diff options
Diffstat (limited to 'package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch')
-rw-r--r-- | package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch new file mode 100644 index 0000000000..497b4c3df2 --- /dev/null +++ b/package/network/services/dnsmasq/patches/0004-Don-t-forward-.bind-.server-queries-upstream.patch @@ -0,0 +1,52 @@ +From cf5984367bc6a949e3803a576512c5a7bc48ebab Mon Sep 17 00:00:00 2001 +From: Vladislav Grishenko <themiron@mail.ru> +Date: Thu, 18 Oct 2018 04:55:21 +0500 +Subject: [PATCH 04/11] Don't forward *.bind/*.server queries upstream + +Chaos .bind and .server (RFC4892) zones are local, therefore +don't forward queries upstream to avoid mixing with supported +locally and false replies with NO_ID enabled. + +Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> +--- + src/rfc1035.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1276,7 +1276,7 @@ size_t answer_request(struct dns_header + int q, ans, anscount = 0, addncount = 0; + int dryrun = 0; + struct crec *crecp; +- int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1; ++ int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1; + struct mx_srv_record *rec; + size_t len; + +@@ -1355,6 +1355,17 @@ size_t answer_request(struct dns_header + } + } + ++ if (qclass == C_CHAOS) ++ { ++ /* don't forward *.bind and *.server chaos queries */ ++ if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name)) ++ { ++ if (!ans) ++ notimp = 1, auth = 0; ++ ans = 1; ++ } ++ } ++ + if (qclass == C_IN) + { + struct txt_record *t; +@@ -1903,6 +1914,8 @@ size_t answer_request(struct dns_header + + if (nxdomain) + SET_RCODE(header, NXDOMAIN); ++ else if (notimp) ++ SET_RCODE(header, NOTIMP); + else + SET_RCODE(header, NOERROR); /* no error */ + header->ancount = htons(anscount); |