::arg().set("signing-threads","Default number of signer threads to start")="3";
::arg().set("receiver-threads","Default number of receiver threads to start")="1";
::arg().set("queue-limit","Maximum number of milliseconds to queue a query")="1500";
- ::arg().set("recursor","If recursion is desired, IP address of a recursing nameserver")="no";
- ::arg().set("allow-recursion","List of subnets that are allowed to recurse")="0.0.0.0/0";
+ ::arg().set("recursor","If alias expansion is desired, IP address of a recursing nameserver")="no";
::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
::arg().set("disable-tcp","Do not listen to TCP queries")="no";
// We need to start the Recursor Proxy before doing secpoll, see issue #2453
if(::arg().mustDo("recursor")){
DP=new DNSProxy(::arg()["recursor"]);
- DP->onlyFrom(::arg()["allow-recursion"]);
DP->go();
}
pthread_create(&tid,0,&launchhelper,this);
}
-
-void DNSProxy::onlyFrom(const string &ips)
-{
- d_ng.toMasks(ips);
-}
-
-bool DNSProxy::recurseFor(DNSPacket* p)
-{
- return d_ng.match((ComboAddress *)&p->d_remote);
-}
-
/** returns false if p->remote is not allowed to recurse via us */
bool DNSProxy::sendPacket(DNSPacket *p)
{
- if(!recurseFor(p))
- return false;
-
uint16_t id;
{
Lock l(&d_lock);
DNSProxy(const string &ip); //!< creates socket
~DNSProxy(); //<! dtor for DNSProxy
void go(); //!< launches the actual thread
- void onlyFrom(const string &ips); //!< Only these netmasks are allowed to recurse via us
bool sendPacket(DNSPacket *p); //!< send out a packet and make a conntrack entry to we can send back the answer
bool completePacket(DNSPacket *r, const DNSName& target,const DNSName& aname);
typedef map<int,ConntrackEntry> map_t;
// Data
- NetmaskGroup d_ng;
AtomicCounter* d_resanswers;
AtomicCounter* d_udpanswers;
AtomicCounter* d_resquestions;
projects / thirdparty / pdns.git / commitdiff
