return nullptr;
}
+uint16_t getRandomDNSID()
+{
+#ifdef HAVE_LIBSODIUM
+ return (randombytes_random() % 65536);
+#else
+ return (random() % 65536);
+#endif
+}
+
static bool upCheck(DownstreamState& ds)
try
{
memset(&checkHeader, 0, sizeof(checkHeader));
checkHeader.qdcount = htons(1);
-#ifdef HAVE_LIBSODIUM
- checkHeader.id = randombytes_random() % 65536;
-#else
- checkHeader.id = random() % 65536;
-#endif
+ checkHeader.id = getRandomDNSID();
checkHeader.rd = true;
if (ds.setCD) {
checkHeader.cd = true;
}
-
if (ds.checkFunction) {
std::lock_guard<std::mutex> lock(g_luamutex);
auto ret = ds.checkFunction(checkName, checkType, checkClass, &checkHeader);
["AS_ESCAPE([-I$(top_builddir) -I$(top_srcdir)]) -Wall -O3 -pthread $BOOST_CPPFLAGS"]
)
+AC_ARG_VAR(PACKAGEVERSION, [The version used in secpoll queries])
+AS_IF([test "x$PACKAGEVERSION" != "x"],
+ [AC_DEFINE_UNQUOTED([PACKAGEVERSION], "$PACKAGEVERSION", [Set to the package version used for secpoll])]
+)
+
AC_CONFIG_FILES([Makefile
ext/yahttp/Makefile
ext/yahttp/yahttp/Makefile])
#include "misc.hh"
#include "sstuff.hh"
+#include "dnsdist.hh"
#include "dnsdist-secpoll.hh"
+#ifndef PACKAGEVERSION
+#define PACKAGEVERSION PACKAGE_VERSION
+#endif
+
static std::string getFirstTXTAnswer(const std::string& answer)
{
if (answer.size() <= sizeof(struct dnsheader)) {
static std::string getSecPollStatus(const std::string& queriedName, int timeout=2)
{
+ const DNSName& sentName = DNSName(queriedName);
vector<uint8_t> packet;
- DNSPacketWriter pw(packet, DNSName(queriedName), QType::TXT);
-#ifdef HAVE_LIBSODIUM
- pw.getHeader()->id = randombytes_random() % 65536;
-#else
- pw.getHeader()->id = random() % 65536;
-#endif
+ DNSPacketWriter pw(packet, sentName, QType::TXT);
+ pw.getHeader()->id = getRandomDNSID();
pw.getHeader()->rd = 1;
const auto& resolversForStub = getResolvers("/etc/resolv.conf");
continue;
}
+ uint16_t receivedType;
+ uint16_t receivedClass;
+ DNSName receivedName(reply.c_str(), reply.size(), sizeof(dnsheader), false, &receivedType, &receivedClass);
+
+ if (receivedName != sentName || receivedType != QType::TXT || receivedClass != QClass::IN) {
+ if (g_verbose) {
+ warnlog("Invalid answer, either the qname (%s / %s), qtype (%s / %s) or qclass (%d / %d) does not match, received from the secpoll stub resolver %s", receivedName, sentName, QType(receivedType).getName(), QType(QType::TXT).getName(), receivedClass, QClass::IN, dest.toString());
+ }
+ continue;
+ }
+
return getFirstTXTAnswer(reply);
}
return;
}
- const std::string pkgv(PACKAGE_VERSION);
+ const std::string pkgv(PACKAGEVERSION);
bool releaseVersion = pkgv.find("0.0.") != 0;
struct timeval now;
gettimeofday(&now, 0);
- const std::string version = "dnsdist-" + std::string(VERSION);
+ const std::string version = "dnsdist-" + std::string(PACKAGEVERSION);
std::string queriedName = version.substr(0, 63) + ".security-status." + suffix;
if (*queriedName.rbegin() != '.') {
projects / pdns / commitdiff