Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#include "common_startup.hh"
-
+bool g_anyToTcp;
typedef Distributor<DNSPacket,DNSPacket,PacketHandler> DNSDistributor;
int avg_latency;
TCPNameserver *TN;
-bool g_anyToTCP;
+
ArgvMap &arg()
{
::arg().setSwitch("webserver","Start a webserver for monitoring")="no";
::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
+ ::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="no";
::arg().set("edns-subnet-option-number","EDNS option number to use")="20730";
::arg().set("webserver-address","IP Address of webserver to listen on")="127.0.0.1";
::arg().set("webserver-port","Port of webserver to listen on")="8081";
int newuid=0;
if(!::arg()["setuid"].empty())
newuid=Utility::makeUidNumeric(::arg()["setuid"]);
-
+ g_anyToTcp = ::arg().mustDo("any-to-tcp");
DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
-
+
#ifndef WIN32
-
if(!::arg()["chroot"].empty()) {
if(::arg().mustDo("master") || ::arg().mustDo("slave"))
gethostbyname("a.root-servers.net"); // this forces all lookup libraries to be loaded
L<<Logger::Error<<"Chrooted to '"<<::arg()["chroot"]<<"'"<<endl;
}
#endif
+
StatWebServer sws;
Utility::dropPrivs(newuid, newgid);
extern UDPNameserver *N;
extern int avg_latency;
extern TCPNameserver *TN;
-
-
extern ArgvMap & arg( void );
extern void declareArguments();
extern void declareStats();
extern void mainthread();
extern int isGuarded( char ** );
+extern bool g_anyToTcp;
+
#endif // COMMON_STARTUP_HH
recursion from everywhere. Example: <command>allow-recursion=192.168.0.0/24, 10.0.0.0/8, 1.2.3.4</command>.
</para>
</listitem></varlistentry>
+ <varlistentry><term>any-to-tcp | any-to-tcp=yes | any-to-tcp=no</term>
+ <listitem><para>
+ Answer questions for the ANY type on UDP with a truncated packet that refers the
+ remote server to TCP. Useful for mitigating ANY reflection attacks. Defaults to off. Available since 3.3.
+ </para></listitem></varlistentry>
<varlistentry><term>cache-ttl=...</term>
<listitem><para>
Seconds to store packets in the PacketCache. See <xref linkend="packetcache"/>.
#include "communicator.hh"
#include "dnsproxy.hh"
#include "version.hh"
+#include "common_startup.hh"
#if 0
#undef DLOG
#define DLOG(x) x
#endif
-
-extern StatBag S;
-extern PacketCache PC;
-extern CommunicatorClass Communicator;
-extern DNSProxy *DP;
-
+
AtomicCounter PacketHandler::s_count;
extern string s_programname;
return r;
}
- L<<Logger::Warning<<"Query for '"<<p->qdomain<<"' "<<p->qtype.getName()<<" from "<<p->getRemote()<<endl;
+ // L<<Logger::Warning<<"Query for '"<<p->qdomain<<"' "<<p->qtype.getName()<<" from "<<p->getRemote()<< " (tcp="<<p->d_tcp<<")"<<endl;
r->d.ra = (p->d.rd && d_doRecursion && DP->recurseFor(p)); // make sure we set ra if rd was set, and we'll do it
if(doVersionRequest(p,r,target)) // catch version.bind requests
goto sendit;
- if(p->qtype.getCode() == QType::ANY) {
- cerr<<"Shunted it to TCP.."<<endl;
+ if(p->qtype.getCode() == QType::ANY && !p->d_tcp && g_anyToTcp) {
r->d.tc = 1;
r->commitD();
return r;
#
# allow-recursion=0.0.0.0/0
+#################################
+# any-to-tcp Answer ANY queries with tc=1, shunting to TCP
+#
+# any-to-tcp=no
+
#################################
# cache-ttl Seconds to store packets in the PacketCache
#
projects / pdns / commitdiff