1 /* dnsmasq is Copyright (c) 2000-2011 Simon Kelley
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 static int add_resource_record(struct dns_header *header, char *limit, int *truncp,
20 unsigned int nameoffset, unsigned char **pp,
21 unsigned long ttl, unsigned int *offset, unsigned short type,
22 unsigned short class, char *format, ...);
24 #define CHECK_LEN(header, pp, plen, len) \
25 ((size_t)((pp) - (unsigned char *)(header) + (len)) <= (plen))
27 #define ADD_RDLEN(header, pp, plen, len) \
28 (!CHECK_LEN(header, pp, plen, len) ? 0 : (long)((pp) += (len)), 1)
30 static int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
31 char *name, int isExtract, int extrabytes)
33 unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL;
34 unsigned int j, l, hops = 0;
42 unsigned int label_type;
44 if (!CHECK_LEN(header, p, plen, 1))
50 /* check that there are the correct no of bytes after the name */
51 if (!CHECK_LEN(header, p, plen, extrabytes))
56 if (cp != (unsigned char *)name)
58 *cp = 0; /* terminate: lose final period */
63 if (p1) /* we jumped via compression */
71 label_type = l & 0xc0;
73 if (label_type == 0xc0) /* pointer */
75 if (!CHECK_LEN(header, p, plen, 1))
82 if (!p1) /* first jump, save location to go back to */
85 hops++; /* break malicious infinite loops */
89 p = l + (unsigned char *)header;
91 else if (label_type == 0x80)
92 return 0; /* reserved */
93 else if (label_type == 0x40)
95 unsigned int count, digs;
98 return 0; /* we only understand bitstrings */
101 return 0; /* Cannot compare bitsrings */
106 digs = ((count-1)>>2)+1;
108 /* output is \[x<hex>/siz]. which is digs+9 chars */
109 if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME)
111 if (!CHECK_LEN(header, p, plen, (count-1)>>3))
117 for (j=0; j<digs; j++)
125 *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10;
127 cp += sprintf((char *)cp, "/%d]", count);
128 /* do this here to overwrite the zero char from sprintf */
132 { /* label_type = 0 -> label. */
133 if (cp - (unsigned char *)name + l + 1 >= MAXDNAME)
135 if (!CHECK_LEN(header, p, plen, l))
138 for(j=0; j<l; j++, p++)
141 unsigned char c = *p;
142 if (isascii(c) && !iscntrl(c) && c != '.')
149 unsigned char c1 = *cp, c2 = *p;
156 if (c1 >= 'A' && c1 <= 'Z')
158 if (c2 >= 'A' && c2 <= 'Z')
168 else if (*cp != 0 && *cp++ != '.')
174 /* Max size of input string (for IPv6) is 75 chars.) */
175 #define MAXARPANAME 75
176 static int in_arpa_name_2_addr(char *namein, struct all_addr *addrp)
179 char name[MAXARPANAME+1], *cp1;
180 unsigned char *addr = (unsigned char *)addrp;
181 char *lastchunk = NULL, *penchunk = NULL;
183 if (strlen(namein) > MAXARPANAME)
186 memset(addrp, 0, sizeof(struct all_addr));
188 /* turn name into a series of asciiz strings */
189 /* j counts no of labels */
190 for(j = 1,cp1 = name; *namein; cp1++, namein++)
193 penchunk = lastchunk;
206 if (hostname_isequal(lastchunk, "arpa") && hostname_isequal(penchunk, "in-addr"))
209 /* address arives as a name of the form
210 www.xxx.yyy.zzz.in-addr.arpa
211 some of the low order address octets might be missing
212 and should be set to zero. */
213 for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
215 /* check for digits only (weeds out things like
216 50.0/24.67.28.64.in-addr.arpa which are used
217 as CNAME targets according to RFC 2317 */
219 for (cp = cp1; *cp; cp++)
220 if (!isdigit((unsigned char)*cp))
232 else if (hostname_isequal(penchunk, "ip6") &&
233 (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa")))
236 Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa]
237 or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa]
239 Note that most of these the various reprentations are obsolete and
240 left-over from the many DNS-for-IPv6 wars. We support all the formats
241 that we can since there is no reason not to.
244 if (*name == '\\' && *(name+1) == '[' &&
245 (*(name+2) == 'x' || *(name+2) == 'X'))
247 for (j = 0, cp1 = name+3; *cp1 && isxdigit((unsigned char) *cp1) && j < 32; cp1++, j++)
253 addr[j/2] |= strtol(xdig, NULL, 16);
255 addr[j/2] = strtol(xdig, NULL, 16) << 4;
258 if (*cp1 == '/' && j == 32)
263 for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
265 if (*(cp1+1) || !isxdigit((unsigned char)*cp1))
268 for (j = sizeof(struct all_addr)-1; j>0; j--)
269 addr[j] = (addr[j] >> 4) | (addr[j-1] << 4);
270 addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4);
281 static unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes)
285 unsigned int label_type;
287 if (!CHECK_LEN(header, ansp, plen, 1))
290 label_type = (*ansp) & 0xc0;
292 if (label_type == 0xc0)
294 /* pointer for compression. */
298 else if (label_type == 0x80)
299 return NULL; /* reserved */
300 else if (label_type == 0x40)
302 /* Extended label type */
305 if (!CHECK_LEN(header, ansp, plen, 2))
308 if (((*ansp++) & 0x3f) != 1)
309 return NULL; /* we only understand bitstrings */
311 count = *(ansp++); /* Bits in bitstring */
313 if (count == 0) /* count == 0 means 256 bits */
316 ansp += ((count-1)>>3)+1;
319 { /* label type == 0 Bottom six bits is length */
320 unsigned int len = (*ansp++) & 0x3f;
322 if (!ADD_RDLEN(header, ansp, plen, len))
326 break; /* zero length label marks the end. */
330 if (!CHECK_LEN(header, ansp, plen, extrabytes))
336 static unsigned char *skip_questions(struct dns_header *header, size_t plen)
339 unsigned char *ansp = (unsigned char *)(header+1);
341 for (q = ntohs(header->qdcount); q != 0; q--)
343 if (!(ansp = skip_name(ansp, header, plen, 4)))
345 ansp += 4; /* class and type */
351 static unsigned char *skip_section(unsigned char *ansp, int count, struct dns_header *header, size_t plen)
355 for (i = 0; i < count; i++)
357 if (!(ansp = skip_name(ansp, header, plen, 10)))
359 ansp += 8; /* type, class, TTL */
360 GETSHORT(rdlen, ansp);
361 if (!ADD_RDLEN(header, ansp, plen, rdlen))
368 /* CRC the question section. This is used to safely detect query
369 retransmision and to detect answers to questions we didn't ask, which
370 might be poisoning attacks. Note that we decode the name rather
371 than CRC the raw bytes, since replies might be compressed differently.
372 We ignore case in the names for the same reason. Return all-ones
373 if there is not question section. */
374 unsigned int questions_crc(struct dns_header *header, size_t plen, char *name)
377 unsigned int crc = 0xffffffff;
378 unsigned char *p1, *p = (unsigned char *)(header+1);
380 for (q = ntohs(header->qdcount); q != 0; q--)
382 if (!extract_name(header, plen, &p, name, 1, 4))
383 return crc; /* bad packet */
385 for (p1 = (unsigned char *)name; *p1; p1++)
390 if (c >= 'A' && c <= 'Z')
395 crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
398 /* CRC the class and type as well */
399 for (p1 = p; p1 < p+4; p1++)
404 crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
408 if (!CHECK_LEN(header, p, plen, 0))
409 return crc; /* bad packet */
416 size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen)
418 unsigned char *ansp = skip_questions(header, plen);
420 /* if packet is malformed, just return as-is. */
424 if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
428 /* restore pseudoheader */
429 if (pheader && ntohs(header->arcount) == 0)
431 /* must use memmove, may overlap */
432 memmove(ansp, pheader, hlen);
433 header->arcount = htons(1);
437 return ansp - (unsigned char *)header;
440 unsigned char *find_pseudoheader(struct dns_header *header, size_t plen, size_t *len, unsigned char **p, int *is_sign)
442 /* See if packet has an RFC2671 pseudoheader, and if so return a pointer to it.
443 also return length of pseudoheader in *len and pointer to the UDP size in *p
444 Finally, check to see if a packet is signed. If it is we cannot change a single bit before
445 forwarding. We look for SIG and TSIG in the addition section, and TKEY queries (for GSS-TSIG) */
447 int i, arcount = ntohs(header->arcount);
448 unsigned char *ansp = (unsigned char *)(header+1);
449 unsigned short rdlen, type, class;
450 unsigned char *ret = NULL;
456 if (OPCODE(header) == QUERY)
458 for (i = ntohs(header->qdcount); i != 0; i--)
460 if (!(ansp = skip_name(ansp, header, plen, 4)))
463 GETSHORT(type, ansp);
464 GETSHORT(class, ansp);
466 if (class == C_IN && type == T_TKEY)
473 if (!(ansp = skip_questions(header, plen)))
480 if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount), header, plen)))
483 for (i = 0; i < arcount; i++)
485 unsigned char *save, *start = ansp;
486 if (!(ansp = skip_name(ansp, header, plen, 10)))
489 GETSHORT(type, ansp);
491 GETSHORT(class, ansp);
493 GETSHORT(rdlen, ansp);
494 if (!ADD_RDLEN(header, ansp, plen, rdlen))
507 (type == T_SIG || type == T_TSIG))
515 unsigned char *limit;
516 struct dns_header *header;
518 union mysockaddr *l3;
521 static int filter_mac(int family, char *addrp, char *mac, size_t maclen, void *parmv)
523 struct macparm *parm = parmv;
525 unsigned short rdlen;
526 struct dns_header *header = parm->header;
527 unsigned char *lenp, *datap, *p;
529 if (family == parm->l3->sa.sa_family)
531 if (family == AF_INET && memcmp (&parm->l3->in.sin_addr, addrp, INADDRSZ) == 0)
535 if (family == AF_INET6 && memcmp (&parm->l3->in6.sin6_addr, addrp, IN6ADDRSZ) == 0)
541 return 1; /* continue */
543 if (ntohs(header->arcount) == 0)
545 /* We are adding the pseudoheader */
546 if (!(p = skip_questions(header, parm->plen)) ||
547 !(p = skip_section(p,
548 ntohs(header->ancount) + ntohs(header->nscount),
549 header, parm->plen)))
551 *p++ = 0; /* empty name */
553 PUTSHORT(PACKETSZ, p); /* max packet length - is 512 suitable default for non-EDNS0 resolvers? */
554 PUTLONG(0, p); /* extended RCODE */
556 PUTSHORT(0, p); /* RDLEN */
558 if (((ssize_t)maclen) > (parm->limit - (p + 4)))
559 return 0; /* Too big */
560 header->arcount = htons(1);
566 unsigned short code, len;
568 if (ntohs(header->arcount) != 1 ||
569 !(p = find_pseudoheader(header, parm->plen, NULL, NULL, &is_sign)) ||
571 (!(p = skip_name(p, header, parm->plen, 10))))
574 p += 8; /* skip UDP length and RCODE */
578 if (!CHECK_LEN(header, p, parm->plen, rdlen))
579 return 0; /* bad packet */
582 /* check if option already there */
583 for (i = 0; i + 4 < rdlen; i += len + 4)
587 if (code == EDNS0_OPTION_MAC)
592 if (((ssize_t)maclen) > (parm->limit - (p + 4)))
593 return 0; /* Too big */
596 PUTSHORT(EDNS0_OPTION_MAC, p);
598 memcpy(p, mac, maclen);
601 PUTSHORT(p - datap, lenp);
602 parm->plen = p - (unsigned char *)header;
608 size_t add_mac(struct dns_header *header, size_t plen, char *limit, union mysockaddr *l3)
612 /* Must have an existing pseudoheader as the only ar-record,
613 or have no ar-records. Must also not be signed */
615 if (ntohs(header->arcount) > 1)
618 parm.header = header;
619 parm.limit = (unsigned char *)limit;
623 iface_enumerate(AF_UNSPEC, &parm, filter_mac);
629 /* is addr in the non-globally-routed IP space? */
630 static int private_net(struct in_addr addr, int ban_localhost)
632 in_addr_t ip_addr = ntohl(addr.s_addr);
635 (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ ||
636 ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
637 ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ ||
638 ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ ||
639 ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ;
642 static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name)
644 int i, qtype, qclass, rdlen;
647 for (i = count; i != 0; i--)
649 if (name && option_bool(OPT_LOG))
651 if (!extract_name(header, qlen, &p, name, 1, 10))
654 else if (!(p = skip_name(p, header, qlen, 10)))
655 return 0; /* bad packet */
662 if (qclass == C_IN && qtype == T_A)
664 struct doctor *doctor;
667 if (!CHECK_LEN(header, p, qlen, INADDRSZ))
671 memcpy(&addr, p, INADDRSZ);
673 for (doctor = daemon->doctors; doctor; doctor = doctor->next)
675 if (doctor->end.s_addr == 0)
677 if (!is_same_net(doctor->in, addr, doctor->mask))
680 else if (ntohl(doctor->in.s_addr) > ntohl(addr.s_addr) ||
681 ntohl(doctor->end.s_addr) < ntohl(addr.s_addr))
684 addr.s_addr &= ~doctor->mask.s_addr;
685 addr.s_addr |= (doctor->out.s_addr & doctor->mask.s_addr);
686 /* Since we munged the data, the server it came from is no longer authoritative */
687 header->hb3 &= ~HB3_AA;
688 memcpy(p, &addr, INADDRSZ);
692 else if (qtype == T_TXT && name && option_bool(OPT_LOG))
694 unsigned char *p1 = p;
695 if (!CHECK_LEN(header, p1, qlen, rdlen))
697 while ((p1 - p) < rdlen)
699 unsigned int i, len = *p1;
700 unsigned char *p2 = p1;
701 /* make counted string zero-term and sanitise */
702 for (i = 0; i < len; i++)
703 if (isprint(*(p2+1)))
709 my_syslog(LOG_INFO, "reply %s is %s", name, p1);
711 memmove(p1 + 1, p1, len);
717 if (!ADD_RDLEN(header, p, qlen, rdlen))
718 return 0; /* bad packet */
724 static int find_soa(struct dns_header *header, size_t qlen, char *name)
727 int qtype, qclass, rdlen;
728 unsigned long ttl, minttl = ULONG_MAX;
729 int i, found_soa = 0;
731 /* first move to NS section and find TTL from any SOA section */
732 if (!(p = skip_questions(header, qlen)) ||
733 !(p = do_doctor(p, ntohs(header->ancount), header, qlen, name)))
734 return 0; /* bad packet */
736 for (i = ntohs(header->nscount); i != 0; i--)
738 if (!(p = skip_name(p, header, qlen, 10)))
739 return 0; /* bad packet */
746 if ((qclass == C_IN) && (qtype == T_SOA))
753 if (!(p = skip_name(p, header, qlen, 0)))
756 if (!(p = skip_name(p, header, qlen, 20)))
758 p += 16; /* SERIAL REFRESH RETRY EXPIRE */
760 GETLONG(ttl, p); /* minTTL */
764 else if (!ADD_RDLEN(header, p, qlen, rdlen))
765 return 0; /* bad packet */
768 /* rewrite addresses in additioal section too */
769 if (!do_doctor(p, ntohs(header->arcount), header, qlen, NULL))
773 minttl = daemon->neg_ttl;
778 /* Note that the following code can create CNAME chains that don't point to a real record,
779 either because of lack of memory, or lack of SOA records. These are treated by the cache code as
780 expired and cleaned out that way.
781 Return 1 if we reject an address because it look like part of dns-rebinding attack. */
782 int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t now,
783 int is_sign, int check_rebind, int checking_disabled)
785 unsigned char *p, *p1, *endrr, *namep;
786 int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
787 unsigned long ttl = 0;
788 struct all_addr addr;
790 cache_start_insert();
792 /* find_soa is needed for dns_doctor and logging side-effects, so don't call it lazily if there are any. */
793 if (daemon->doctors || option_bool(OPT_LOG))
796 ttl = find_soa(header, qlen, name);
799 /* go through the questions. */
800 p = (unsigned char *)(header+1);
802 for (i = ntohs(header->qdcount); i != 0; i--)
804 int found = 0, cname_count = 5;
805 struct crec *cpp = NULL;
806 int flags = RCODE(header) == NXDOMAIN ? F_NXDOMAIN : 0;
807 unsigned long cttl = ULONG_MAX, attl;
810 if (!extract_name(header, qlen, &p, name, 1, 4))
811 return 0; /* bad packet */
819 /* PTRs: we chase CNAMEs here, since we have no way to
820 represent them in the cache. */
823 int name_encoding = in_arpa_name_2_addr(name, &addr);
828 if (!(flags & F_NXDOMAIN))
831 if (!(p1 = skip_questions(header, qlen)))
834 for (j = ntohs(header->ancount); j != 0; j--)
836 unsigned char *tmp = namep;
837 /* the loop body overwrites the original name, so get it back here. */
838 if (!extract_name(header, qlen, &tmp, name, 1, 0) ||
839 !(res = extract_name(header, qlen, &p1, name, 0, 10)))
840 return 0; /* bad packet */
842 GETSHORT(aqtype, p1);
843 GETSHORT(aqclass, p1);
845 if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
848 PUTLONG(daemon->max_ttl, p1);
850 GETSHORT(ardlen, p1);
853 /* TTL of record is minimum of CNAMES and PTR */
857 if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR))
859 if (!extract_name(header, qlen, &p1, name, 1, 0))
862 if (aqtype == T_CNAME)
865 return 0; /* looped CNAMES */
869 cache_insert(name, &addr, now, cttl, name_encoding | F_REVERSE);
874 if (!CHECK_LEN(header, p1, qlen, 0))
875 return 0; /* bad packet */
879 if (!found && !option_bool(OPT_NO_NEG))
884 ttl = find_soa(header, qlen, NULL);
887 cache_insert(NULL, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags);
892 /* everything other than PTR */
902 else if (qtype == T_AAAA)
911 if (!(flags & F_NXDOMAIN))
914 if (!(p1 = skip_questions(header, qlen)))
917 for (j = ntohs(header->ancount); j != 0; j--)
919 if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
920 return 0; /* bad packet */
922 GETSHORT(aqtype, p1);
923 GETSHORT(aqclass, p1);
925 if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
928 PUTLONG(daemon->max_ttl, p1);
930 GETSHORT(ardlen, p1);
933 if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == qtype))
935 if (aqtype == T_CNAME)
938 return 0; /* looped CNAMES */
939 newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD);
942 cpp->addr.cname.cache = newc;
943 cpp->addr.cname.uid = newc->uid;
950 if (!extract_name(header, qlen, &p1, name, 1, 0))
958 /* copy address into aligned storage */
959 if (!CHECK_LEN(header, p1, qlen, addrlen))
960 return 0; /* bad packet */
961 memcpy(&addr, p1, addrlen);
963 /* check for returned address in private space */
966 private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
969 newc = cache_insert(name, &addr, now, attl, flags | F_FORWARD);
972 cpp->addr.cname.cache = newc;
973 cpp->addr.cname.uid = newc->uid;
980 if (!CHECK_LEN(header, p1, qlen, 0))
981 return 0; /* bad packet */
985 if (!found && !option_bool(OPT_NO_NEG))
990 ttl = find_soa(header, qlen, NULL);
992 /* If there's no SOA to get the TTL from, but there is a CNAME
993 pointing at this, inherit its TTL */
996 newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags);
999 cpp->addr.cname.cache = newc;
1000 cpp->addr.cname.uid = newc->uid;
1007 /* Don't put stuff from a truncated packet into the cache,
1008 also don't cache replies where DNSSEC validation was turned off, either
1009 the upstream server told us so, or the original query specified it. */
1010 if (!(header->hb3 & HB3_TC) && !(header->hb4 & HB4_CD) && !checking_disabled)
1016 /* If the packet holds exactly one query
1017 return F_IPV4 or F_IPV6 and leave the name from the query in name */
1019 unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, unsigned short *typep)
1021 unsigned char *p = (unsigned char *)(header+1);
1027 if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY)
1028 return 0; /* must be exactly one query. */
1030 if (!extract_name(header, qlen, &p, name, 1, 4))
1031 return 0; /* bad packet */
1034 GETSHORT(qclass, p);
1043 if (qtype == T_AAAA)
1046 return F_IPV4 | F_IPV6;
1047 if (qtype == T_NS || qtype == T_SOA)
1048 return F_QUERY | F_NSRR;
1055 size_t setup_reply(struct dns_header *header, size_t qlen,
1056 struct all_addr *addrp, unsigned int flags, unsigned long ttl)
1058 unsigned char *p = skip_questions(header, qlen);
1060 /* clear authoritative and truncated flags, set QR flag */
1061 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
1063 header->hb4 |= HB4_RA;
1065 header->nscount = htons(0);
1066 header->arcount = htons(0);
1067 header->ancount = htons(0); /* no answers unless changed below */
1069 SET_RCODE(header, SERVFAIL); /* couldn't get memory */
1070 else if (flags == F_NOERR)
1071 SET_RCODE(header, NOERROR); /* empty domain */
1072 else if (flags == F_NXDOMAIN)
1073 SET_RCODE(header, NXDOMAIN);
1074 else if (p && flags == F_IPV4)
1075 { /* we know the address */
1076 SET_RCODE(header, NOERROR);
1077 header->ancount = htons(1);
1078 header->hb3 |= HB3_AA;
1079 add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
1082 else if (p && flags == F_IPV6)
1084 SET_RCODE(header, NOERROR);
1085 header->ancount = htons(1);
1086 header->hb3 |= HB3_AA;
1087 add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_AAAA, C_IN, "6", addrp);
1090 else /* nowhere to forward to */
1091 SET_RCODE(header, REFUSED);
1093 return p - (unsigned char *)header;
1096 /* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
1097 int check_for_local_domain(char *name, time_t now)
1100 struct mx_srv_record *mx;
1101 struct txt_record *txt;
1102 struct interface_name *intr;
1103 struct ptr_record *ptr;
1105 if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6)) &&
1106 (crecp->flags & (F_HOSTS | F_DHCP)))
1109 for (mx = daemon->mxnames; mx; mx = mx->next)
1110 if (hostname_isequal(name, mx->name))
1113 for (txt = daemon->txt; txt; txt = txt->next)
1114 if (hostname_isequal(name, txt->name))
1117 for (intr = daemon->int_names; intr; intr = intr->next)
1118 if (hostname_isequal(name, intr->name))
1121 for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1122 if (hostname_isequal(name, ptr->name))
1128 /* Is the packet a reply with the answer address equal to addr?
1129 If so mung is into an NXDOMAIN reply and also put that information
1131 int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name,
1132 struct bogus_addr *baddr, time_t now)
1135 int i, qtype, qclass, rdlen;
1137 struct bogus_addr *baddrp;
1139 /* skip over questions */
1140 if (!(p = skip_questions(header, qlen)))
1141 return 0; /* bad packet */
1143 for (i = ntohs(header->ancount); i != 0; i--)
1145 if (!extract_name(header, qlen, &p, name, 1, 10))
1146 return 0; /* bad packet */
1149 GETSHORT(qclass, p);
1153 if (qclass == C_IN && qtype == T_A)
1155 if (!CHECK_LEN(header, p, qlen, INADDRSZ))
1158 for (baddrp = baddr; baddrp; baddrp = baddrp->next)
1159 if (memcmp(&baddrp->addr, p, INADDRSZ) == 0)
1161 /* Found a bogus address. Insert that info here, since there no SOA record
1162 to get the ttl from in the normal processing */
1163 cache_start_insert();
1164 cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN | F_CONFIG);
1171 if (!ADD_RDLEN(header, p, qlen, rdlen))
1178 static int add_resource_record(struct dns_header *header, char *limit, int *truncp, unsigned int nameoffset, unsigned char **pp,
1179 unsigned long ttl, unsigned int *offset, unsigned short type, unsigned short class, char *format, ...)
1182 unsigned char *sav, *p = *pp;
1184 unsigned short usval;
1188 if (truncp && *truncp)
1191 PUTSHORT(nameoffset | 0xc000, p);
1194 PUTLONG(ttl, p); /* TTL */
1196 sav = p; /* Save pointer to RDLength field */
1197 PUTSHORT(0, p); /* Placeholder RDLength */
1199 va_start(ap, format); /* make ap point to 1st unamed argument */
1201 for (; *format; format++)
1206 sval = va_arg(ap, char *);
1207 memcpy(p, sval, IN6ADDRSZ);
1213 sval = va_arg(ap, char *);
1214 memcpy(p, sval, INADDRSZ);
1219 usval = va_arg(ap, int);
1224 lval = va_arg(ap, long);
1229 /* get domain-name answer arg and store it in RDATA field */
1231 *offset = p - (unsigned char *)header;
1232 p = do_rfc1035_name(p, va_arg(ap, char *));
1237 usval = va_arg(ap, int);
1238 sval = va_arg(ap, char *);
1239 memcpy(p, sval, usval);
1244 sval = va_arg(ap, char *);
1245 usval = sval ? strlen(sval) : 0;
1248 *p++ = (unsigned char)usval;
1249 memcpy(p, sval, usval);
1254 va_end(ap); /* clean up variable argument pointer */
1257 PUTSHORT(j, sav); /* Now, store real RDLength */
1259 /* check for overflow of buffer */
1260 if (limit && ((unsigned char *)limit - p) < 0)
1271 static unsigned long crec_ttl(struct crec *crecp, time_t now)
1273 /* Return 0 ttl for DHCP entries, which might change
1274 before the lease expires. */
1276 if (crecp->flags & (F_IMMORTAL | F_DHCP))
1277 return daemon->local_ttl;
1279 /* Return the Max TTL value if it is lower then the actual TTL */
1280 if (daemon->max_ttl == 0 || ((unsigned)(crecp->ttd - now) < daemon->max_ttl))
1281 return crecp->ttd - now;
1283 return daemon->max_ttl;
1287 /* return zero if we can't answer from cache, or packet size if we can */
1288 size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
1289 struct in_addr local_addr, struct in_addr local_netmask, time_t now)
1291 char *name = daemon->namebuff;
1292 unsigned char *p, *ansp, *pheader;
1294 struct all_addr addr;
1295 unsigned int nameoffset;
1296 unsigned short flag;
1297 int q, ans, anscount = 0, addncount = 0;
1298 int dryrun = 0, sec_reqd = 0;
1301 int nxdomain = 0, auth = 1, trunc = 0;
1302 struct mx_srv_record *rec;
1304 /* If there is an RFC2671 pseudoheader then it will be overwritten by
1305 partial replies, so we have to do a dry run to see if we can answer
1306 the query. We check to see if the do bit is set, if so we always
1307 forward rather than answering from the cache, which doesn't include
1308 security information. */
1310 if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign))
1312 unsigned short udpsz, ext_rcode, flags;
1313 unsigned char *psave = pheader;
1315 GETSHORT(udpsz, pheader);
1316 GETSHORT(ext_rcode, pheader);
1317 GETSHORT(flags, pheader);
1319 sec_reqd = flags & 0x8000; /* do bit */
1321 /* If our client is advertising a larger UDP packet size
1322 than we allow, trim it so that we don't get an overlarge
1323 response from upstream */
1325 if (!is_sign && (udpsz > daemon->edns_pktsz))
1326 PUTSHORT(daemon->edns_pktsz, psave);
1331 if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
1334 for (rec = daemon->mxnames; rec; rec = rec->next)
1338 /* determine end of question section (we put answers there) */
1339 if (!(ansp = skip_questions(header, qlen)))
1340 return 0; /* bad packet */
1342 /* now process each question, answers go in RRs after the question */
1343 p = (unsigned char *)(header+1);
1345 for (q = ntohs(header->qdcount); q != 0; q--)
1347 /* save pointer to name for copying into answers */
1348 nameoffset = p - (unsigned char *)header;
1350 /* now extract name as .-concatenated string into name */
1351 if (!extract_name(header, qlen, &p, name, 1, 4))
1352 return 0; /* bad packet */
1355 GETSHORT(qclass, p);
1357 ans = 0; /* have we answered this question */
1359 if (qtype == T_TXT || qtype == T_ANY)
1361 struct txt_record *t;
1362 for(t = daemon->txt; t ; t = t->next)
1364 if (t->class == qclass && hostname_isequal(name, t->name))
1369 log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
1370 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1371 daemon->local_ttl, NULL,
1372 T_TXT, t->class, "t", t->len, t->txt))
1382 if (qtype == T_PTR || qtype == T_ANY)
1384 /* see if it's w.z.y.z.in-addr.arpa format */
1385 int is_arpa = in_arpa_name_2_addr(name, &addr);
1386 struct ptr_record *ptr;
1387 struct interface_name* intr = NULL;
1389 for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1390 if (hostname_isequal(name, ptr->name))
1393 if (is_arpa == F_IPV4)
1394 for (intr = daemon->int_names; intr; intr = intr->next)
1396 if (addr.addr.addr4.s_addr == get_ifaddr(intr->intr).s_addr)
1399 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
1408 log_query(F_IPV4 | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
1409 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1410 daemon->local_ttl, NULL,
1411 T_PTR, C_IN, "d", intr->name))
1420 log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>");
1421 for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1422 if (hostname_isequal(name, ptr->name) &&
1423 add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1424 daemon->local_ttl, NULL,
1425 T_PTR, C_IN, "d", ptr->ptr))
1430 else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
1433 /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
1434 if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
1437 if (crecp->flags & F_NEG)
1441 if (crecp->flags & F_NXDOMAIN)
1444 log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL);
1446 else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
1449 if (!(crecp->flags & (F_HOSTS | F_DHCP)))
1453 log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr,
1454 record_source(crecp->uid));
1456 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1457 crec_ttl(crecp, now), NULL,
1458 T_PTR, C_IN, "d", cache_get_name(crecp)))
1462 } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
1463 else if (is_arpa == F_IPV4 &&
1464 option_bool(OPT_BOGUSPRIV) &&
1465 private_net(addr.addr.addr4, 1))
1467 /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
1471 log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN,
1476 for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0)
1478 unsigned short type = T_A;
1487 if (qtype != type && qtype != T_ANY)
1490 /* Check for "A for A" queries; be rather conservative
1491 about what looks like dotted-quad. */
1498 for (cp = name, i = 0, a = 0; *cp; i++)
1500 if (!isdigit((unsigned char)*cp) || (x = strtol(cp, &cp, 10)) > 255)
1517 addr.addr.addr4.s_addr = htonl(a);
1518 log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
1519 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1520 daemon->local_ttl, NULL, type, C_IN, "4", &addr))
1527 /* interface name stuff */
1530 struct interface_name *intr;
1532 for (intr = daemon->int_names; intr; intr = intr->next)
1533 if (hostname_isequal(name, intr->name))
1541 if ((addr.addr.addr4 = get_ifaddr(intr->intr)).s_addr == (in_addr_t) -1)
1542 log_query(F_FORWARD | F_CONFIG | F_IPV4 | F_NEG, name, NULL, NULL);
1545 log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
1546 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1547 daemon->local_ttl, NULL, type, C_IN, "4", &addr))
1556 if ((crecp = cache_find_by_name(NULL, name, now, flag | F_CNAME)))
1560 /* See if a putative address is on the network from which we recieved
1561 the query, is so we'll filter other answers. */
1562 if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && flag == F_IPV4)
1564 struct crec *save = crecp;
1566 if ((crecp->flags & F_HOSTS) &&
1567 is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask))
1572 } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
1578 /* don't answer wildcard queries with data not from /etc/hosts
1580 if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
1583 if (crecp->flags & F_CNAME)
1587 log_query(crecp->flags, name, NULL, record_source(crecp->uid));
1588 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1589 crec_ttl(crecp, now), &nameoffset,
1590 T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
1594 strcpy(name, cache_get_name(crecp->addr.cname.cache));
1598 if (crecp->flags & F_NEG)
1602 if (crecp->flags & F_NXDOMAIN)
1605 log_query(crecp->flags, name, NULL, NULL);
1607 else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
1609 /* If we are returning local answers depending on network,
1612 (crecp->flags & F_HOSTS) &&
1613 !is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask))
1616 if (!(crecp->flags & (F_HOSTS | F_DHCP)))
1622 log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr,
1623 record_source(crecp->uid));
1625 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1626 crec_ttl(crecp, now), NULL, type, C_IN,
1627 type == T_A ? "4" : "6", &crecp->addr))
1631 } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
1635 if (qtype == T_MX || qtype == T_ANY)
1638 for (rec = daemon->mxnames; rec; rec = rec->next)
1639 if (!rec->issrv && hostname_isequal(name, rec->name))
1644 unsigned int offset;
1645 log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
1646 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1647 &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
1651 rec->offset = offset;
1656 if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
1657 cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP))
1662 log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
1663 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL,
1664 T_MX, C_IN, "sd", 1,
1665 option_bool(OPT_SELFMX) ? name : daemon->mxtarget))
1671 if (qtype == T_SRV || qtype == T_ANY)
1674 struct mx_srv_record *move = NULL, **up = &daemon->mxnames;
1676 for (rec = daemon->mxnames; rec; rec = rec->next)
1677 if (rec->issrv && hostname_isequal(name, rec->name))
1682 unsigned int offset;
1683 log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
1684 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1685 &offset, T_SRV, C_IN, "sssd",
1686 rec->priority, rec->weight, rec->srvport, rec->target))
1690 rec->offset = offset;
1694 /* unlink first SRV record found */
1706 /* put first SRV record back at the end. */
1713 if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
1717 log_query(F_CONFIG | F_NEG, name, NULL, NULL);
1721 if (qtype == T_NAPTR || qtype == T_ANY)
1724 for (na = daemon->naptr; na; na = na->next)
1725 if (hostname_isequal(name, na->name))
1730 log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
1731 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1732 NULL, T_NAPTR, C_IN, "sszzzd",
1733 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
1739 if (qtype == T_MAILB)
1740 ans = 1, nxdomain = 1;
1742 if (qtype == T_SOA && option_bool(OPT_FILTER))
1746 log_query(F_CONFIG | F_NEG, name, &addr, NULL);
1751 return 0; /* failed to answer a question */
1760 /* create an additional data section, for stuff in SRV and MX record replies. */
1761 for (rec = daemon->mxnames; rec; rec = rec->next)
1762 if (rec->offset != 0)
1765 struct mx_srv_record *tmp;
1766 for (tmp = rec->next; tmp; tmp = tmp->next)
1767 if (tmp->offset != 0 && hostname_isequal(rec->target, tmp->target))
1771 while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6)))
1774 int type = crecp->flags & F_IPV4 ? T_A : T_AAAA;
1778 if (crecp->flags & F_NEG)
1781 if (add_resource_record(header, limit, NULL, rec->offset, &ansp,
1782 crec_ttl(crecp, now), NULL, type, C_IN,
1783 crecp->flags & F_IPV4 ? "4" : "6", &crecp->addr))
1788 /* done all questions, set up header and return length of result */
1789 /* clear authoritative and truncated flags, set QR flag */
1790 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
1792 header->hb4 |= HB4_RA;
1794 /* authoritive - only hosts and DHCP derived names. */
1796 header->hb3 |= HB3_AA;
1800 header->hb3 |= HB3_TC;
1802 if (anscount == 0 && nxdomain)
1803 SET_RCODE(header, NXDOMAIN);
1805 SET_RCODE(header, NOERROR); /* no error */
1806 header->ancount = htons(anscount);
1807 header->nscount = htons(0);
1808 header->arcount = htons(addncount);
1809 return ansp - (unsigned char *)header;