Github
/
FTL
mirror of
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make --filter-rr=ANY filter the answer to ANY queries. 

Thanks to Dominik Derigs for an earlier patch which inspired this.

Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
Simon Kelley 2024-02-12 16:14:06 +00:00 committed by DL6ER
parent cc98853d19
commit 9091f18f3f
No known key found for this signature in database
GPG Key ID: 00135ACBD90B28DD
2 changed files with 20 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/dnsmasq/rfc1035.c
View File

@ -1039,7 +1039,7 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
returned packet in process_reply() but gets cached here anyway returned packet in process_reply() but gets cached here anyway
and will be filtered again on the way out of the cache. Here, and will be filtered again on the way out of the cache. Here,
we just need to alter the logging. */ we just need to alter the logging. */
if (rr_on_list(daemon->filter_rr, qtype)) if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype))
secflag = F_NEG | F_CONFIG; secflag = F_NEG | F_CONFIG;
if (aqtype == T_TXT) if (aqtype == T_TXT)
@ -2008,7 +2008,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (!(crecp->flags & (F_HOSTS | F_DHCP))) if (!(crecp->flags & (F_HOSTS | F_DHCP)))
auth = 0; auth = 0;
if (rr_on_list(daemon->filter_rr, qtype) && if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype) &&
!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG | F_NEG))) !(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG | F_NEG)))
{ {
/* We have a cached answer but we're filtering it. */ /* We have a cached answer but we're filtering it. */
@ -2022,15 +2022,18 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
else if (crecp->flags & F_NEG) else if (crecp->flags & F_NEG)
{ {
ans = 1; if (qtype != T_ANY)
auth = 0; {
soa_lookup = crecp; ans = 1;
if (crecp->flags & F_NXDOMAIN) auth = 0;
nxdomain = 1; soa_lookup = crecp;
if (crecp->flags & F_NXDOMAIN)
nxdomain = 1;
// Pi-hole modification: Added record_source(crecp->uid) such that the subroutines know // Pi-hole modification: Added record_source(crecp->uid) such that the subroutines know
// where the reply came from (e.g. gravity.list) // where the reply came from (e.g. gravity.list)
log_query(stale_flag | crecp->flags, name, NULL, record_source(crecp->uid), 0); log_query(stale_flag | crecp->flags, name, NULL, record_source(crecp->uid), 0);
}
} }
else else
{ {
@ -2208,7 +2211,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (flags & F_NXDOMAIN) if (flags & F_NXDOMAIN)
nxdomain = 1; nxdomain = 1;
else if (rr_on_list(daemon->filter_rr, qtype)) else if (qtype != T_ANY && rr_on_list(daemon->filter_rr, qtype))
flags |= F_NEG | F_CONFIG; flags |= F_NEG | F_CONFIG;
auth = 0; auth = 0;
@ -2253,7 +2256,7 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
} }
if (!ans && rr_on_list(daemon->filter_rr, qtype)) if (qtype != T_ANY && !ans && rr_on_list(daemon->filter_rr, qtype))
{ {
/* We don't have a cached answer and when we get an answer from upstream we're going to /* We don't have a cached answer and when we get an answer from upstream we're going to
filter it anyway. If we have a cached answer for the domain for another RRtype then filter it anyway. If we have a cached answer for the domain for another RRtype then

8
src/dnsmasq/rrfilter.c
View File

@ -213,6 +213,14 @@ size_t rrfilter(struct dns_header *header, size_t *plen, int mode)
if (i < ntohs(header->ancount) && type == qtype && class == qclass) if (i < ntohs(header->ancount) && type == qtype && class == qclass)
continue; continue;
} }
else if (qtype == T_ANY && rr_on_list(daemon->filter_rr, T_ANY))
{
/* Filter replies to ANY queries in the spirit of
RFC RFC 8482 para 4.3 */
if (class != C_IN ||
type == T_A || type == T_AAAA || type == T_MX || type == T_CNAME)
continue;
}
else else
{ {
/* Only looking at answer section now. */ /* Only looking at answer section now. */