Make --filter-rr=ANY filter the answer to ANY queries.
Thanks to Dominik Derigs for an earlier patch which inspired this. Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
cc98853d19
commit
9091f18f3f
|
@ -1039,7 +1039,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
|
||||||
returned packet in process_reply() but gets cached here anyway
|
returned packet in process_reply() but gets cached here anyway
|
||||||
and will be filtered again on the way out of the cache. Here,
|
and will be filtered again on the way out of the cache. Here,
|
||||||
we just need to alter the logging. */
|
we just need to alter the logging. */
|
||||||
if (rr_on_list(daemon->filter_rr, qtype))
|
if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype))
|
||||||
secflag = F_NEG | F_CONFIG;
|
secflag = F_NEG | F_CONFIG;
|
||||||
|
|
||||||
if (aqtype == T_TXT)
|
if (aqtype == T_TXT)
|
||||||
|
@ -2008,7 +2008,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||||
if (!(crecp->flags & (F_HOSTS | F_DHCP)))
|
if (!(crecp->flags & (F_HOSTS | F_DHCP)))
|
||||||
auth = 0;
|
auth = 0;
|
||||||
|
|
||||||
if (rr_on_list(daemon->filter_rr, qtype) &&
|
if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype) &&
|
||||||
!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG | F_NEG)))
|
!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG | F_NEG)))
|
||||||
{
|
{
|
||||||
/* We have a cached answer but we're filtering it. */
|
/* We have a cached answer but we're filtering it. */
|
||||||
|
@ -2022,15 +2022,18 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||||
}
|
}
|
||||||
else if (crecp->flags & F_NEG)
|
else if (crecp->flags & F_NEG)
|
||||||
{
|
{
|
||||||
ans = 1;
|
if (qtype != T_ANY)
|
||||||
auth = 0;
|
{
|
||||||
soa_lookup = crecp;
|
ans = 1;
|
||||||
if (crecp->flags & F_NXDOMAIN)
|
auth = 0;
|
||||||
nxdomain = 1;
|
soa_lookup = crecp;
|
||||||
|
if (crecp->flags & F_NXDOMAIN)
|
||||||
|
nxdomain = 1;
|
||||||
|
|
||||||
// Pi-hole modification: Added record_source(crecp->uid) such that the subroutines know
|
// Pi-hole modification: Added record_source(crecp->uid) such that the subroutines know
|
||||||
// where the reply came from (e.g. gravity.list)
|
// where the reply came from (e.g. gravity.list)
|
||||||
log_query(stale_flag | crecp->flags, name, NULL, record_source(crecp->uid), 0);
|
log_query(stale_flag | crecp->flags, name, NULL, record_source(crecp->uid), 0);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2208,7 +2211,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||||
|
|
||||||
if (flags & F_NXDOMAIN)
|
if (flags & F_NXDOMAIN)
|
||||||
nxdomain = 1;
|
nxdomain = 1;
|
||||||
else if (rr_on_list(daemon->filter_rr, qtype))
|
else if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype))
|
||||||
flags |= F_NEG | F_CONFIG;
|
flags |= F_NEG | F_CONFIG;
|
||||||
|
|
||||||
auth = 0;
|
auth = 0;
|
||||||
|
@ -2253,7 +2256,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
if (!ans && rr_on_list(daemon->filter_rr, qtype))
|
if (qtype != T_ANY && !ans && rr_on_list(daemon->filter_rr, qtype))
|
||||||
{
|
{
|
||||||
/* We don't have a cached answer and when we get an answer from upstream we're going to
|
/* We don't have a cached answer and when we get an answer from upstream we're going to
|
||||||
filter it anyway. If we have a cached answer for the domain for another RRtype then
|
filter it anyway. If we have a cached answer for the domain for another RRtype then
|
||||||
|
|
|
@ -213,6 +213,14 @@ size_t rrfilter(struct dns_header *header, size_t *plen, int mode)
|
||||||
if (i < ntohs(header->ancount) && type == qtype && class == qclass)
|
if (i < ntohs(header->ancount) && type == qtype && class == qclass)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
else if (qtype == T_ANY && rr_on_list(daemon->filter_rr, T_ANY))
|
||||||
|
{
|
||||||
|
/* Filter replies to ANY queries in the spirit of
|
||||||
|
RFC RFC 8482 para 4.3 */
|
||||||
|
if (class != C_IN ||
|
||||||
|
type == T_A || type == T_AAAA || type == T_MX || type == T_CNAME)
|
||||||
|
continue;
|
||||||
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Only looking at answer section now. */
|
/* Only looking at answer section now. */
|
||||||
|
|
Loading…
Reference in New Issue