Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,640 Commits 8 Branches 0 Tags
6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914
Commit Graph

61 Commits

Author SHA1 Message Date
Simon Kelley
b43585c34b Fix nameserver list in auth mode. 
If dnsmasq is not acting as an authoritative nameserver (no second
argument to --auth-server) then it should not appear in the NS RRset.

This leaves simply the list of servers specified in --auth-sec-servers.
 2020-03-28 17:41:06 +00:00
Simon Kelley
2a8710ac2f Update copyrights to 2020. 2020-01-05 16:40:06 +00:00
Simon Kelley
dc6a57ffb8 Always force AD bit to zero in authoritative DNS answers. 2019-08-20 23:17:27 +01:00
Simon Kelley
5b99eae59d Cache SRV records. 
Inpsired by a patch from Jeremy Allison, but completely re-rolled
by srk. All bugs are mine.
 2019-01-06 23:09:50 +00:00
Simon Kelley
cc921df9ce Remove nested struct/union in cache records and all_addr. 2019-01-02 22:48:59 +00:00
Simon Kelley
ee8750451b Remove ability to compile without IPv6 support. 
This was the source of a large number of #ifdefs, originally
included for use with old embedded libc versions. I'm
sure no-one wants or needs IPv6-free code these days, so this
is a move towards more maintainable code.
 2018-10-23 22:10:17 +01:00
Simon Kelley
b758b67c37 Improve logging of RRs from --dns-rr. 2018-08-23 21:41:23 +01:00
Simon Kelley
b6f926fbef Don't return NXDOMAIN to empty non-terminals. 
When a record is defined locally, eg an A record for one.two.example then
we already know that if we forward, eg an AAAA query for one.two.example,
and get back NXDOMAIN, then we need to alter that to NODATA. This is handled
by  check_for_local_domain(). But, if we forward two.example, because
one.two.example exists, then the answer to two.example should also be
a NODATA.

For most local records this is easy, just to substring matching.
for A, AAAA and CNAME records that are in the cache, it's more difficult.
The cache has no efficient way to find such records. The fix is to
insert empty (none of F_IPV4, F_IPV6 F_CNAME set) records for each
non-terminal.

The same considerations apply in auth mode, and the same basic mechanism
is used there too.
 2018-08-21 17:46:52 +01:00
Simon Kelley
090856c7e6 Allow zone transfer in authoritative mode whenever auth-peer is specified. 2018-06-02 18:37:07 +01:00
Simon Kelley
d1ced3ae38 Update copyrights to 2018. 2018-01-01 22:18:03 +00:00
Simon Kelley
63437ffbb5 Fix CVE-2017-13704, which resulted in a crash on a large DNS query. 
A DNS query recieved by UDP which exceeds 512 bytes (or the EDNS0 packet size,
if different.) is enough to cause SIGSEGV.
 2017-09-06 22:34:21 +01:00
Rosen Penev
cbd29e5da8 Printf related fixes. 2017-06-27 22:29:51 +01:00
Simon Kelley
50ca85504c Bump year in copyrights. 2017-06-24 22:43:18 +01:00
Simon Kelley
62f9c0d470 Fix CNAME wildcard in auth-mode. 
A domain can only have a CNAME if it has not other records.

Don't return a CNAME when there are records of other types on the name.
 2017-02-19 23:07:01 +00:00
Josh Soref
730c6745f0 Comprehensive spelling/typo fixes. 
Thanks to Josh Soref for generating these fixes.
 2017-02-06 16:14:04 +00:00
Simon Kelley
b637d7815d Allow wildcard CNAME records in authoritative zones. 2016-12-13 16:44:11 +00:00
Mathias Kresin
094bfaeb4f auth-zone: allow to exclude ip addresses from answer. 2016-07-24 14:15:22 +01:00
Simon Kelley
fa78573778 Zero packet buffers before building output, to reduce risk of information leakage. 2016-07-22 20:56:01 +01:00
Simon Kelley
c7f3bd2ac8 Replace incoming EDNS0_OPTION_NOMDEVICEID and EDNS0_OPTION_NOMCPEID options. 2016-02-28 21:48:34 +00:00
Simon Kelley
c49778df4a Update copyright notices. Happy new year! 2016-01-06 18:52:33 +00:00
Simon Kelley
fa14bec83b Major tidy up of EDNS0 handling and computation/use of udp packet size. 2015-12-20 17:12:16 +00:00
Simon Kelley
78c6184752 Auth: correct replies to NS and SOA in .arpa zones. 2015-04-16 15:05:30 +01:00
Simon Kelley
38440b204d Fix crash in auth code with odd configuration. 2015-04-12 21:52:47 +01:00
Simon Kelley
aff3396280 Update copyrights for dawn of 2015. 2015-01-31 20:13:40 +00:00
Simon Kelley
393415597c Cope with multiple interfaces with the same LL address. 2015-01-18 22:11:10 +00:00
Simon Kelley
476693678e Eliminate IPv6 privacy addresses from --interface-name answers. 2014-12-17 12:41:56 +00:00
Richard Genoud
10cfc0ddb3 Fix length->netmask conversions to avoid undefined behaviour. 2014-09-17 21:17:39 +01:00
Simon Kelley
10068600f8 Fix NXDOMAIN RCODE in auth PTR replies. 2014-04-03 21:16:40 +01:00
Simon Kelley
c47e3ba446 Update copyright for 2014. 2014-01-08 17:07:54 +00:00
Simon Kelley
c50f25a3ea Allow empty subnet list in --auth-zone 2013-11-21 11:29:27 +00:00
Simon Kelley
587ad4f271 Fix crash introduced in 376d48c7f1 2013-11-15 15:47:51 +00:00
Simon Kelley
376d48c7f1 Allow interface name to specify subnets in --auth-zone. 2013-11-13 13:04:30 +00:00
Simon Kelley
6008bdbbc1 Fix botch in determining if auth query is local. 2013-10-21 21:47:03 +01:00
Simon Kelley
93bafe619d Fix CNAME botch in auth code, also set RA flag for local queries. 2013-10-21 21:19:34 +01:00
Simon Kelley
8ab91e9f7f Get NXDOMAIN right on non-A/AAAA query for name known via interface-name. 2013-10-21 20:50:04 +01:00
Simon Kelley
5731050062 Get NXDOMAIN right for local queries to auth zones. 2013-10-21 18:26:20 +01:00
Simon Kelley
fb63dd1345 Handle two interface-names, different interface, same name. 2013-10-21 18:19:35 +01:00
Simon Kelley
5f8002fcd7 Restore NS and SOA records to local auth queries. 2013-10-21 17:40:18 +01:00
Simon Kelley
19b1689161 Don't filter by subnet when handling local queries for auth-zones. 2013-10-20 10:19:39 +01:00
Simon Kelley
b485ed97aa Always answer queries for authoritative zones locally, never forward. 2013-10-18 22:00:39 +01:00
Simon Kelley
921360ce62 Add constructor-noauth: keyword 2013-05-31 14:07:22 +01:00
Simon Kelley
baa80ae512 Remove limit in prefix length in --auth-zone. 2013-05-29 16:32:07 +01:00
Simon Kelley
115ac3e4d7 Generalise --interface-name to cope with IPv6 addresses. 2013-05-20 11:28:32 +01:00
Simon Kelley
4c985dac39 Indentation. 2013-03-22 14:07:38 +00:00
Simon Kelley
aa67fe7a8c Catch NULL pointer deref if qdcount == 0 2013-02-04 21:32:34 +00:00
Simon Kelley
bb2509fd2c Typo in filter_constructed_dhcp() 2013-02-04 21:25:21 +00:00
Simon Kelley
61744359de Change copyright messages to include 2013. 2013-01-31 14:34:40 +00:00
Simon Kelley
c6cb7407b3 Don't do AXFR unless auth-sec-servers is set. 2013-01-07 21:55:54 +00:00
Simon Kelley
355736f36f Fix auth-DNS filtering problems with contructed ranges. 2012-12-30 17:54:04 +00:00
Simon Kelley
60225f4e75 Allow constructed prefixes in auth zones. 2012-12-28 11:29:01 +00:00