diff options
Diffstat (limited to 'src/forward.c')
-rw-r--r-- | src/forward.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/forward.c b/src/forward.c index b4e3c5a..0f03818 100644 --- a/src/forward.c +++ b/src/forward.c @@ -821,12 +821,22 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server n = rrfilter(header, n, RRFILTER_AAAA); } - if (extract_addresses(header, n, daemon->namebuff, now, ipsets, nftsets, is_sign, check_rebind, no_cache, cache_secure, &doctored)) + switch (extract_addresses(header, n, daemon->namebuff, now, ipsets, nftsets, is_sign, check_rebind, no_cache, cache_secure, &doctored)) { + case 1: my_syslog(LOG_WARNING, _("possible DNS-rebind attack detected: %s"), daemon->namebuff); munged = 1; cache_secure = 0; ede = EDE_BLOCKED; + break; + + /* extract_addresses() found a malformed answer. */ + case 2: + munged = 1; + SET_RCODE(header, SERVFAIL); + cache_secure = 0; + ede = EDE_OTHER; + break; } if (doctored) |