148
149
int dns_records_served = 0; /* The number of DNS records we are serving */
151
js_string *notthere_ip = 0; /* The Class + TTL (0) + Rdlength (4)
152
* + IP (The IP the user wants) for synthetic
153
* IPs when they mistype a domain name or some
154
* such (Sponsored by XeroBank). */
156
int recursion_enabled = 0; /* Whether we have recursion */
150
158
/* A list of who is and who is not allowed to make recursive DNS queries */
151
159
ipv4pair recurse_acl[512];
152
160
/* A list of the ipv4 IP addresses we bind MaraDNS to (the netmask portion is
364
/* This function returns an appropriate RA (Recursion available) value.
365
* If the user has not set "recursive_acl", this will always return 0.
366
* If the argument give to this is 0, return zero. Otherwise, return 1
369
int calc_ra_value(int want_ra) {
373
if(recursion_enabled == 0) {
377
#endif /* AUTHONLY */
380
/* This function prepares the notthere_ip string so that it we can quickly
381
* make synthetic IPs. Basically, the string is most of the DNS header and
382
* data for the generated synthetic IP, in this form:
384
* Dname: 2-byte compression pointer to question (0xc00c)
385
* Class (16-bit): 1 (Internet)
386
* TTL: 0 (Not to be cached)
387
* Rdlength: 4 (4-byte IP)
388
* Rddata: The dotted-decimal IP given to the function converted in to raw
391
* Input: A js_string containing the dotted-decimal IP we will convert
392
* Output: A js_string containing the above raw data
395
js_string *make_notthere_ip(js_string *ddip) {
398
out = js_create(19,1);
402
ip = js_create(10,1);
407
if(js_adduint16(out,0xc00c) == JS_ERROR || /* Hostname (compressed) */
408
js_adduint16(out,1) == JS_ERROR || /* TYPE (A) */
409
js_adduint16(out,1) == JS_ERROR || /* CLASS */
410
js_adduint16(out,0) == JS_ERROR || /* TTL pt. 1 */
411
js_adduint16(out,0) == JS_ERROR || /* TTL pt. 2 */
412
js_adduint16(out,4) == JS_ERROR) { /* Rdlength */
417
if(ddip_2_ip(ddip,ip,0) == JS_ERROR) {
422
if(js_append(ip,out) == JS_ERROR) {
356
431
/* Calculate the TTL age given the expire time (absolute time) and
357
432
the ttl (relative time)
358
433
Input: Exprire time, TTL in question
1795
/* Create a bogus 0-TTL ip answer if we give out these answers instead
1796
* of SOA answers/NXDOMAINS for non-existant addresses */
1798
int make_notthere_reply(int id, int sock, struct sockaddr_in *client,
1799
js_string *query, int rd_val, conn *ect) {
1802
int len_inet = sizeof(struct sockaddr);
1804
init_header(&header);
1805
header.rd = rd_val; /* RDBUG make_notthere_reply */
1810
header.ra = calc_ra_value(rd_val);
1812
header.rcode = 0; /* We "found" something */
1813
/* We return just a single 0-ttl IP */
1814
header.qdcount = 1; /* Echo the question in the answer */
1818
if((most = js_create(520,1)) == 0) {
1821
make_hdr(&header,most);
1823
js_append(query,most);
1824
js_adduint16(most,1); /* Class: 1 */
1826
js_append(notthere_ip,most);
1828
/* Send answer over UDP */
1830
sendto(sock,most->string,most->unit_count,0,
1831
(struct sockaddr *)client,len_inet);
1833
mara_send(ect,sock,most);
1720
1840
/* If we have a NXDOMAIN, deliver that record on the udp packet.
1721
1841
* Input: where: A pointer to the rr in question (the SOA record),
1771
1891
always_not_there = 4;
1894
if(js_has_sanity(query) == JS_ERROR) {
1897
first_rr_type = get_rtype(query);
1899
/* See if notthere_ip is set, they are using recursion, and
1900
* that they want an IP */
1901
if(notthere_ip != 0 && (recursive_call & 1) == 1 && first_rr_type == 1) {
1902
/* If so, give them a synthetic IP reply */
1903
return make_notthere_reply(id, sock, client, query, rd_val,
1774
1907
/* Initialize the js_string objects */
1775
1908
if((most = js_create(1024,1)) == 0)
1776
1909
return JS_ERROR;
1803
1936
if(js_has_sanity(where->data) == JS_ERROR) {
1804
1937
goto giveerror;
1806
if(js_has_sanity(query) == JS_ERROR) {
1809
first_rr_type = get_rtype(query);
1811
1941
/* We have to add this header here--authoritative depends on the
1812
1942
authorative status of the first record we find */
1893
2023
header.opcode = 0;
1894
2024
header.tc = 0; /* To do: truncation handling */
1895
2025
header.rd = rd_val; /* RDBUG udpnotfound */
2026
header.ra = calc_ra_value(rd_val);
1898
2028
/* Code that verifies that this host does not exist in
1899
2029
any class. If so, then we give them a rcode of NXDOMAIN_RCODE.
3762
3892
int cache_size;
3763
3893
int min_ttl_n = 300, min_ttl_c = 300;
3764
3894
int timestamp_type = 5; /* Type of timestamp */
3765
int recursion_enabled = 0; /* Whether we have recursion */
3766
3895
#ifndef AUTHONLY
3767
3896
int max_glueless; /* Maximum allowed glueless level */
3768
3897
int max_q_total; /* Maximum total queries in attempt to resolve hostname */
3926
4053
init_rlog_level(log_level);
4056
/* If they want a synthetic IP given when the recursive resolver would
4057
* otherwise give a SOA "not there" record (or when it's impossible to
4058
* contact an upstream_server if handle_noreply is appropriately set),
4059
* prepare most of the synthetic answer we will give them. */
4060
verbstr = read_string_kvar("notthere_ip");
4062
notthere_ip = make_notthere_ip(verbstr);
4063
js_destroy(verbstr);
3929
4067
/* Determine if we will handle star records the way BIND does:
3930
4068
. If a non-A record for foo.example.com exists
3931
4069
. And an A record for *.example.com exists
4268
4405
harderror(L_CHROOT_NT); /* "Problem making chroot nt string.\nMake sure the chroot directory is 200 chars or less" */
4269
4406
if(chdir((char *)chroot_zt) != 0)
4270
4407
sys_harderror(L_CHROOT_CHANGE); /* "Problem changing to chroot dir.\nMake sure chroot_dir points to a valid directory" */
4408
#if ! (defined __CYGWIN__ || defined QNX)
4272
4409
if(chroot((char *)chroot_zt) != 0)
4273
4410
sys_harderror(L_CHROOT_DO); /* "Problem changing the root directory." */