::arg().setSwitch("webserver","Start a webserver for monitoring")="no";
::arg().setSwitch("webserver-print-arguments","If the webserver should print arguments")="no";
::arg().setSwitch("edns-subnet-processing","If we should act on EDNS Subnet options")="no";
+ ::arg().set("edns-subnet-option-numbers","Comma separated list of whitelisted non-standard EDNS subnet option codes (8 is always included)")="20730";
::arg().setSwitch("any-to-tcp","Answer ANY queries with tc=1, shunting to TCP")="no";
- ::arg().set("edns-subnet-option-number","EDNS option number to use")="20730";
::arg().set("webserver-address","IP Address of webserver to listen on")="127.0.0.1";
::arg().set("webserver-port","Port of webserver to listen on")="8081";
::arg().set("webserver-password","Password required for accessing the webserver")="";
g_anyToTcp = ::arg().mustDo("any-to-tcp");
g_addSuperfluousNSEC3 = ::arg().mustDo("add-superfluous-nsec3-for-old-bind");
DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
-
+ {
+ std::vector<std::string> codes;
+ stringtok(codes, ::arg()["edns-subnet-option-numbers"], "\t ,");
+ BOOST_FOREACH(std::string &code, codes) {
+ DNSPacket::s_ednssubnetcodes.push_back(boost::lexical_cast<int>(code));
+ }
+ }
#ifndef WIN32
if(!::arg()["chroot"].empty()) {
if(::arg().mustDo("master") || ::arg().mustDo("slave"))
#include "ednssubnet.hh"
bool DNSPacket::s_doEDNSSubnetProcessing;
-
+std::vector<int> DNSPacket::s_ednssubnetcodes;
+
DNSPacket::DNSPacket()
{
d_wrapped=false;
eso.scope = Netmask(eso.source.getNetwork(), maxScopeMask);
string opt = makeEDNSSubnetOptsString(eso);
- if (::arg().mustDo("edns-subnet-option-number") && ::arg().asNum("edns-subnet-option-number") != 8)
- opts.push_back(make_pair(::arg().asNum("edns-subnet-option-number"), opt));
- opts.push_back(make_pair(8, opt)); // 'EDNS SUBNET'
+ opts.push_back(make_pair(d_ednssubnetcode, opt)); // 'EDNS SUBNET'
}
if(!opts.empty() || d_haveednssection || d_dnssecOk)
else if(iter->first == 5) {// 'EDNS PING'
d_ednsping = iter->second;
}
- else if(s_doEDNSSubnetProcessing && (iter->first == 8 || iter->first == ::arg().asNum("edns-subnet-option-number"))) { // 'EDNS SUBNET'
+ else if(s_doEDNSSubnetProcessing && (iter->first == 8 || std::find(s_ednssubnetcodes.begin(), s_ednssubnetcodes.end(), iter->first) != s_ednssubnetcodes.end())) { // 'EDNS SUBNET'
if(getEDNSSubnetOptsFromString(iter->second, &d_eso)) {
//cerr<<"Parsed, source: "<<d_eso.source.toString()<<", scope: "<<d_eso.scope.toString()<<", family = "<<d_eso.scope.getNetwork().sin4.sin_family<<endl;
d_haveednssubnet=true;
+ d_ednssubnetcode=iter->first;
}
}
else {
vector<DNSResourceRecord>& getRRS() { return d_rrs; }
TSIGRecordContent d_trc;
static bool s_doEDNSSubnetProcessing;
+ static std::vector<int> s_ednssubnetcodes;
private:
void pasteQ(const char *question, int length); //!< set the question of this packet, useful for crafting replies
string d_ednsping;
bool d_wantsnsid;
bool d_haveednssubnet;
+ int d_ednssubnetcode;
bool d_haveednssection;
EDNSSubnetOpts d_eso;
string d_tsigsecret;
projects / pdns / commitdiff