Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Restore ability to answer non-recursive requests

Browse Source 
Instead, check only local configured entries are answered without
rdbit set. All cached replies are still denied, but locally configured
names are available with both recursion and without it.

Fixes commit 4139298d28 unintended
behaviour.
This commit is contained in:
Petr Menšík
2019-04-12 15:29:00 +02:00
committed by Simon Kelley
parent 306888afb3
commit 29ae308398
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/rfc1035.c
View File

@@ -1302,6 +1302,10 @@ static unsigned long crec_ttl(struct crec *crecp, time_t now)
return daemon->max_ttl; return daemon->max_ttl;
} }
static int cache_validated(const struct crec *crecp)
{
return (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK));
}
/* return zero if we can't answer from cache, or packet size if we can */ /* return zero if we can't answer from cache, or packet size if we can */
size_t answer_request(struct dns_header *header, char *limit, size_t qlen, size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
@@ -1320,10 +1324,10 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1; int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1;
struct mx_srv_record *rec; struct mx_srv_record *rec;
size_t len; size_t len;
int rd_bit = (header->hb3 & HB3_RD);
/* never answer queries with RD unset, to avoid cache snooping. */ /* never answer queries with RD unset, to avoid cache snooping. */
if (!(header->hb3 & HB3_RD) || if (ntohs(header->ancount) != 0 ||
ntohs(header->ancount) != 0 ||
ntohs(header->nscount) != 0 || ntohs(header->nscount) != 0 ||
ntohs(header->qdcount) == 0 || ntohs(header->qdcount) == 0 ||
OPCODE(header) != QUERY ) OPCODE(header) != QUERY )
@@ -1372,9 +1376,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
/* If the client asked for DNSSEC don't use cached data. */ /* If the client asked for DNSSEC don't use cached data. */
if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
!do_bit || (rd_bit && (!do_bit || cache_validated(crecp))))
(option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
{ {
if (crecp->flags & F_CONFIG || qtype == T_CNAME) if (crecp->flags & F_CONFIG || qtype == T_CNAME)
ans = 1; ans = 1;
@@ -1544,8 +1546,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
the zone is unsigned, which implies that we're doing the zone is unsigned, which implies that we're doing
validation. */ validation. */
if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
!do_bit || (rd_bit && (!do_bit || cache_validated(crecp)) ))
(option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
{ {
do do
{ {
@@ -1726,8 +1727,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
/* If the client asked for DNSSEC don't use cached data. */ /* If the client asked for DNSSEC don't use cached data. */
if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) || if ((crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) ||
!do_bit || (rd_bit && (!do_bit || cache_validated(crecp)) ))
(option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))
do do
{ {
/* don't answer wildcard queries with data not from /etc/hosts /* don't answer wildcard queries with data not from /etc/hosts
@@ -1870,7 +1870,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (!found) if (!found)
{ {
if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | (dryrun ? F_NO_RR : 0))) && if ((crecp = cache_find_by_name(NULL, name, now, F_SRV | (dryrun ? F_NO_RR : 0))) &&
(!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK)))) rd_bit && (!do_bit || (option_bool(OPT_DNSSEC_VALID) && !(crecp->flags & F_DNSSECOK))))
{ {
if (!(crecp->flags & F_DNSSECOK)) if (!(crecp->flags & F_DNSSECOK))
sec_data = 0; sec_data = 0;