Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 18:28:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,007 Commits 8 Branches 0 Tags
f172fdbb77c422e27d3b7530f3fe95b98d1608e7
Commit Graph

303 Commits

Author SHA1 Message Date
Simon Kelley
33702ab1f8 First complete version of DNS-client-id EDNS0 and ARP tracking code. 2015-12-28 23:17:15 +00:00
Simon Kelley
d3a8b39c7d More EDNS0 packet-size tweaks. 2015-12-23 12:27:37 +00:00
Simon Kelley
5aa5f0ff2f Truncate DNS replies >512 bytes that the client isn't expecting. 2015-12-21 17:20:35 +00:00
Simon Kelley
5bb88f0963 Handle extending EDNS0 OPT RR. 2015-12-21 16:23:47 +00:00
Simon Kelley
fa14bec83b Major tidy up of EDNS0 handling and computation/use of udp packet size. 2015-12-20 17:12:16 +00:00
Simon Kelley
c2bcd1e183 Generalise RR-filtering code, for use with EDNS0. 2015-12-15 17:25:21 +00:00
Simon Kelley
9a31b68b59 Major rationalisation of DNSSEC validation. 
Much gnarly special-case code removed and replaced with correct
general implementaion. Checking of zone-status moved to DNSSEC code,
where it should be, vastly simplifying query-forwarding code.
 2015-12-15 10:20:39 +00:00
Simon Kelley
3a3965ac21 Don't answer non-auth queries for auth zones locally when --localise-queries set. 2015-08-09 17:45:06 +01:00
Simon Kelley
d389e0191b DNSSEC fix: correct logic for signed records in unsigned DNS space. 2015-07-27 18:56:43 +01:00
Simon Kelley
b842bc97bb Use poll() instead of select() to remove limits on open file descriptors. 2015-07-12 21:09:11 +01:00
Simon Kelley
e3ec6f0bd7 Handle CNAMEs to DS records when confirming absence of DS for DNSSEC. 2015-06-12 21:39:11 +01:00
swigger
bd7bfa21c4 Correctly sanitise DNS header bits in answer when recreating query for retry. 2015-06-01 20:54:59 +01:00
Simon Kelley
86fa104692 Tweak EDNS timeout code. 2015-05-10 14:04:06 +01:00
Simon Kelley
a77cec8d58 Handle UDP packet loss when fragmentation of large packets is broken. 2015-05-08 16:25:38 +01:00
Simon Kelley
e66b4dff3c Fix argument-order botch which broke DNSSEC for TCP queries. 2015-04-28 20:45:57 +01:00
Simon Kelley
554b580e97 Log domain when reporting DNSSEC validation failure. 2015-04-17 22:50:20 +01:00
Simon Kelley
982faf4024 Fix compiler warning when not including DNSSEC. 2015-04-03 21:42:30 +01:00
Simon Kelley
fe3992f9fa Return INSECURE, rather than BOGUS when DS proved not to exist. 
Return INSECURE when validating DNS replies which have RRSIGs, but
when a needed DS record in the trust chain is proved not to exist.
It's allowed for a zone to set up DNSKEY and RRSIG records first, then
add a DS later, completing the chain of trust.

Also, since we don't have the infrastructure to track that these
non-validated replies have RRSIGS, don't cache them, so we don't
provide answers with missing RRSIGS from the cache.
 2015-04-03 21:25:05 +01:00
Simon Kelley
150162bc37 Return SERVFAIL when validation abandoned. 2015-03-27 09:58:26 +00:00
Simon Kelley
ff841ebf5a Fix boilerplate code for re-running system calls on EINTR and EAGAIN etc. 
The nasty code with static variable in retry_send() which
avoids looping forever needs to be called on success of the syscall,
to reset the static variable.
 2015-03-11 21:36:30 +00:00
Simon Kelley
aff3396280 Update copyrights for dawn of 2015. 2015-01-31 20:13:40 +00:00
Simon Kelley
2ae195f5a7 Don't treat SERVFAIL as a recoverable error..... 2015-01-18 22:20:48 +00:00
Simon Kelley
25cf5e373e Add --log-queries=extra option for more complete logging. 2015-01-09 15:53:03 +00:00
Simon Kelley
424c4a8a53 Merge branch 'unsigned' 2015-01-07 22:01:14 +00:00
Simon Kelley
97e618a0e3 DNSSEC: do top-down search for limit of secure delegation. 2015-01-07 21:55:43 +00:00
Glen Huang
32fc6dbe03 Add --ignore-address option. 2014-12-27 15:28:12 +00:00
Hans Dedecker
98906275a0 Fix conntrack with --bind-interfaces 
Make sure dst_addr is assigned the correct address in receive_query when OPTNOWILD is
enabled so the assigned mark can be correctly retrieved and set in forward_query when
conntrack is enabled.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
 2014-12-09 22:22:53 +00:00
Karl Vogel
e9828b6f66 Set conntrack mark before connect() call. 
SO_MARK has to be done before issuing the connect() call on the
TCP socket.
 2014-10-03 21:45:15 +01:00
Richard Genoud
15b1b7e9c3 Fix endian bug in --local-service code. 2014-09-17 21:12:00 +01:00
Simon Kelley
b5ea1cc255 Add --dns-loop-detect feature. 2014-07-29 16:34:14 +01:00
Simon Kelley
47a9516980 Use event system to re-send query on new route. Tidies module boundaries. 2014-07-08 22:22:02 +01:00
Simon Kelley
8938ae05ac Get packet size right when removing pseudoheader. 2014-05-01 17:46:25 +01:00
Simon Kelley
1fc02680af Do SERVFAIL, therefore continue when searching for DS in TCP path too. 2014-04-29 12:30:18 +01:00
Simon Kelley
4872aa747b Handle SERVFAIL replies when looking for proven-nonexistence of DS. 2014-04-26 22:13:31 +01:00
Simon Kelley
6375838445 Fix crash on TCP DNS request when DNSSEC not enabled. 2014-04-16 22:20:55 +01:00
Simon Kelley
82a14af5e7 Ensure request name in buffer for ipset lookup. 2014-04-13 20:48:57 +01:00
Simon Kelley
8a8bbad0cf Ensure ->sentto is valid for DNSSEC forwards. Otherwise retries SEGV. 2014-03-27 22:02:17 +00:00
Simon Kelley
4e1fe44428 Terminate DS-search when reaching the root via cache entries. 2014-03-26 12:24:19 +00:00
Simon Kelley
51967f9807 SERVFAIL is an expected error return, don't try all servers. 2014-03-25 21:07:00 +00:00
Tomas Hozza
b37f8b99ae Handle failure of hash_questions() 2014-03-25 20:52:28 +00:00
Tomas Hozza
fc2833f172 Memory leak in error path. 2014-03-25 20:43:21 +00:00
Simon Kelley
490f90758d Reorder sanity checks on UDP packet reception, to cope with failed recvfrom() 2014-03-24 22:04:42 +00:00
Simon Kelley
2a7a2b84ec Ignore DNS queries from port 0: http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html 2014-03-22 19:18:06 +00:00
Simon Kelley
2b29191e7c Fix DNSSEC crash retrying to IPv6 server. 2014-03-21 11:13:55 +00:00
Simon Kelley
0c8584eabc Warn about non-local queries once only for UDP. 2014-03-12 20:12:56 +00:00
Simon Kelley
c8a80487cd --local-service. Default protection from DNS amplification attacks. 2014-03-05 14:29:54 +00:00
Simon Kelley
00a5b5d477 Check that unsigned replies come from unsigned zones if --dnssec-check-unsigned set. 2014-02-28 18:10:55 +00:00
Simon Kelley
613ad15d02 Strip DNSSEC RRs when query doesn't have DO bit set. 2014-02-25 23:02:28 +00:00
Simon Kelley
dac74312da TYpo. 2014-02-13 16:43:49 +00:00
Simon Kelley
2ecd9bd5c0 No CD in forwarded queries unless dnssec-debug for TCP too. 2014-02-13 16:42:02 +00:00