make sure we are more query class safe, so auth now only replies to version.bind...

author Bert Hubert <bert.hubert@netherlabs.nl>

Sat, 11 Sep 2010 10:13:25 +0000 (10:13 +0000)

committer Bert Hubert <bert.hubert@netherlabs.nl>

Sat, 11 Sep 2010 10:13:25 +0000 (10:13 +0000)
author Bert Hubert <bert.hubert@netherlabs.nl>
Sat, 11 Sep 2010 10:13:25 +0000 (10:13 +0000)
committer Bert Hubert <bert.hubert@netherlabs.nl>
Sat, 11 Sep 2010 10:13:25 +0000 (10:13 +0000)
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc

index 10585c0c53fa24a94fe7bd57a2d2e7ef2b8e5f63..7d7fc5c7a1c4dc8eabf1da37e4998fbaf5f3741b 100644 (file)
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -290,7 +290,7 @@ void DNSPacket::setCompress(bool compress)
  
  bool DNSPacket::couldBeCached()
  {
-  return d_ednsping.empty() && !d_wantsnsid;
+  return d_ednsping.empty() && !d_wantsnsid && qclass==QClass::IN;
  }
  
  /** Must be called before attempting to access getData(). This function stuffs all resource
@@ -325,7 +325,7 @@ void DNSPacket::wrapup(void)
    d_wrapped=true;
  
    vector<uint8_t> packet;
-  DNSPacketWriter pw(packet, qdomain, qtype.getCode(), 1);
+  DNSPacketWriter pw(packet, qdomain, qtype.getCode(), qclass);
  
    pw.getHeader()->rcode=d.rcode;
    pw.getHeader()->aa=d.aa;
@@ -376,7 +376,8 @@ void DNSPacket::wrapup(void)
           if(pos->auth)
             toSign.push_back(drc);
         }
-       pw.startRecord(pos->qname, pos->qtype.getCode(), pos->ttl, 1, (DNSPacketWriter::Place)pos->d_place); 
+       
+       pw.startRecord(pos->qname, pos->qtype.getCode(), pos->ttl, pos->qclass, (DNSPacketWriter::Place)pos->d_place); 
  
          drc->toPacket(pw);
         
@@ -463,6 +464,7 @@ DNSPacket *DNSPacket::replyPacket() const
    r->d_tcp = d_tcp;
    r->qdomain = qdomain;
    r->qtype = qtype;
+  r->qclass = qclass;
    r->d_maxreplylen = d_maxreplylen;
    r->d_ednsping = d_ednsping;
    r->d_wantsnsid = d_wantsnsid;
diff --git a/pdns/packetcache.cc b/pdns/packetcache.cc

index 026c641369095550a6e4ef619858e0d9cea3df83..e57a3d903f36f3c2cd29ed3dd136a4f5feb76dfe 100644 (file)
--- a/pdns/packetcache.cc
+++ b/pdns/packetcache.cc
@@ -119,6 +119,9 @@ void PacketCache::insert(DNSPacket *q, DNSPacket *r)
      return; // do not try to cache packets with multiple questions
    }
  
+  if(q->qclass != QClass::IN) // we only cache the INternet
+    return;
+
    bool packetMeritsRecursion=d_doRecursion && q->d.rd;
  
    insert(q->qdomain, q->qtype, PacketCache::PACKETCACHE, r->getString(), packetMeritsRecursion ? d_recursivettl : d_ttl, -1, packetMeritsRecursion);
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index 81f6fca9a1f0e6286ea012a7bfc5a0e70caee384..e8cb29d5c47289de031902fa96ac1bf1ded8d69e 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -266,7 +266,8 @@ int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target)
    
    // modes: anonymous, powerdns only, full, spoofed
    const string mode=::arg()["version-string"];
-  if(p->qtype.getCode()==QType::TXT && target=="version.bind") {// TXT
+  
+  if(p->qclass == QClass::CHAOS && p->qtype.getCode()==QType::TXT && target=="version.bind") {// TXT
      if(mode.empty() || mode=="full") 
        rr.content="Served by POWERDNS "VERSION" $Id$";
      else if(mode=="anonymous") {
@@ -280,7 +281,8 @@ int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target)
  
      rr.ttl=5;
      rr.qname=target;
-    rr.qtype=QType::TXT; // TXT
+    rr.qtype=QType::TXT; 
+    rr.qclass=QClass::CHAOS; 
      r->addRecord(rr);
      
      return 1;
@@ -1152,7 +1154,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
  
      if(p->qclass==255) // any class query 
        r->setA(false);
-    else if(p->qclass!=1) // we only know about IN, so we don't find anything
+    else if(p->qclass != QClass::IN) // we only know about IN, so we don't find anything
        goto sendit;
  
    retargeted:;
@@ -1215,7 +1217,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
        rrset.push_back(rr);
      }
  
-    cerr<<"After first ANY query: weDone="<<weDone<<", weHaveUnauth="<<weHaveUnauth<<", weRedirected="<<weRedirected<<endl;
+    //cerr<<"After first ANY query: weDone="<<weDone<<", weHaveUnauth="<<weHaveUnauth<<", weRedirected="<<weRedirected<<endl;
  
      if(rrset.empty()) {
        // try wildcards, and if they don't work, go look for NS records
diff --git a/pdns/qtype.hh b/pdns/qtype.hh

index e34597906736cbd431c07c47ad815fe877a79aa3..9e54fc14ba590c55f0cd64c25fc0488dd67cdd1d 100644 (file)
--- a/pdns/qtype.hh
+++ b/pdns/qtype.hh
@@ -86,5 +86,8 @@ private:
    static bool uninit;
  };
  
-
+struct QClass
+{
+       enum QClassEnum {IN=1, CHAOS=3};
+};
  #endif
author	Bert Hubert <bert.hubert@netherlabs.nl>
	Sat, 11 Sep 2010 10:13:25 +0000 (10:13 +0000)
committer	Bert Hubert <bert.hubert@netherlabs.nl>
	Sat, 11 Sep 2010 10:13:25 +0000 (10:13 +0000)
pdns/dnspacket.cc		patch \| blob \| history
pdns/packetcache.cc		patch \| blob \| history
pdns/packethandler.cc		patch \| blob \| history
pdns/qtype.hh		patch \| blob \| history