From 35694256108aae7dbf72677359edd17ef94ba666 Mon Sep 17 00:00:00 2001 From: Jonni Liljamo Date: Thu, 24 Oct 2024 12:14:06 +0300 Subject: [PATCH] feat: modified msgAcceptFunc to facilitate dynamic updates --- internal/dns/server.go | 50 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) diff --git a/internal/dns/server.go b/internal/dns/server.go index c92b499..ea554f9 100644 --- a/internal/dns/server.go +++ b/internal/dns/server.go @@ -18,9 +18,55 @@ func Run(addr string, net string) error { dns.HandleFunc(config.FeluConfig.DNSPattern, handleDNSRequest) server := &dns.Server{ - Addr: addr, - Net: net, + Addr: addr, + Net: net, + MsgAcceptFunc: msgAcceptFunc, } return server.ListenAndServe() } + +// https://github.com/miekg/dns/blob/b77d1ed8e9282cadf21c4124f53a660fed55c8ca/types.go#L192 +const _QR = 1 << 15 // query/response (response=1) + +// Otherwise the same as the original, but: +// +// 1: Commented out dynamic update rejection. +// 2: Commented out dh.Nscount > 1, for dynamic updates. +// +// TODO: Consider looking this over properly, and maybe ditching the default. +// +// https://github.com/miekg/dns/blob/b77d1ed8e9282cadf21c4124f53a660fed55c8ca/acceptfunc.go +func msgAcceptFunc(dh dns.Header) dns.MsgAcceptAction { + if isResponse := dh.Bits&_QR != 0; isResponse { + return dns.MsgIgnore + } + + /* + // Don't allow dynamic updates, because then the sections can contain a whole bunch of RRs. + opcode := int(dh.Bits>>11) & 0xF + if opcode != dns.OpcodeQuery && opcode != dns.OpcodeNotify { + return dns.MsgRejectNotImplemented + } + */ + + if dh.Qdcount != 1 { + return dns.MsgReject + } + // NOTIFY requests can have a SOA in the ANSWER section. See RFC 1996 Section 3.7 and 3.11. + if dh.Ancount > 1 { + return dns.MsgReject + } + /* + // IXFR request could have one SOA RR in the NS section. See RFC 1995, section 3. + if dh.Nscount > 1 { + return dns.MsgReject + } + */ + + if dh.Arcount > 2 { + return dns.MsgReject + } + + return dns.MsgAccept +} -- 2.44.1