Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't do AXFR unless auth-sec-servers is set.

Browse Source
This commit is contained in:
Simon Kelley
2013-01-07 21:55:54 +00:00
parent 333b2ceb97
commit c6cb7407b3
1 changed files with 20 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/auth.c
View File

@@ -375,8 +375,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>"); log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
} }
else if (qtype == T_AXFR) else if (qtype == T_AXFR)
{
if (daemon->auth_peers)
{ {
struct iname *peers; struct iname *peers;
@@ -391,7 +389,8 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
if (sockaddr_isequal(peer_addr, &peers->addr)) if (sockaddr_isequal(peer_addr, &peers->addr))
break; break;
if (!peers) /* Refuse all AXFR unless --auth-sec-servers is set */
if ((!peers && daemon->auth_peers) || !daemon->secondary_forward_server)
{ {
if (peer_addr->sa.sa_family == AF_INET) if (peer_addr->sa.sa_family == AF_INET)
inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN); inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
@@ -403,7 +402,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff); my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff);
return 0; return 0;
} }
}
soa = 1; /* inhibits auth section */ soa = 1; /* inhibits auth section */
ns = 1; /* ensure we include NS records! */ ns = 1; /* ensure we include NS records! */