From 505fde600c69656b97fb0d0b535cf8e747746d67 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Mon, 6 Mar 2017 15:06:26 +0100
Subject: [PATCH] Stubresolver: Use only `resolver` setting if given

Use resolv.conf otherwise. Also, do not use 127.0.0.1:53 as fallback,
as this could be ourselves.

Closes #4655

(cherry picked from commit 2b78726c6c9edd48c0905e44af9f88b5299dad75)
---
 docs/markdown/authoritative/howtos.md |   2 +
 pdns/dnsproxy.cc                      |   5 +-
 pdns/stubresolver.cc                  | 100 +++++++++++++++-----------
 pdns/stubresolver.hh                  |   1 +
 4 files changed, 64 insertions(+), 44 deletions(-)

diff --git a/docs/markdown/authoritative/howtos.md b/docs/markdown/authoritative/howtos.md
index 9dd164594..a2cdb537d 100644
--- a/docs/markdown/authoritative/howtos.md
+++ b/docs/markdown/authoritative/howtos.md
@@ -161,6 +161,8 @@ setting to an existing resolver:
 recursor=[::1]:5300
 ```
 
+**note**: If `resolver` is unset, ALIAS expension is disabled!
+
 and add the ALIAS record to your zone apex. e.g.:
 
 ```
diff --git a/pdns/dnsproxy.cc b/pdns/dnsproxy.cc
index d29a76ab9..ea1d714e5 100644
--- a/pdns/dnsproxy.cc
+++ b/pdns/dnsproxy.cc
@@ -42,7 +42,10 @@ DNSProxy::DNSProxy(const string &remote)
   d_resanswers=S.getPointer("recursing-answers");
   d_resquestions=S.getPointer("recursing-questions");
   d_udpanswers=S.getPointer("udp-answers");
-  ComboAddress remaddr(remote, 53);
+
+  vector<string> addresses;
+  stringtok(addresses, remote, " ,\t");
+  ComboAddress remaddr(addresses[0], 53);
   
   if((d_sock=socket(remaddr.sin4.sin_family, SOCK_DGRAM,0))<0)
     throw PDNSException(string("socket: ")+strerror(errno));
diff --git a/pdns/stubresolver.cc b/pdns/stubresolver.cc
index e1a8935f9..ddc05ead6 100644
--- a/pdns/stubresolver.cc
+++ b/pdns/stubresolver.cc
@@ -14,71 +14,85 @@
 #include "statbag.hh"
 #include "stubresolver.hh"
 
-// s_stubresolvers contains the ComboAddresses that are used by
+// s_resolversForStub contains the ComboAddresses that are used by
 // stubDoResolve
-static vector<ComboAddress> s_stubresolvers;
+static vector<ComboAddress> s_resolversForStub;
 
-/** Parse /etc/resolv.conf and add the nameservers to the vector
- * s_stubresolvers.
+/*
+ * Returns false if no resolvers are configured, while emitting a warning about this
+ */
+bool resolversDefined()
+{
+  if (s_resolversForStub.empty()) {
+    L<<Logger::Warning<<"No upstream resolvers configured, stub resolving (including secpoll and ALIAS) impossible."<<endl;
+    return false;
+  }
+  return true;
+}
+
+/*
+ * Fill the s_resolversForStub vector with addresses for the upstream resolvers.
+ * First, parse the `resolver` configuration option for IP addresses to use.
+ * If that doesn't work, parse /etc/resolv.conf and add those nameservers to
+ * s_resolversForStub.
  */
 void stubParseResolveConf()
 {
-  ifstream ifs("/etc/resolv.conf");
-  if(!ifs)
-    return;
-
-  string line;
-  while(std::getline(ifs, line)) {
-    boost::trim_right_if(line, is_any_of(" \r\n\x1a"));
-    boost::trim_left(line); // leading spaces, let's be nice
-
-    string::size_type tpos = line.find_first_of(";#");
-    if(tpos != string::npos)
-      line.resize(tpos);
-
-    if(boost::starts_with(line, "nameserver ") || boost::starts_with(line, "nameserver\t")) {
-      vector<string> parts;
-      stringtok(parts, line, " \t,"); // be REALLY nice
-      for(vector<string>::const_iterator iter = parts.begin()+1; iter != parts.end(); ++iter) {
-        try {
-          s_stubresolvers.push_back(ComboAddress(*iter, 53));
-        }
-        catch(...)
-        {
+  if(::arg().mustDo("recursor")) {
+    vector<string> parts;
+    stringtok(parts, ::arg()["recursor"], " ,\t");
+    for (const auto& addr : parts)
+      s_resolversForStub.push_back(ComboAddress(addr, 53));
+  }
+
+  if (s_resolversForStub.empty()) {
+    ifstream ifs("/etc/resolv.conf");
+    if(!ifs)
+      return;
+
+    string line;
+    while(std::getline(ifs, line)) {
+      boost::trim_right_if(line, is_any_of(" \r\n\x1a"));
+      boost::trim_left(line); // leading spaces, let's be nice
+
+      string::size_type tpos = line.find_first_of(";#");
+      if(tpos != string::npos)
+        line.resize(tpos);
+
+      if(boost::starts_with(line, "nameserver ") || boost::starts_with(line, "nameserver\t")) {
+        vector<string> parts;
+        stringtok(parts, line, " \t,"); // be REALLY nice
+        for(vector<string>::const_iterator iter = parts.begin()+1; iter != parts.end(); ++iter) {
+          try {
+            s_resolversForStub.push_back(ComboAddress(*iter, 53));
+          }
+          catch(...)
+          {
+          }
         }
       }
     }
   }
-
-  if(::arg().mustDo("recursor"))
-    s_stubresolvers.push_back(ComboAddress(::arg()["recursor"], 53));
-
-  // Last resort, add 127.0.0.1
-  if(s_stubresolvers.empty()) {
-    s_stubresolvers.push_back(ComboAddress("127.0.0.1", 53));
-  }
 }
 
 // s_stubresolvers contains the ComboAddresses that are used to resolve the
-int stubDoResolve(const string& qname, uint16_t qtype, vector<DNSResourceRecord>& ret)
-{
+int stubDoResolve(const string& qname, uint16_t qtype, vector<DNSResourceRecord>& ret) {
+  // Emit a warning if there are no stubs.
+  resolversDefined();
+
   vector<uint8_t> packet;
 
   DNSPacketWriter pw(packet, DNSName(qname), qtype);
   pw.getHeader()->id=dns_random(0xffff);
   pw.getHeader()->rd=1;
-  if (s_stubresolvers.empty()) {
-    L<<Logger::Warning<<"No recursors set, stub resolving (including secpoll and ALIAS) impossible."<<endl;
-    return RCode::ServFail;
-  }
 
   string msg ="Doing stub resolving, using resolvers: ";
-  for (const auto& server : s_stubresolvers) {
+  for (const auto& server : s_resolversForStub) {
     msg += server.toString() + ", ";
   }
   L<<Logger::Debug<<msg.substr(0, msg.length() - 2)<<endl;
 
-  for(ComboAddress& dest :  s_stubresolvers) {
+  for(ComboAddress& dest :  s_resolversForStub) {
     Socket sock(dest.sin4.sin_family, SOCK_DGRAM);
     sock.setNonBlocking();
     sock.sendTo(string(packet.begin(), packet.end()), dest);
@@ -117,4 +131,4 @@ int stubDoResolve(const string& qname, uint16_t qtype, vector<DNSResourceRecord>
     return mdp.d_header.rcode;
   }
   return RCode::ServFail;
-}
\ No newline at end of file
+}
diff --git a/pdns/stubresolver.hh b/pdns/stubresolver.hh
index cb1620ca2..46a7075af 100644
--- a/pdns/stubresolver.hh
+++ b/pdns/stubresolver.hh
@@ -25,3 +25,4 @@
 
 void stubParseResolveConf();
 int stubDoResolve(const string& qname, uint16_t qtype, vector<DNSResourceRecord>& ret);
+bool resolversDefined();
-- 
2.40.0