Use the new insecure-lan-zones option instead of listing each AS112 zone
separately. MFC after: 3 days
This commit is contained in:
commit
0de4f1bf64
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=295535
@ -95,7 +95,7 @@ PYUNBOUND_SRC=
|
|||||||
# libunbound_wrap.lo if python libunbound wrapper enabled.
|
# libunbound_wrap.lo if python libunbound wrapper enabled.
|
||||||
PYUNBOUND_OBJ=@PYUNBOUND_OBJ@
|
PYUNBOUND_OBJ=@PYUNBOUND_OBJ@
|
||||||
COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \
|
COMMON_SRC=services/cache/dns.c services/cache/infra.c services/cache/rrset.c \
|
||||||
util/data/dname.c util/data/msgencode.c util/data/msgparse.c \
|
util/as112.c util/data/dname.c util/data/msgencode.c util/data/msgparse.c \
|
||||||
util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \
|
util/data/msgreply.c util/data/packed_rrset.c iterator/iterator.c \
|
||||||
iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \
|
iterator/iter_delegpt.c iterator/iter_donotq.c iterator/iter_fwd.c \
|
||||||
iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \
|
iterator/iter_hints.c iterator/iter_priv.c iterator/iter_resptype.c \
|
||||||
@ -113,7 +113,7 @@ validator/val_neg.c validator/val_nsec3.c validator/val_nsec.c \
|
|||||||
validator/val_secalgo.c validator/val_sigcrypt.c \
|
validator/val_secalgo.c validator/val_sigcrypt.c \
|
||||||
validator/val_utils.c dns64/dns64.c $(CHECKLOCK_SRC) $(DNSTAP_SRC)
|
validator/val_utils.c dns64/dns64.c $(CHECKLOCK_SRC) $(DNSTAP_SRC)
|
||||||
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
|
COMMON_OBJ_WITHOUT_NETCALL=dns.lo infra.lo rrset.lo dname.lo msgencode.lo \
|
||||||
msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
|
as112.lo msgparse.lo msgreply.lo packed_rrset.lo iterator.lo iter_delegpt.lo \
|
||||||
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
|
iter_donotq.lo iter_fwd.lo iter_hints.lo iter_priv.lo iter_resptype.lo \
|
||||||
iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo \
|
iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo \
|
||||||
outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
|
outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
|
||||||
@ -595,6 +595,7 @@ depend:
|
|||||||
rm -f $(DEPEND_TMP) $(DEPEND_TMP2)
|
rm -f $(DEPEND_TMP) $(DEPEND_TMP2)
|
||||||
|
|
||||||
# Dependencies
|
# Dependencies
|
||||||
|
as112.lo as112.o: $(srcdir)/util/as112.c $(srcdir)/util/as112.h
|
||||||
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
$(srcdir)/validator/val_nsec.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h \
|
||||||
$(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/locks.h $(srcdir)/services/cache/dns.h $(srcdir)/util/data/msgreply.h \
|
||||||
@ -702,7 +703,7 @@ localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h $(srcdir)/serv
|
|||||||
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
$(srcdir)/sldns/sbuffer.h $(srcdir)/util/regional.h $(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
|
||||||
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h \
|
||||||
$(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h \
|
$(srcdir)/util/net_help.h $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h \
|
||||||
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h
|
$(srcdir)/util/data/msgparse.h $(srcdir)/sldns/pkthdr.h $(srcdir)/util/as112.h
|
||||||
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h \
|
||||||
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
|
||||||
$(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
|
$(srcdir)/util/log.h $(srcdir)/sldns/pkthdr.h $(srcdir)/sldns/rrdef.h $(srcdir)/util/module.h \
|
||||||
@ -821,7 +822,7 @@ val_anchor.lo val_anchor.o: $(srcdir)/validator/val_anchor.c config.h $(srcdir)/
|
|||||||
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
|
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/validator/val_sigcrypt.h \
|
||||||
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \
|
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h $(srcdir)/validator/autotrust.h \
|
||||||
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \
|
$(srcdir)/util/data/dname.h $(srcdir)/util/net_help.h $(srcdir)/util/config_file.h $(srcdir)/sldns/sbuffer.h \
|
||||||
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h
|
$(srcdir)/sldns/rrdef.h $(srcdir)/sldns/str2wire.h $(srcdir)/util/as112.h
|
||||||
validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \
|
validator.lo validator.o: $(srcdir)/validator/validator.c config.h $(srcdir)/validator/validator.h \
|
||||||
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
$(srcdir)/util/module.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h \
|
||||||
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h \
|
||||||
|
@ -508,13 +508,17 @@ server:
|
|||||||
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
||||||
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
||||||
|
|
||||||
# if unbound is running service for the local host then it is useful
|
# If unbound is running service for the local host then it is useful
|
||||||
# to perform lan-wide lookups to the upstream, and unblock the
|
# to perform lan-wide lookups to the upstream, and unblock the
|
||||||
# long list of local-zones above. If this unbound is a dns server
|
# long list of local-zones above. If this unbound is a dns server
|
||||||
# for a network of computers, disabled is better and stops information
|
# for a network of computers, disabled is better and stops information
|
||||||
# leakage of local lan information.
|
# leakage of local lan information.
|
||||||
# unblock-lan-zones: no
|
# unblock-lan-zones: no
|
||||||
|
|
||||||
|
# The insecure-lan-zones option disables validation for
|
||||||
|
# these zones, as if they were all listed as domain-insecure.
|
||||||
|
# insecure-lan-zones: no
|
||||||
|
|
||||||
# a number of locally served zones can be configured.
|
# a number of locally served zones can be configured.
|
||||||
# local-zone: <zone> <type>
|
# local-zone: <zone> <type>
|
||||||
# local-data: "<resource record string>"
|
# local-data: "<resource record string>"
|
||||||
|
@ -508,13 +508,17 @@ server:
|
|||||||
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
# local-zone: "8.b.d.0.1.0.0.2.ip6.arpa." nodefault
|
||||||
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
# And for 64.100.in-addr.arpa. to 127.100.in-addr.arpa.
|
||||||
|
|
||||||
# if unbound is running service for the local host then it is useful
|
# If unbound is running service for the local host then it is useful
|
||||||
# to perform lan-wide lookups to the upstream, and unblock the
|
# to perform lan-wide lookups to the upstream, and unblock the
|
||||||
# long list of local-zones above. If this unbound is a dns server
|
# long list of local-zones above. If this unbound is a dns server
|
||||||
# for a network of computers, disabled is better and stops information
|
# for a network of computers, disabled is better and stops information
|
||||||
# leakage of local lan information.
|
# leakage of local lan information.
|
||||||
# unblock-lan-zones: no
|
# unblock-lan-zones: no
|
||||||
|
|
||||||
|
# The insecure-lan-zones option disables validation for
|
||||||
|
# these zones, as if they were all listed as domain-insecure.
|
||||||
|
# insecure-lan-zones: no
|
||||||
|
|
||||||
# a number of locally served zones can be configured.
|
# a number of locally served zones can be configured.
|
||||||
# local-zone: <zone> <type>
|
# local-zone: <zone> <type>
|
||||||
# local-data: "<resource record string>"
|
# local-data: "<resource record string>"
|
||||||
|
@ -841,6 +841,11 @@ as a (DHCP-) DNS network resolver for a group of machines, where such
|
|||||||
lookups should be filtered (RFC compliance), this also stops potential
|
lookups should be filtered (RFC compliance), this also stops potential
|
||||||
data leakage about the local network to the upstream DNS servers.
|
data leakage about the local network to the upstream DNS servers.
|
||||||
.TP
|
.TP
|
||||||
|
.B insecure\-lan\-zones: \fI<yesno>
|
||||||
|
Default is disabled. If enabled, then reverse lookups in private
|
||||||
|
address space are not validated. This is usually required whenever
|
||||||
|
\fIunblock\-lan\-zones\fR is used.
|
||||||
|
.TP
|
||||||
.B local\-zone: \fI<zone> <type>
|
.B local\-zone: \fI<zone> <type>
|
||||||
Configure a local zone. The type determines the answer to give if
|
Configure a local zone. The type determines the answer to give if
|
||||||
there is no match from local\-data. The types are deny, refuse, static,
|
there is no match from local\-data. The types are deny, refuse, static,
|
||||||
|
@ -841,6 +841,11 @@ as a (DHCP-) DNS network resolver for a group of machines, where such
|
|||||||
lookups should be filtered (RFC compliance), this also stops potential
|
lookups should be filtered (RFC compliance), this also stops potential
|
||||||
data leakage about the local network to the upstream DNS servers.
|
data leakage about the local network to the upstream DNS servers.
|
||||||
.TP
|
.TP
|
||||||
|
.B insecure\-lan\-zones: \fI<yesno>
|
||||||
|
Default is disabled. If enabled, then reverse lookups in private
|
||||||
|
address space are not validated. This is usually required whenever
|
||||||
|
\fIunblock\-lan\-zones\fR is used.
|
||||||
|
.TP
|
||||||
.B local\-zone: \fI<zone> <type>
|
.B local\-zone: \fI<zone> <type>
|
||||||
Configure a local zone. The type determines the answer to give if
|
Configure a local zone. The type determines the answer to give if
|
||||||
there is no match from local\-data. The types are deny, refuse, static,
|
there is no match from local\-data. The types are deny, refuse, static,
|
||||||
|
@ -51,6 +51,7 @@
|
|||||||
#include "util/netevent.h"
|
#include "util/netevent.h"
|
||||||
#include "util/data/msgreply.h"
|
#include "util/data/msgreply.h"
|
||||||
#include "util/data/msgparse.h"
|
#include "util/data/msgparse.h"
|
||||||
|
#include "util/as112.h"
|
||||||
|
|
||||||
struct local_zones*
|
struct local_zones*
|
||||||
local_zones_create(void)
|
local_zones_create(void)
|
||||||
@ -592,6 +593,7 @@ static int
|
|||||||
lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
|
lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
struct local_zone* z;
|
struct local_zone* z;
|
||||||
|
const char** zstr;
|
||||||
|
|
||||||
/* this list of zones is from RFC 6303 */
|
/* this list of zones is from RFC 6303 */
|
||||||
|
|
||||||
@ -654,110 +656,14 @@ lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
|
|||||||
lock_rw_unlock(&z->lock);
|
lock_rw_unlock(&z->lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* if unblock lan-zones, then do not add the zones below.
|
/* block AS112 zones, unless asked not to */
|
||||||
* we do add the zones above, about 127.0.0.1, because localhost is
|
if(!cfg->unblock_lan_zones) {
|
||||||
* not on the lan. */
|
for(zstr = as112_zones; *zstr; zstr++) {
|
||||||
if(cfg->unblock_lan_zones)
|
if(!add_as112_default(zones, cfg, *zstr)) {
|
||||||
return 1;
|
log_err("out of memory adding default zone");
|
||||||
|
return 0;
|
||||||
/* block LAN level zones */
|
}
|
||||||
if ( !add_as112_default(zones, cfg, "10.in-addr.arpa.") ||
|
}
|
||||||
!add_as112_default(zones, cfg, "16.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "17.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "18.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "19.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "20.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "21.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "22.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "23.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "24.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "25.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "26.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "27.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "28.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "29.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "30.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "31.172.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "168.192.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "0.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "64.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "65.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "66.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "67.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "68.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "69.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "70.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "71.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "72.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "73.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "74.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "75.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "76.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "77.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "78.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "79.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "80.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "81.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "82.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "83.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "84.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "85.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "86.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "87.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "88.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "89.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "90.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "91.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "92.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "93.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "94.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "95.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "96.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "97.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "98.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "99.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "100.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "101.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "102.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "103.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "104.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "105.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "106.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "107.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "108.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "109.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "110.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "111.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "112.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "113.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "114.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "115.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "116.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "117.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "118.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "119.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "120.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "121.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "122.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "123.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "124.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "125.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "126.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "127.100.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "254.169.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "2.0.192.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "100.51.198.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "113.0.203.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "255.255.255.255.in-addr.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "d.f.ip6.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "8.e.f.ip6.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "9.e.f.ip6.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "a.e.f.ip6.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "b.e.f.ip6.arpa.") ||
|
|
||||||
!add_as112_default(zones, cfg, "8.b.d.0.1.0.0.2.ip6.arpa.")) {
|
|
||||||
log_err("out of memory adding default zone");
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
143
contrib/unbound/util/as112.c
Normal file
143
contrib/unbound/util/as112.c
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
/*
|
||||||
|
* util/as112.c - list of local zones.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* This file provides a list of lan zones.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include "util/as112.h"
|
||||||
|
|
||||||
|
static const char* as112_zone_array[] = {
|
||||||
|
"10.in-addr.arpa.",
|
||||||
|
"16.172.in-addr.arpa.",
|
||||||
|
"17.172.in-addr.arpa.",
|
||||||
|
"18.172.in-addr.arpa.",
|
||||||
|
"19.172.in-addr.arpa.",
|
||||||
|
"20.172.in-addr.arpa.",
|
||||||
|
"21.172.in-addr.arpa.",
|
||||||
|
"22.172.in-addr.arpa.",
|
||||||
|
"23.172.in-addr.arpa.",
|
||||||
|
"24.172.in-addr.arpa.",
|
||||||
|
"25.172.in-addr.arpa.",
|
||||||
|
"26.172.in-addr.arpa.",
|
||||||
|
"27.172.in-addr.arpa.",
|
||||||
|
"28.172.in-addr.arpa.",
|
||||||
|
"29.172.in-addr.arpa.",
|
||||||
|
"30.172.in-addr.arpa.",
|
||||||
|
"31.172.in-addr.arpa.",
|
||||||
|
"168.192.in-addr.arpa.",
|
||||||
|
"0.in-addr.arpa.",
|
||||||
|
"64.100.in-addr.arpa.",
|
||||||
|
"65.100.in-addr.arpa.",
|
||||||
|
"66.100.in-addr.arpa.",
|
||||||
|
"67.100.in-addr.arpa.",
|
||||||
|
"68.100.in-addr.arpa.",
|
||||||
|
"69.100.in-addr.arpa.",
|
||||||
|
"70.100.in-addr.arpa.",
|
||||||
|
"71.100.in-addr.arpa.",
|
||||||
|
"72.100.in-addr.arpa.",
|
||||||
|
"73.100.in-addr.arpa.",
|
||||||
|
"74.100.in-addr.arpa.",
|
||||||
|
"75.100.in-addr.arpa.",
|
||||||
|
"76.100.in-addr.arpa.",
|
||||||
|
"77.100.in-addr.arpa.",
|
||||||
|
"78.100.in-addr.arpa.",
|
||||||
|
"79.100.in-addr.arpa.",
|
||||||
|
"80.100.in-addr.arpa.",
|
||||||
|
"81.100.in-addr.arpa.",
|
||||||
|
"82.100.in-addr.arpa.",
|
||||||
|
"83.100.in-addr.arpa.",
|
||||||
|
"84.100.in-addr.arpa.",
|
||||||
|
"85.100.in-addr.arpa.",
|
||||||
|
"86.100.in-addr.arpa.",
|
||||||
|
"87.100.in-addr.arpa.",
|
||||||
|
"88.100.in-addr.arpa.",
|
||||||
|
"89.100.in-addr.arpa.",
|
||||||
|
"90.100.in-addr.arpa.",
|
||||||
|
"91.100.in-addr.arpa.",
|
||||||
|
"92.100.in-addr.arpa.",
|
||||||
|
"93.100.in-addr.arpa.",
|
||||||
|
"94.100.in-addr.arpa.",
|
||||||
|
"95.100.in-addr.arpa.",
|
||||||
|
"96.100.in-addr.arpa.",
|
||||||
|
"97.100.in-addr.arpa.",
|
||||||
|
"98.100.in-addr.arpa.",
|
||||||
|
"99.100.in-addr.arpa.",
|
||||||
|
"100.100.in-addr.arpa.",
|
||||||
|
"101.100.in-addr.arpa.",
|
||||||
|
"102.100.in-addr.arpa.",
|
||||||
|
"103.100.in-addr.arpa.",
|
||||||
|
"104.100.in-addr.arpa.",
|
||||||
|
"105.100.in-addr.arpa.",
|
||||||
|
"106.100.in-addr.arpa.",
|
||||||
|
"107.100.in-addr.arpa.",
|
||||||
|
"108.100.in-addr.arpa.",
|
||||||
|
"109.100.in-addr.arpa.",
|
||||||
|
"110.100.in-addr.arpa.",
|
||||||
|
"111.100.in-addr.arpa.",
|
||||||
|
"112.100.in-addr.arpa.",
|
||||||
|
"113.100.in-addr.arpa.",
|
||||||
|
"114.100.in-addr.arpa.",
|
||||||
|
"115.100.in-addr.arpa.",
|
||||||
|
"116.100.in-addr.arpa.",
|
||||||
|
"117.100.in-addr.arpa.",
|
||||||
|
"118.100.in-addr.arpa.",
|
||||||
|
"119.100.in-addr.arpa.",
|
||||||
|
"120.100.in-addr.arpa.",
|
||||||
|
"121.100.in-addr.arpa.",
|
||||||
|
"122.100.in-addr.arpa.",
|
||||||
|
"123.100.in-addr.arpa.",
|
||||||
|
"124.100.in-addr.arpa.",
|
||||||
|
"125.100.in-addr.arpa.",
|
||||||
|
"126.100.in-addr.arpa.",
|
||||||
|
"127.100.in-addr.arpa.",
|
||||||
|
"254.169.in-addr.arpa.",
|
||||||
|
"2.0.192.in-addr.arpa.",
|
||||||
|
"100.51.198.in-addr.arpa.",
|
||||||
|
"113.0.203.in-addr.arpa.",
|
||||||
|
"255.255.255.255.in-addr.arpa.",
|
||||||
|
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.",
|
||||||
|
"d.f.ip6.arpa.",
|
||||||
|
"8.e.f.ip6.arpa.",
|
||||||
|
"9.e.f.ip6.arpa.",
|
||||||
|
"a.e.f.ip6.arpa.",
|
||||||
|
"b.e.f.ip6.arpa.",
|
||||||
|
"8.b.d.0.1.0.0.2.ip6.arpa.",
|
||||||
|
0
|
||||||
|
};
|
||||||
|
|
||||||
|
const char** as112_zones = as112_zone_array;
|
57
contrib/unbound/util/as112.h
Normal file
57
contrib/unbound/util/as112.h
Normal file
@ -0,0 +1,57 @@
|
|||||||
|
/*
|
||||||
|
* util/as112.c - list of local zones.
|
||||||
|
*
|
||||||
|
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
||||||
|
*
|
||||||
|
* This software is open source.
|
||||||
|
*
|
||||||
|
* Redistribution and use in source and binary forms, with or without
|
||||||
|
* modification, are permitted provided that the following conditions
|
||||||
|
* are met:
|
||||||
|
*
|
||||||
|
* Redistributions of source code must retain the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer.
|
||||||
|
*
|
||||||
|
* Redistributions in binary form must reproduce the above copyright notice,
|
||||||
|
* this list of conditions and the following disclaimer in the documentation
|
||||||
|
* and/or other materials provided with the distribution.
|
||||||
|
*
|
||||||
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||||
|
* be used to endorse or promote products derived from this software without
|
||||||
|
* specific prior written permission.
|
||||||
|
*
|
||||||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||||
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||||
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||||
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||||
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||||
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||||
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||||
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||||
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||||
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||||
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \file
|
||||||
|
*
|
||||||
|
* This file provides a list of lan zones
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifndef UTIL_AS112_H
|
||||||
|
#define UTIL_AS112_H
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Array of text-format domain names of the AS112 zones.
|
||||||
|
* The array ends with NULL. "AS112" is a service on the internet that
|
||||||
|
* that this array is named after. The names in this list (or some of them)
|
||||||
|
* are null-routed by this service to avoid load on central servers caused by
|
||||||
|
* mistaken lookups for local content on the global internet.
|
||||||
|
*
|
||||||
|
* This is the list of names that unbound should not normally be sending
|
||||||
|
* on towards the internet, because they are local-use.
|
||||||
|
*/
|
||||||
|
extern const char** as112_zones;
|
||||||
|
|
||||||
|
#endif
|
@ -210,6 +210,7 @@ config_create(void)
|
|||||||
cfg->local_zones_nodefault = NULL;
|
cfg->local_zones_nodefault = NULL;
|
||||||
cfg->local_data = NULL;
|
cfg->local_data = NULL;
|
||||||
cfg->unblock_lan_zones = 0;
|
cfg->unblock_lan_zones = 0;
|
||||||
|
cfg->insecure_lan_zones = 0;
|
||||||
cfg->python_script = NULL;
|
cfg->python_script = NULL;
|
||||||
cfg->remote_control_enable = 0;
|
cfg->remote_control_enable = 0;
|
||||||
cfg->control_ifs = NULL;
|
cfg->control_ifs = NULL;
|
||||||
@ -458,6 +459,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||||||
else S_YNO("rrset-roundrobin:", rrset_roundrobin)
|
else S_YNO("rrset-roundrobin:", rrset_roundrobin)
|
||||||
else S_STRLIST("local-data:", local_data)
|
else S_STRLIST("local-data:", local_data)
|
||||||
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
|
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
|
||||||
|
else S_YNO("insecure-lan-zones:", insecure_lan_zones)
|
||||||
else S_YNO("control-enable:", remote_control_enable)
|
else S_YNO("control-enable:", remote_control_enable)
|
||||||
else S_STRLIST("control-interface:", control_ifs)
|
else S_STRLIST("control-interface:", control_ifs)
|
||||||
else S_NUMBER_NONZERO("control-port:", control_port)
|
else S_NUMBER_NONZERO("control-port:", control_port)
|
||||||
@ -739,6 +741,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||||||
else O_YNO(opt, "minimal-responses", minimal_responses)
|
else O_YNO(opt, "minimal-responses", minimal_responses)
|
||||||
else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin)
|
else O_YNO(opt, "rrset-roundrobin", rrset_roundrobin)
|
||||||
else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones)
|
else O_YNO(opt, "unblock-lan-zones", unblock_lan_zones)
|
||||||
|
else O_YNO(opt, "insecure-lan-zones", insecure_lan_zones)
|
||||||
else O_DEC(opt, "max-udp-size", max_udp_size)
|
else O_DEC(opt, "max-udp-size", max_udp_size)
|
||||||
else O_STR(opt, "python-script", python_script)
|
else O_STR(opt, "python-script", python_script)
|
||||||
else O_DEC(opt, "ratelimit", ratelimit)
|
else O_DEC(opt, "ratelimit", ratelimit)
|
||||||
|
@ -285,8 +285,10 @@ struct config_file {
|
|||||||
struct config_strlist* local_zones_nodefault;
|
struct config_strlist* local_zones_nodefault;
|
||||||
/** local data RRs configured */
|
/** local data RRs configured */
|
||||||
struct config_strlist* local_data;
|
struct config_strlist* local_data;
|
||||||
/** unblock lan zones (reverse lookups for 10/8 and so on) */
|
/** unblock lan zones (reverse lookups for AS112 zones) */
|
||||||
int unblock_lan_zones;
|
int unblock_lan_zones;
|
||||||
|
/** insecure lan zones (don't validate AS112 zones) */
|
||||||
|
int insecure_lan_zones;
|
||||||
|
|
||||||
/** remote control section. enable toggle. */
|
/** remote control section. enable toggle. */
|
||||||
int remote_control_enable;
|
int remote_control_enable;
|
||||||
|
@ -321,6 +321,7 @@ local-zone{COLON} { YDVAR(2, VAR_LOCAL_ZONE) }
|
|||||||
local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) }
|
local-data{COLON} { YDVAR(1, VAR_LOCAL_DATA) }
|
||||||
local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) }
|
local-data-ptr{COLON} { YDVAR(1, VAR_LOCAL_DATA_PTR) }
|
||||||
unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) }
|
unblock-lan-zones{COLON} { YDVAR(1, VAR_UNBLOCK_LAN_ZONES) }
|
||||||
|
insecure-lan-zones{COLON} { YDVAR(1, VAR_INSECURE_LAN_ZONES) }
|
||||||
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
statistics-interval{COLON} { YDVAR(1, VAR_STATISTICS_INTERVAL) }
|
||||||
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
statistics-cumulative{COLON} { YDVAR(1, VAR_STATISTICS_CUMULATIVE) }
|
||||||
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
extended-statistics{COLON} { YDVAR(1, VAR_EXTENDED_STATISTICS) }
|
||||||
|
@ -106,7 +106,8 @@ extern struct config_parser_state* cfg_parser;
|
|||||||
%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
|
%token VAR_IGNORE_CD_FLAG VAR_LOG_QUERIES VAR_TCP_UPSTREAM VAR_SSL_UPSTREAM
|
||||||
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
|
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
|
||||||
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
|
||||||
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UNBLOCK_LAN_ZONES
|
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE
|
||||||
|
%token VAR_UNBLOCK_LAN_ZONES VAR_INSECURE_LAN_ZONES
|
||||||
%token VAR_INFRA_CACHE_MIN_RTT
|
%token VAR_INFRA_CACHE_MIN_RTT
|
||||||
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
|
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
|
||||||
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
|
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
|
||||||
@ -180,7 +181,8 @@ content_server: server_num_threads | server_verbosity | server_port |
|
|||||||
server_log_queries | server_tcp_upstream | server_ssl_upstream |
|
server_log_queries | server_tcp_upstream | server_ssl_upstream |
|
||||||
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
|
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
|
||||||
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
server_minimal_responses | server_rrset_roundrobin | server_max_udp_size |
|
||||||
server_so_reuseport | server_delay_close | server_unblock_lan_zones |
|
server_so_reuseport | server_delay_close |
|
||||||
|
server_unblock_lan_zones | server_insecure_lan_zones |
|
||||||
server_dns64_prefix | server_dns64_synthall |
|
server_dns64_prefix | server_dns64_synthall |
|
||||||
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
server_infra_cache_min_rtt | server_harden_algo_downgrade |
|
||||||
server_ip_transparent | server_ratelimit | server_ratelimit_slabs |
|
server_ip_transparent | server_ratelimit | server_ratelimit_slabs |
|
||||||
@ -722,6 +724,16 @@ server_unblock_lan_zones: VAR_UNBLOCK_LAN_ZONES STRING_ARG
|
|||||||
free($2);
|
free($2);
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
server_insecure_lan_zones: VAR_INSECURE_LAN_ZONES STRING_ARG
|
||||||
|
{
|
||||||
|
OUTYY(("P(server_insecure_lan_zones:%s)\n", $2));
|
||||||
|
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||||
|
yyerror("expected yes or no.");
|
||||||
|
else cfg_parser->cfg->insecure_lan_zones =
|
||||||
|
(strcmp($2, "yes")==0);
|
||||||
|
free($2);
|
||||||
|
}
|
||||||
|
;
|
||||||
server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
|
server_rrset_cache_size: VAR_RRSET_CACHE_SIZE STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
|
OUTYY(("P(server_rrset_cache_size:%s)\n", $2));
|
||||||
|
@ -48,6 +48,7 @@
|
|||||||
#include "util/log.h"
|
#include "util/log.h"
|
||||||
#include "util/net_help.h"
|
#include "util/net_help.h"
|
||||||
#include "util/config_file.h"
|
#include "util/config_file.h"
|
||||||
|
#include "util/as112.h"
|
||||||
#include "sldns/sbuffer.h"
|
#include "sldns/sbuffer.h"
|
||||||
#include "sldns/rrdef.h"
|
#include "sldns/rrdef.h"
|
||||||
#include "sldns/str2wire.h"
|
#include "sldns/str2wire.h"
|
||||||
@ -1044,8 +1045,18 @@ int
|
|||||||
anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
|
anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
|
||||||
{
|
{
|
||||||
struct config_strlist* f;
|
struct config_strlist* f;
|
||||||
|
const char** zstr;
|
||||||
char* nm;
|
char* nm;
|
||||||
sldns_buffer* parsebuf = sldns_buffer_new(65535);
|
sldns_buffer* parsebuf = sldns_buffer_new(65535);
|
||||||
|
if(cfg->insecure_lan_zones) {
|
||||||
|
for(zstr = as112_zones; *zstr; zstr++) {
|
||||||
|
if(!anchor_insert_insecure(anchors, *zstr)) {
|
||||||
|
log_err("error in insecure-lan-zones: %s", *zstr);
|
||||||
|
sldns_buffer_free(parsebuf);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
for(f = cfg->domain_insecure; f; f = f->next) {
|
for(f = cfg->domain_insecure; f; f = f->next) {
|
||||||
if(!f->str || f->str[0] == 0) /* empty "" */
|
if(!f->str || f->str[0] == 0) /* empty "" */
|
||||||
continue;
|
continue;
|
||||||
|
@ -12,7 +12,7 @@ PRIVATELIB=
|
|||||||
|
|
||||||
CFLAGS= -I${UNBOUNDDIR} -I${LDNSDIR} -I${.OBJDIR}
|
CFLAGS= -I${UNBOUNDDIR} -I${LDNSDIR} -I${.OBJDIR}
|
||||||
|
|
||||||
SRCS= alloc.c autotrust.c config_file.c configlexer.l configparser.y \
|
SRCS= alloc.c as112.c autotrust.c config_file.c configlexer.l configparser.y \
|
||||||
context.c dname.c dns.c dns64.c dnstree.c fptr_wlist.c infra.c \
|
context.c dname.c dns.c dns64.c dnstree.c fptr_wlist.c infra.c \
|
||||||
iter_delegpt.c iter_donotq.c iter_fwd.c iter_hints.c iter_priv.c \
|
iter_delegpt.c iter_donotq.c iter_fwd.c iter_hints.c iter_priv.c \
|
||||||
iter_resptype.c iter_scrub.c iter_utils.c iterator.c keyraw.c \
|
iter_resptype.c iter_scrub.c iter_utils.c iterator.c keyraw.c \
|
||||||
|
@ -210,31 +210,7 @@ gen_lanzones_conf() {
|
|||||||
echo "server:"
|
echo "server:"
|
||||||
echo " # Unblock reverse lookups for LAN addresses"
|
echo " # Unblock reverse lookups for LAN addresses"
|
||||||
echo " unblock-lan-zones: yes"
|
echo " unblock-lan-zones: yes"
|
||||||
echo " domain-insecure: 10.in-addr.arpa."
|
echo " insecure-lan-zones: yes"
|
||||||
echo " domain-insecure: 127.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 16.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 17.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 18.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 19.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 20.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 21.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 22.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 23.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 24.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 25.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 26.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 27.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 28.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 29.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 30.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 31.172.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 168.192.in-addr.arpa."
|
|
||||||
echo " domain-insecure: 254.169.in-addr.arpa."
|
|
||||||
echo " domain-insecure: d.f.ip6.arpa."
|
|
||||||
echo " domain-insecure: 8.e.ip6.arpa."
|
|
||||||
echo " domain-insecure: 9.e.ip6.arpa."
|
|
||||||
echo " domain-insecure: a.e.ip6.arpa."
|
|
||||||
echo " domain-insecure: b.e.ip6.arpa."
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
|
Loading…
Reference in New Issue
Block a user