diff --git a/man/dnsmasq.8 b/man/dnsmasq.8 index d4b4322..9a8de1f 100644 --- a/man/dnsmasq.8 +++ b/man/dnsmasq.8 @@ -593,8 +593,10 @@ needed for a client to do validation itself. .TP .B --auth-zone=[,[/][,[/].....]] Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain -will be served. A and AAAA records must be in one of the -specified subnets. As alternative to directly specifying the subnets, it's possible to +will be served. If subnet(s) are given, A and AAAA records must be in one of the +specified subnets. + +As alternative to directly specifying the subnets, it's possible to give the name of an interface, in which case the subnets implied by that interface's configured addresses and netmask/prefix-length are used; this is useful when using constructed DHCP ranges as the actual @@ -611,7 +613,8 @@ ipv6.arpa domains which are served for reverse-DNS queries. If not specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6. For IPv4 subnets, the prefix length should be have the value 8, 16 or 24 unless you are familiar with RFC 2317 and have arranged the -in-addr.arpa delegation accordingly. +in-addr.arpa delegation accordingly. Note that if no subnets are +specified, then no reverse queries are answered. .TP .B --auth-soa=[,[,[,[,]]]] Specify fields in the SOA record associated with authoritative diff --git a/src/auth.c b/src/auth.c index 763c169..d31ed60 100644 --- a/src/auth.c +++ b/src/auth.c @@ -18,7 +18,7 @@ #ifdef HAVE_AUTH -static struct addrlist *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) +static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u) { struct addrlist *subnet; @@ -45,6 +45,15 @@ static struct addrlist *filter_zone(struct auth_zone *zone, int flag, struct all return NULL; } +static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u) +{ + /* No zones specified, no filter */ + if (!zone->subnet) + return 1; + + return find_subnet(zone, flag, addr_u) != NULL; +} + int in_zone(struct auth_zone *zone, char *name, char **cut) { size_t namelen = strlen(name); @@ -130,7 +139,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n if (!local_query) { for (zone = daemon->auth_zones; zone; zone = zone->next) - if ((subnet = filter_zone(zone, flag, &addr))) + if ((subnet = find_subnet(zone, flag, &addr))) break; if (!zone)