Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 17891 Details for
Bug 28984
djbdns patch to block Verisign's sitefinder fiasco - return NXDOMAIN when an address resolve to certain ips.
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
ignore ip patch
djbdns-1.05-ignoreip2.patch (text/plain), 3.66 KB, created by
Dave Love
on 2003-09-17 07:46:20 UTC
(
hide
)
Description:
ignore ip patch
Filename:
MIME Type:
Creator:
Dave Love
Created:
2003-09-17 07:46:20 UTC
Size:
3.66 KB
patch
obsolete
>This patch change djbdns's dnscache program so that it will ignore the >IP address given in the ignoreip file. I wrote this patch because of >Verisign's oh-so helpful wildcard A record for *.COM and *.NET. > >If you have djbdns-1.05-ignoreip.patch installed, back it out like this: > cd /usr/local/src/djbdns-1.05 > patch -R <djbdns-1.05-ignoreip.patch > >Install the patch like this: > cd /usr/local/src/djbdns-1.05 > patch <djbdns-1.05-ignoreip2.patch > svc -d /service/dnscache > make setup check > svc -u /service/dnscache > >Configure it to ignore Verisign's wildcard record like this: > echo 64.94.110.11 >/service/dnscache/root/ignoreip > svc -t /service/dnscache > >Configure it to ignore all the cretins like this: >awk '{print $2}' <<EOF >/service/dnscache/root/ignoreip > *.ac 194.205.62.122 > *.cc 206.253.214.102 > *.com 64.94.110.11 > *.cx 219.88.106.80 > *.museum 195.7.77.20 > *.net 64.94.110.11 > *.nu 64.55.105.9 > and 212.181.91.6 > *.ph 203.119.4.6 > *.sh 194.205.62.62 > *.tm 194.205.62.62 > *.ws 216.35.187.246 >EOF > svc -t /service/dnscache > >If root/ignoreip is not present, no addresses will be ignored. > >-- >--My blog is at angry-economist.russnelson.com | Free markets express in the >Crynwr sells support for free software | PGPok | practical world our belief >521 Pleasant Valley Rd. | +1 315 268 1925 voice | that there is that of God >Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | in all people. -Chris V. > > >diff -u orig/dnscache.c ./dnscache.c >--- orig/dnscache.c 2001-02-11 16:11:45.000000000 -0500 >+++ ./dnscache.c 2003-09-16 23:23:36.000000000 -0400 >@@ -23,6 +23,8 @@ > #include "okclient.h" > #include "droproot.h" > >+stralloc ignoreip = {0}; >+ > static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2]) > { > unsigned int pos; >@@ -389,6 +391,7 @@ > int main() > { > char *x; >+ unsigned int i, j, k; > unsigned long cachesize; > > x = env_get("IP"); >@@ -431,6 +434,20 @@ > if (!cache_init(cachesize)) > strerr_die3x(111,FATAL,"not enough memory for cache of size ",x); > >+ if (openreadclose("ignoreip",&ignoreip,64) < 0) >+ strerr_die2x(111,FATAL,"trouble reading ignoreip"); >+ for(j = k = i = 0; i < ignoreip.len; i++) >+ if (ignoreip.s[i] == '\n') { >+ ignoreip.s[i] = '\0'; >+ if (j + 4 > i) >+ strerr_die3x(111,FATAL,"badly malformed ip4 address ",ignoreip.s+k); >+ if (!ip4_scan(ignoreip.s+k,ignoreip.s+j)) >+ strerr_die3x(111,FATAL,"unable to parse address in ignoreip ",ignoreip.s+k); >+ j += 4; >+ k = i + 1; >+ } >+ ignoreip.len = j; >+ > if (env_get("HIDETTL")) > response_hidettl(); > if (env_get("FORWARDONLY")) >diff -u orig/query.c ./query.c >--- orig/query.c 2001-02-11 16:11:45.000000000 -0500 >+++ ./query.c 2003-09-16 23:31:41.000000000 -0400 >@@ -13,6 +13,8 @@ > #include "response.h" > #include "query.h" > >+extern stralloc ignoreip; >+ > static int flagforwardonly = 0; > > void query_forwardonly(void) >@@ -193,6 +195,7 @@ > int k; > int p; > int q; >+ unsigned int ii; > > errno = error_io; > if (state == 1) goto HAVEPACKET; >@@ -643,6 +646,9 @@ > pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE; > if (byte_equal(header + 8,2,"\0\4")) { > pos = dns_packet_copy(buf,len,pos,header,4); if (!pos) goto DIE; >+ if (ignoreip.len) >+ for(ii = 0; ii < ignoreip.len; ii+= 4) >+ if (byte_equal(header,4,ignoreip.s+ii)) goto NXDOMAIN; > save_data(header,4); > log_rr(whichserver,t1,DNS_T_A,header,4,ttl); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=17891">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 28984
:
17890
| 17891 |
17892
|
17896
