Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,559 Commits 8 Branches 0 Tags
cd672933c9b39c4275f2e8c26cef5107ad6f2c7c
Commit Graph

1559 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Simon Kelley
d05dd58de1 Fix wrong reply to simple name when --domain-needed set and no servers configured. 
Also return REFUSED and not SERVFAIL when out of memory.

Thanks to Allain Legacy for problem report.
 2016-01-19 21:23:30 +00:00
Simon Kelley
f7443d76f7 Fix problems in last commit when DNSSEC not enabled. 2016-01-19 20:29:57 +00:00
Simon Kelley
f344dbc622 Complete DNSSEC server-selection code and set conntrack on DNSSEC queries. 2016-01-18 18:11:54 +00:00
Simon Kelley
f4d0c660ca Fix sporadic crash in find_mac() - hwlen must be zero for empty entries. 2016-01-18 12:51:08 +00:00
Simon Kelley
1801a29226 Fix botch in forward.c flags code. 
Thanks to Matthias Anfree for spotting this.
 2016-01-17 21:53:57 +00:00
Simon Kelley
92be34a407 Complete work to allow DNSSEC validation with private DNS servers. 2016-01-16 18:39:54 +00:00
Simon Kelley
bb58f63ce5 arp.c tidy up. 2016-01-14 19:23:10 +00:00
Simon Kelley
367341f745 Disable DNSSEC for server=/domain/.. servers unless trust-anchor provided. 2016-01-12 15:58:23 +00:00
André Glüpker
eddf365284 Fix bad cache-size calculation when hosts-file read fails. 2016-01-12 12:54:17 +00:00
Simon Kelley
a63b8b89e6 DNSSEC: Handle non-root trust anchors, and check we have a root trust anchor. 2016-01-12 11:28:58 +00:00
Simon Kelley
5757371d43 Inhibit DNSSEC validation when forwarding to private servers for a domain. 
server=/example.com/<ip-of-server>

The rationale is that the chain-of-trust will not be complete to
private servers. If it was, it would not be necessary to access the
server direct.
 2016-01-11 22:50:00 +00:00
Simon Kelley
b633de9413 Fix FTBFS when scripts excluded at compilation time. 2016-01-06 22:51:17 +00:00
Simon Kelley
c49778df4a Update copyright notices. Happy new year! 2016-01-06 18:52:33 +00:00
Simon Kelley
53a9173fc0 Handle building with script support enabled and DHCP disabled. 2016-01-06 17:59:13 +00:00
Simon Kelley
d917275e48 Fix botch in new arp-cache linked-list code resulting in 100% CPU spin. 2016-01-04 17:17:41 +00:00
Simon Kelley
cc7cb0b893 Fix datatype-sixe botch which broke DNSSEC sig timestamps when far in the future. 2016-01-04 16:04:51 +00:00
Simon Kelley
ec0628c4b2 Trivial code tweak. 2015-12-31 20:55:39 +00:00
Simon Kelley
97b1d25764 Correct logic for when to start helper. 2015-12-31 18:52:38 +00:00
Simon Kelley
33702ab1f8 First complete version of DNS-client-id EDNS0 and ARP tracking code. 2015-12-28 23:17:15 +00:00
Simon Kelley
11867dc28c Cache access to the kernel's ARP table. 2015-12-23 16:15:58 +00:00
Simon Kelley
d3a8b39c7d More EDNS0 packet-size tweaks. 2015-12-23 12:27:37 +00:00
Simon Kelley
15379ea1f2 Log signature algo with DNSKEY and DS, also digest with DS. 2015-12-21 18:31:55 +00:00
Simon Kelley
efef497b89 Fix build failure when DNSSEC code omitted. 2015-12-21 17:30:44 +00:00
Simon Kelley
5aa5f0ff2f Truncate DNS replies >512 bytes that the client isn't expecting. 2015-12-21 17:20:35 +00:00
Simon Kelley
5bb88f0963 Handle extending EDNS0 OPT RR. 2015-12-21 16:23:47 +00:00
Simon Kelley
1d03016bbc Split EDNS0 stuff into its own source file. 2015-12-21 14:17:06 +00:00
Simon Kelley
ce5732e84f NSEC3 check: RFC5155 para 8.2 2015-12-20 21:39:19 +00:00
Simon Kelley
a86fdf437e Minor tweak to previous commit. 2015-12-20 21:19:20 +00:00
Simon Kelley
3e86d316c4 Nasty, rare and obscure off-by-one in DNSSEC hostname_cmp(). 2015-12-20 20:50:05 +00:00
Simon Kelley
d67ecac59d More tweaks in handling unknown DNSSEC algorithms. 2015-12-20 20:44:23 +00:00
Simon Kelley
fa14bec83b Major tidy up of EDNS0 handling and computation/use of udp packet size. 2015-12-20 17:12:16 +00:00
Simon Kelley
14a4ae883d Do a better job of determining which DNSSEC sig algos are supported. 2015-12-17 17:29:57 +00:00
Simon Kelley
3b799c826d Fix brace botch in dnssec_validate_ds() 
Thanks to Michał Kępień for spotting this.
 2015-12-17 16:58:04 +00:00
Simon Kelley
b40f26c019 Tidy up DNSSEC non-existence code. Check zone status is NSEC proof bad. 2015-12-17 11:57:26 +00:00
Simon Kelley
dd4ad9ac7e Tweaks to EDNS0 handling in DNS replies. 2015-12-17 10:44:58 +00:00
Simon Kelley
2dbba34b2c DNSSEC validation tweak. 
A zone which has at least one key with an algorithm we don't
support should be considered as insecure.
 2015-12-16 13:41:58 +00:00
Simon Kelley
c2bcd1e183 Generalise RR-filtering code, for use with EDNS0. 2015-12-15 17:25:21 +00:00
Simon Kelley
d64c81fff7 Move code which caches DS records to a more logical place. 2015-12-15 16:11:06 +00:00
Simon Kelley
93be5b1e02 Abandon caching RRSIGs and returning them from cache. 
The list of exceptions to being able to locally answer
cached data for validated records when DNSSEC data is requested
was getting too long, so don't ever do that. This means
that the cache no longer has to hold RRSIGS and allows
us to lose lots of code. Note that cached validated
answers are still returned as long as do=0
 2015-12-15 12:04:40 +00:00
Simon Kelley
9a31b68b59 Major rationalisation of DNSSEC validation. 
Much gnarly special-case code removed and replaced with correct
general implementaion. Checking of zone-status moved to DNSSEC code,
where it should be, vastly simplifying query-forwarding code.
 2015-12-15 10:20:39 +00:00
Simon Kelley
0007ee9064 Fix crash at start up with conf-dir=/path,* 
Thanks to Brian Carpenter and American Fuzzy Lop for finding the bug.
 2015-11-21 21:47:41 +00:00
Simon Kelley
67ab3285b5 Handle unknown DS hash algos correctly. 
When we can validate a DS RRset, but don't speak the hash algo it
contains, treat that the same as an NSEC/3 proving that the DS
doesn't exist. 4025 5.2
 2015-11-20 23:20:47 +00:00
Edwin Török
41a8d9e99b Fix crash when empty address from DNS overlays A record from hosts. 2015-11-14 17:55:41 +00:00
Simon Kelley
90477fb794 Update list of subnet for --bogus-priv 
RFC6303 specifies & recommends following zones not be forwarded
to globally facing servers.
+------------------------------+-----------------------+
| Zone                         | Description           |
+------------------------------+-----------------------+
| 0.IN-ADDR.ARPA               | IPv4 "THIS" NETWORK   |
| 127.IN-ADDR.ARPA             | IPv4 Loopback NETWORK |
| 254.169.IN-ADDR.ARPA         | IPv4 LINK LOCAL       |
| 2.0.192.IN-ADDR.ARPA         | IPv4 TEST-NET-1       |
| 100.51.198.IN-ADDR.ARPA      | IPv4 TEST-NET-2       |
| 113.0.203.IN-ADDR.ARPA       | IPv4 TEST-NET-3       |
| 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST        |
+------------------------------+-----------------------+

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
 2015-10-20 21:21:32 +01:00
Simon Kelley
98079ea898 Catch errors from sendmsg in DHCP code. 
Logs, eg,  iptables DROPS of dest 255.255.255.255
 2015-10-13 20:32:21 +01:00
Simon Kelley
4790115455 Use /run/dnsmasq instead of /var/run/dnsmasq in Debian package. 2015-09-29 22:54:41 +01:00
Simon Kelley
27b78d990b Rationalise 5e3e464ac4 2015-09-26 21:40:45 +01:00
Simon Kelley
77607cbea0 Respect the --no-resolv flag in inotify code. 2015-09-10 23:08:43 +01:00
Simon Kelley
102208df69 DHCPv6 option 56 does not hold an address list. (RFC 5908). 2015-09-10 21:50:00 +01:00
Simon Kelley
6de81f1250 Handle signed dangling CNAME replies to DS queries. 2015-09-09 22:51:13 +01:00