Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

RRSIGS for PTR records from cache.

Browse Source
This commit is contained in:
Simon Kelley
2014-01-24 22:37:25 +00:00
parent 32f90c0fad
commit 2d33bda2e6
3 changed files with 72 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/cache.c
View File

@@ -1255,7 +1255,7 @@ void dump_cache(time_t now)
{ {
char *a = daemon->addrbuff, *p = daemon->namebuff, *n = cache_get_name(cache); char *a = daemon->addrbuff, *p = daemon->namebuff, *n = cache_get_name(cache);
*a = 0; *a = 0;
if (strlen(n) == 0) if (strlen(n) == 0 && !(cache->flags & F_REVERSE))
n = "<Root>"; n = "<Root>";
p += sprintf(p, "%-40.40s ", n); p += sprintf(p, "%-40.40s ", n);
if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache)) if ((cache->flags & F_CNAME) && !is_outdated_cname_pointer(cache))

2
src/dnssec.c
View File

@@ -581,7 +581,7 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in
/* If it's a type we're going to cache, cache the RRISG too */ /* If it's a type we're going to cache, cache the RRISG too */
if (type_covered == T_A || type_covered == T_AAAA || if (type_covered == T_A || type_covered == T_AAAA ||
type_covered == T_CNAME || type_covered == T_DS || type_covered == T_CNAME || type_covered == T_DS ||
type_covered == T_DNSKEY) type_covered == T_DNSKEY || type_covered == T_PTR)
{ {
struct all_addr a; struct all_addr a;
struct blockdata *block; struct blockdata *block;

35
src/rfc1035.c
View File

@@ -984,6 +984,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
{ {
if (!cname_count--) if (!cname_count--)
return 0; /* looped CNAMES */ return 0; /* looped CNAMES */
secflag = 0; /* no longer DNSSEC */
goto cname_loop; goto cname_loop;
} }
@@ -1708,6 +1709,38 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
} }
else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa))) else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
{
#ifdef HAVE_DNSSEC
if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) &&
(crecp->flags & F_DNSSECOK) &&
!(crecp->flags & F_NEG) &&
sec_reqd &&
option_bool(OPT_DNSSEC_VALID))
{
int gotsig = 0;
crecp = NULL;
while ((crecp = cache_find_by_name(crecp, name, now, F_DS | F_DNSKEY)))
{
if (crecp->addr.sig.type_covered == T_PTR && crecp->uid == C_IN)
{
char *sigdata = blockdata_retrieve(crecp->addr.sig.keydata, crecp->addr.sig.keylen, NULL);
gotsig = 1;
if (!dryrun &&
add_resource_record(header, limit, &trunc, nameoffset, &ansp,
crecp->ttd - now, &nameoffset,
T_RRSIG, C_IN, "t", crecp->addr.sig.keylen, sigdata))
anscount++;
}
}
/* Need to re-run original cache search */
crecp = gotsig ? cache_find_by_addr(NULL, &addr, now, is_arpa) : NULL;
}
#endif
if (crecp)
{
do do
{ {
/* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */ /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
@@ -1743,6 +1776,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
} }
} while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa))); } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
}
}
else if (is_rev_synth(is_arpa, &addr, name)) else if (is_rev_synth(is_arpa, &addr, name))
{ {
ans = 1; ans = 1;