]> granicus.if.org Git - pdns/commitdiff
WARNING WARNING: We now listen on 127.0.0.1 by default *AND* only reply to RFC 1918...
authorBert Hubert <bert.hubert@netherlabs.nl>
Fri, 14 Apr 2006 08:39:16 +0000 (08:39 +0000)
committerBert Hubert <bert.hubert@netherlabs.nl>
Fri, 14 Apr 2006 08:39:16 +0000 (08:39 +0000)
Ignore answers w/o a question
s/spoof/unexpected/

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@697 d19b8d6e-7fed-0310-83ef-9ca221ded41b

pdns/lwres.cc
pdns/pdns_recursor.cc
pdns/syncres.hh

index addfc2ba21e04b96822f8b6c2e7fbb0b2b97ac4b..bddda1d2b073ccac7b4a89e9a4eed0c82e8b31ca 100644 (file)
@@ -144,7 +144,7 @@ LWRes::res_t LWRes::result()
     if(strcasecmp(d_domain.c_str(), mdp.d_qname.c_str())) { 
       if(d_domain.find((char)0)==string::npos) {// embedded nulls are too noisy
        L<<Logger::Error<<"Packet purporting to come from remote server "<<U32ToIP(d_ip)<<" contained wrong answer: '" << d_domain << "' != '" << mdp.d_qname << "'" << endl;
-       g_stats.spoofedCount++;
+       g_stats.unexpectedCount++;
       }
       goto out;
     }
index f28dbaff44de3a4b15bd860d9bf565f75c4cf38b..5146fed4b56ef4629940329b441724cda6c9f577 100644 (file)
@@ -725,7 +725,7 @@ int main(int argc, char **argv)
     ::arg().set("no-shuffle","Don't change")="off";
     ::arg().set("aaaa-additional-processing","turn on to do AAAA additional processing (slow)")="off";
     ::arg().set("local-port","port to listen on")="53";
-    ::arg().set("local-address","IP addresses to listen on, separated by spaces or commas")="0.0.0.0";
+    ::arg().set("local-address","IP addresses to listen on, separated by spaces or commas")="127.0.0.1";
     ::arg().set("trace","if we should output heaps of logging")="off";
     ::arg().set("daemon","Operate as a daemon")="yes";
     ::arg().set("log-common-errors","If we should log rather common errors")="yes";
@@ -741,7 +741,7 @@ int main(int argc, char **argv)
     ::arg().set("max-tcp-clients","Maximum number of simultaneous TCP clients")="128";
     ::arg().set("hint-file", "If set, load root hints from this file")="";
     ::arg().set("max-cache-entries", "If set, maximum number of entries in the main cache")="0";
-    ::arg().set("allow-from", "If set, only allow these comma separated netmasks to recurse")="";
+    ::arg().set("allow-from", "If set, only allow these comma separated netmasks to recurse")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12";
     ::arg().set("max-tcp-per-client", "If set, maximum number of TCP sessions per client (IP address)")="0";
     ::arg().set("fork", "If set, fork the daemon for possible double performance")="no";
 
@@ -942,15 +942,15 @@ int main(int argc, char **argv)
          if((size_t) d_len >= sizeof(dnsheader)) {
            memcpy(&dh, data, sizeof(dh));
            
-           if(dh.qr) {
+           if(dh.qr && dh.qdcount) {
              pident.remote=fromaddr;
              pident.id=dh.id;
              string packet;
              packet.assign(data, d_len);
              if(!MT->sendEvent(pident, &packet)) {
                if(logCommonErrors)
-                 L<<Logger::Warning<<"Discarding unexpected packet from "<<sockAddrToString((struct sockaddr_in*) &fromaddr, addrlen)<<"\n";
-               g_stats.spoofedCount++;
+                 L<<Logger::Warning<<"Discarding unexpected packet from "<<sockAddrToString((struct sockaddr_in*) &fromaddr, addrlen)<<endl;
+               g_stats.unexpectedCount++;
              }
            }
            else 
index f20a33d9e393367a9a7a1897079926f796bfdb23..391a4efa402cfdd62004992d744af08cd1d2f307 100644 (file)
@@ -358,7 +358,7 @@ struct RecursorStats
   uint64_t tcpClientOverflow;
   uint64_t clientParseError;
   uint64_t serverParseError;
-  uint64_t spoofedCount;
+  uint64_t unexpectedCount;
 };
 
 extern RecursorStats g_stats;