diff options
author | Simon Kelley <simon@thekelleys.org.uk> | 2015-04-16 15:05:30 +0100 |
---|---|---|
committer | Simon Kelley <simon@thekelleys.org.uk> | 2015-04-16 15:05:30 +0100 |
commit | 78c6184752dce27849e36cce4360abc27b8d76d2 (patch) | |
tree | 8e711ff384f41c614329ae5111fca3da01f62b80 | |
parent | 38440b204db65f9be16c4c3daa7e991e4356f6ed (diff) | |
download | dnsmasq-78c6184752dce27849e36cce4360abc27b8d76d2.tar.gz |
Auth: correct replies to NS and SOA in .arpa zones.
-rw-r--r-- | CHANGELOG | 8 | ||||
-rw-r--r-- | src/auth.c | 51 |
2 files changed, 38 insertions, 21 deletions
@@ -94,6 +94,14 @@ version 2.73 in the auth-zone declaration. Thanks to Johnny S. Lee for the bugreport and initial patch. + Fix authoritative DNS code to correctly reply to NS + and SOA queries for .arpa zones for which we are + declared authoritative by means of a subnet in auth-zone. + Previously we provided correct answers to PTR queries + in such zones (including NS and SOA) but not direct + NS and SOA queries. Thanks to Johnny S. Lee for + pointing out the problem. + version 2.72 Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. @@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n continue; } - if (qtype == T_PTR) + if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) && + (flag = in_arpa_name_2_addr(name, &addr)) && + !local_query) { - if (!(flag = in_arpa_name_2_addr(name, &addr))) - continue; - - if (!local_query) + for (zone = daemon->auth_zones; zone; zone = zone->next) + if ((subnet = find_subnet(zone, flag, &addr))) + break; + + if (!zone) { - for (zone = daemon->auth_zones; zone; zone = zone->next) - if ((subnet = find_subnet(zone, flag, &addr))) - break; - - if (!zone) - { - auth = 0; - continue; - } + auth = 0; + continue; } + else if (qtype == T_SOA) + soa = 1, found = 1; + else if (qtype == T_NS) + ns = 1, found = 1; + } + if (qtype == T_PTR && flag) + { intr = NULL; if (flag == F_IPV4) @@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n } cname_restart: - for (zone = daemon->auth_zones; zone; zone = zone->next) - if (in_zone(zone, name, &cut)) - break; - - if (!zone) + if (found) + /* NS and SOA .arpa requests have set found above. */ + cut = NULL; + else { - auth = 0; - continue; + for (zone = daemon->auth_zones; zone; zone = zone->next) + if (in_zone(zone, name, &cut)) + break; + + if (!zone) + { + auth = 0; + continue; + } } for (rec = daemon->mxnames; rec; rec = rec->next) |