Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-24 12:48:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Remove --dnssec-permissive, pointless if we don't set CD upstream.

Browse Source
This commit is contained in:
Simon Kelley
2014-01-26 09:33:21 +00:00
parent 703c7ff429
commit 7d23a66ff0
3 changed files with 4 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/dnssec.c
View File

@@ -1382,7 +1382,7 @@ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name
for (q = ntohs(header->qdcount); q != 0; q--) for (q = ntohs(header->qdcount); q != 0; q--)
{ {
if (!extract_name(header, plen, &p, name, 1, 4)) if (!extract_name(header, plen, &p, name, 1, 4))
return digest; /* bad packet */ break; /* bad packet */
len = to_wire(name); len = to_wire(name);
hash->update(ctx, len, (unsigned char *)name); hash->update(ctx, len, (unsigned char *)name);
@@ -1391,7 +1391,7 @@ unsigned char* hash_questions(struct dns_header *header, size_t plen, char *name
p += 4; p += 4;
if (!CHECK_LEN(header, p, plen, 0)) if (!CHECK_LEN(header, p, plen, 0))
return digest; /* bad packet */ break; /* bad packet */
} }
hash->digest(ctx, hash->digest_size, digest); hash->digest(ctx, hash->digest_size, digest);

15
src/forward.c
View File

@@ -608,20 +608,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
if (no_cache && !(header->hb4 & HB4_CD)) if (no_cache && !(header->hb4 & HB4_CD))
{ {
if (option_bool(OPT_DNSSEC_PERMISS)) if (!option_bool(OPT_DNSSEC_DEBUG))
{
unsigned short type;
char types[20];
if (extract_request(header, (size_t)n, daemon->namebuff, &type))
{
querystr("", types, type);
my_syslog(LOG_WARNING, _("DNSSEC validation failed: query %s%s"), daemon->namebuff, types);
}
else
my_syslog(LOG_WARNING, _("DNSSEC validation failed for unknown query"));
}
else
{ {
/* Bogus reply, turn into SERVFAIL */ /* Bogus reply, turn into SERVFAIL */
SET_RCODE(header, SERVFAIL); SET_RCODE(header, SERVFAIL);

5
src/option.c
View File

@@ -140,8 +140,7 @@ struct myoption {
#define LOPT_QUIET_RA 328 #define LOPT_QUIET_RA 328
#define LOPT_SEC_VALID 329 #define LOPT_SEC_VALID 329
#define LOPT_DNSKEY 330 #define LOPT_DNSKEY 330
#define LOPT_DNSSEC_PERM 331 #define LOPT_DNSSEC_DEBUG 331
#define LOPT_DNSSEC_DEBUG 332
#ifdef HAVE_GETOPT_LONG #ifdef HAVE_GETOPT_LONG
static const struct option opts[] = static const struct option opts[] =
@@ -279,7 +278,6 @@ static const struct myoption opts[] =
{ "synth-domain", 1, 0, LOPT_SYNTH }, { "synth-domain", 1, 0, LOPT_SYNTH },
{ "dnssec", 0, 0, LOPT_SEC_VALID }, { "dnssec", 0, 0, LOPT_SEC_VALID },
{ "dnskey", 1, 0, LOPT_DNSKEY }, { "dnskey", 1, 0, LOPT_DNSKEY },
{ "dnssec-permissive", 0, 0, LOPT_DNSSEC_PERM },
{ "dnssec-debug", 0, 0, LOPT_DNSSEC_DEBUG }, { "dnssec-debug", 0, 0, LOPT_DNSSEC_DEBUG },
#ifdef OPTION6_PREFIX_CLASS #ifdef OPTION6_PREFIX_CLASS
{ "dhcp-prefix-class", 1, 0, LOPT_PREF_CLSS }, { "dhcp-prefix-class", 1, 0, LOPT_PREF_CLSS },
@@ -433,7 +431,6 @@ static struct {
{ LOPT_SYNTH, ARG_DUP, "<domain>,<range>,[<prefix>]", gettext_noop("Specify a domain and address range for synthesised names"), NULL }, { LOPT_SYNTH, ARG_DUP, "<domain>,<range>,[<prefix>]", gettext_noop("Specify a domain and address range for synthesised names"), NULL },
{ LOPT_SEC_VALID, OPT_DNSSEC_VALID, NULL, gettext_noop("Activate DNSSEC validation"), NULL }, { LOPT_SEC_VALID, OPT_DNSSEC_VALID, NULL, gettext_noop("Activate DNSSEC validation"), NULL },
{ LOPT_DNSKEY, ARG_DUP, "<domain>,<algo>,<key>", gettext_noop("Specify trust anchor DNSKEY"), NULL }, { LOPT_DNSKEY, ARG_DUP, "<domain>,<algo>,<key>", gettext_noop("Specify trust anchor DNSKEY"), NULL },
{ LOPT_DNSSEC_PERM, OPT_DNSSEC_PERMISS, NULL, gettext_noop("Do NOT return SERVFAIL whne DNSSEC validation fails."), NULL },
{ LOPT_DNSSEC_DEBUG, OPT_DNSSEC_DEBUG, NULL, gettext_noop("Disable upstream checking for DNSSEC debugging."), NULL }, { LOPT_DNSSEC_DEBUG, OPT_DNSSEC_DEBUG, NULL, gettext_noop("Disable upstream checking for DNSSEC debugging."), NULL },
#ifdef OPTION6_PREFIX_CLASS #ifdef OPTION6_PREFIX_CLASS
{ LOPT_PREF_CLSS, ARG_DUP, "set:tag,<class>", gettext_noop("Specify DHCPv6 prefix class"), NULL }, { LOPT_PREF_CLSS, ARG_DUP, "set:tag,<class>", gettext_noop("Specify DHCPv6 prefix class"), NULL },