec_no_time_check = 0;
queue_event(EVENT_RELOAD); /* purge cache */ queue_event(EVENT_RELOAD); /* purge cache */
} }
if (daemon->back_to_the_future == 0) if (daemon->back_to_the_future == 0)
return 1; return 1;
} }
else if (option_bool(OPT_DNSSEC_TIME)) else if (daemon->dnssec_no_time_check)
return 1; return 1;
/* We must explicitly check against wanted values, because of SERIAL_UNDEF */ /* We must explicitly check against wanted values, because of SERIAL_UNDEF */