Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve handling of non-QUERY DNS requests.

Browse Source 
We can't answer and shouldn't forward non-QUERY DNS requests.

This patch fixes handling such requests from TCP connections; before
the connection would be closed without reply.

It also changes the RCODE in the answer from REFUSED to NOTIMP and
provides clearer logging.
This commit is contained in:
Simon Kelley
2024-12-13 23:00:21 +00:00
parent 3b74df4f55
commit ab177cb153
4 changed files with 234 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/rfc1035.c
View File

@@ -1240,6 +1240,8 @@ void setup_reply(struct dns_header *header, unsigned int flags, int ede)
SET_RCODE(header, NOERROR); /* empty domain */
else if (flags == F_NXDOMAIN)
SET_RCODE(header, NXDOMAIN);
else if (flags == F_RCODE)
SET_RCODE(header, NOTIMP);
else if (flags & ( F_IPV4 | F_IPV6))
{
SET_RCODE(header, NOERROR);
@@ -2182,7 +2184,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (flags & F_NXDOMAIN)
nxdomain = 1;
else if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype))
flags |= F_NEG | F_CONFIG;
flags |= F_NEG | F_CONFIG;
auth = 0;
ans = 1;
@@ -2210,8 +2212,8 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
anscount++;
/* log after cache insertion as log_txt mangles rrdata */
if (qtype == T_TXT && !(crecp->flags & F_NEG))
log_txt(name, (unsigned char *)rrdata, rrlen, crecp->flags & F_DNSSECOK);
if (qtype == T_TXT && !(flags & F_NEG))
log_txt(name, (unsigned char *)rrdata, rrlen, flags & (F_DNSSECOK | F_STALE));
else
log_query(flags, name, &crecp->addr, NULL, 0);
}