1 |
This patch change djbdns's dnscache program so that it will ignore the |
2 |
IP address given in the ignoreip file. I wrote this patch because of |
3 |
Verisign's oh-so helpful wildcard A record for *.COM and *.NET. |
4 |
|
5 |
If you have djbdns-1.05-ignoreip.patch installed, back it out like this: |
6 |
cd /usr/local/src/djbdns-1.05 |
7 |
patch -R <djbdns-1.05-ignoreip.patch |
8 |
|
9 |
Install the patch like this: |
10 |
cd /usr/local/src/djbdns-1.05 |
11 |
patch <djbdns-1.05-ignoreip2.patch |
12 |
svc -d /service/dnscache |
13 |
make setup check |
14 |
svc -u /service/dnscache |
15 |
|
16 |
Configure it to ignore Verisign's wildcard record like this: |
17 |
echo 64.94.110.11 >/service/dnscache/root/ignoreip |
18 |
svc -t /service/dnscache |
19 |
|
20 |
Configure it to ignore all the cretins like this: |
21 |
awk '{print $2}' <<EOF >/service/dnscache/root/ignoreip |
22 |
*.ac 194.205.62.122 |
23 |
*.cc 206.253.214.102 |
24 |
*.com 64.94.110.11 |
25 |
*.cx 219.88.106.80 |
26 |
*.museum 195.7.77.20 |
27 |
*.net 64.94.110.11 |
28 |
*.nu 64.55.105.9 |
29 |
and 212.181.91.6 |
30 |
*.ph 203.119.4.6 |
31 |
*.sh 194.205.62.62 |
32 |
*.tm 194.205.62.62 |
33 |
*.ws 216.35.187.246 |
34 |
EOF |
35 |
svc -t /service/dnscache |
36 |
|
37 |
J.P. Larocque contributes a script which updates root/ignoreip: |
38 |
http://ely.ath.cx/~piranha/software/ignoreip-update/ignoreip-update-0.1 |
39 |
|
40 |
If root/ignoreip is not present, no addresses will be ignored. |
41 |
|
42 |
-- |
43 |
--My blog is at angry-economist.russnelson.com | Free markets express in the |
44 |
Crynwr sells support for free software | PGPok | practical world our belief |
45 |
521 Pleasant Valley Rd. | +1 315 268 1925 voice | that there is that of God |
46 |
Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | in all people. -Chris V. |
47 |
|
48 |
|
49 |
--- a/dnscache.c |
50 |
+++ b/dnscache.c |
51 |
@@ -24,6 +24,8 @@ |
52 |
#include "okclient.h" |
53 |
#include "droproot.h" |
54 |
|
55 |
+stralloc ignoreip = {0}; |
56 |
+ |
57 |
static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2]) |
58 |
{ |
59 |
unsigned int pos; |
60 |
@@ -390,6 +392,7 @@ char seed[128]; |
61 |
int main() |
62 |
{ |
63 |
char *x; |
64 |
+ unsigned int i, j, k; |
65 |
unsigned long cachesize; |
66 |
|
67 |
signal(SIGPIPE, SIG_IGN); |
68 |
@@ -433,6 +436,20 @@ int main() |
69 |
if (!cache_init(cachesize)) |
70 |
strerr_die3x(111,FATAL,"not enough memory for cache of size ",x); |
71 |
|
72 |
+ if (openreadclose("ignoreip",&ignoreip,64) < 0) |
73 |
+ strerr_die2x(111,FATAL,"trouble reading ignoreip"); |
74 |
+ for(j = k = i = 0; i < ignoreip.len; i++) |
75 |
+ if (ignoreip.s[i] == '\n') { |
76 |
+ ignoreip.s[i] = '\0'; |
77 |
+ if (j + 4 > i) |
78 |
+ strerr_die3x(111,FATAL,"badly malformed ip4 address ",ignoreip.s+k); |
79 |
+ if (!ip4_scan(ignoreip.s+k,ignoreip.s+j)) |
80 |
+ strerr_die3x(111,FATAL,"unable to parse address in ignoreip ",ignoreip.s+k); |
81 |
+ j += 4; |
82 |
+ k = i + 1; |
83 |
+ } |
84 |
+ ignoreip.len = j; |
85 |
+ |
86 |
if (env_get("HIDETTL")) |
87 |
response_hidettl(); |
88 |
if (env_get("FORWARDONLY")) |
89 |
--- a/query.c |
90 |
+++ b/query.c |
91 |
@@ -13,6 +13,8 @@ |
92 |
#include "response.h" |
93 |
#include "query.h" |
94 |
|
95 |
+extern stralloc ignoreip; |
96 |
+ |
97 |
static int flagforwardonly = 0; |
98 |
|
99 |
void query_forwardonly(void) |
100 |
@@ -173,6 +175,7 @@ static int smaller(char *buf,unsigned in |
101 |
|
102 |
static int doit(struct query *z,int state) |
103 |
{ |
104 |
+ unsigned int ii; |
105 |
char key[257]; |
106 |
char *cached; |
107 |
unsigned int cachedlen; |
108 |
@@ -662,6 +665,9 @@ static int doit(struct query *z,int stat |
109 |
pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE; |
110 |
if (byte_equal(header + 8,2,"\0\4")) { |
111 |
pos = dns_packet_copy(buf,len,pos,header,4); if (!pos) goto DIE; |
112 |
+ if (ignoreip.len) |
113 |
+ for(ii = 0; ii < ignoreip.len; ii+= 4) |
114 |
+ if (byte_equal(header,4,ignoreip.s+ii)) goto NXDOMAIN; |
115 |
save_data(header,4); |
116 |
log_rr(whichserver,t1,DNS_T_A,header,4,ttl); |
117 |
} |