static bool udrCheckUniqueDNSRecord(Logr::log_t nodlogger, const DNSName& dname, uint16_t qtype, const DNSRecord& record)
{
bool ret = false;
- if (record.d_place == DNSResourceRecord::ANSWER || record.d_place == DNSResourceRecord::ADDITIONAL) {
- // Create a string that represent a triplet of (qname, qtype and RR[type, name, content])
- std::stringstream strStream;
- strStream << dname.toDNSStringLC() << ":" << qtype << ":" << qtype << ":" << record.d_type << ":" << record.d_name.toDNSStringLC() << ":" << record.getContent()->getZoneRepresentation();
- if (g_udrDBp && g_udrDBp->isUniqueResponse(strStream.str())) {
- if (g_udrLog) {
- // This should also probably log to a dedicated file.
- SLOG(g_log << Logger::Notice << "Unique response observed: qname=" << dname << " qtype=" << QType(qtype) << " rrtype=" << QType(record.d_type) << " rrname=" << record.d_name << " rrcontent=" << record.getContent()->getZoneRepresentation() << endl,
- nodlogger->info(Logr::Notice, "New response observed",
- "qtype", Logging::Loggable(QType(qtype)),
- "rrtype", Logging::Loggable(QType(record.d_type)),
- "rrname", Logging::Loggable(record.d_name),
- "rrcontent", Logging::Loggable(record.getContent()->getZoneRepresentation())););
- }
- t_Counters.at(rec::Counter::udrCount)++;
- ret = true;
+ // First check the (sub)domain isn't ignored for UDR purposes
+ if (!g_udrDomainWL.check(dname)) {
+ if (record.d_place == DNSResourceRecord::ANSWER || record.d_place == DNSResourceRecord::ADDITIONAL) {
+ // Create a string that represent a triplet of (qname, qtype and RR[type, name, content])
+ std::stringstream strStream;
+ strStream << dname.toDNSStringLC() << ":" << qtype << ":" << qtype << ":" << record.d_type << ":" << record.d_name.toDNSStringLC() << ":" << record.getContent()->getZoneRepresentation();
+ if (g_udrDBp && g_udrDBp->isUniqueResponse(strStream.str())) {
+ if (g_udrLog) {
+ // This should also probably log to a dedicated file.
+ SLOG(g_log << Logger::Notice << "Unique response observed: qname=" << dname << " qtype=" << QType(qtype) << " rrtype=" << QType(record.d_type) << " rrname=" << record.d_name << " rrcontent=" << record.getContent()->getZoneRepresentation() << endl,
+ nodlogger->info(Logr::Notice, "New response observed",
+ "qtype", Logging::Loggable(QType(qtype)),
+ "rrtype", Logging::Loggable(QType(record.d_type)),
+ "rrname", Logging::Loggable(record.d_name),
+ "rrcontent", Logging::Loggable(record.getContent()->getZoneRepresentation())););
+ }
+ t_Counters.at(rec::Counter::udrCount)++;
+ ret = true;
+ }
}
}
return ret;
DNSName g_nodLookupDomain;
bool g_nodLog;
SuffixMatchNode g_nodDomainWL;
+SuffixMatchNode g_udrDomainWL;
std::string g_nod_pbtag;
bool g_udrEnabled;
bool g_udrLog;
}
}
+static void parseUDRIgnorelist(const std::string& wlist)
+{
+ vector<string> parts;
+ stringtok(parts, wlist, ",; ");
+ for (const auto& part : parts) {
+ g_udrDomainWL.add(DNSName(part));
+ }
+}
+
static void setupNODGlobal()
{
// Setup NOD subsystem
g_udrLog = ::arg().mustDo("unique-response-log");
g_nod_pbtag = ::arg()["new-domain-pb-tag"];
g_udr_pbtag = ::arg()["unique-response-pb-tag"];
+ parseUDRIgnorelist(::arg()["udr-ignore-list"]);
}
#endif /* NOD_ENABLED */
''',
'versionadded': '4.5.0'
},
+ {
+ 'name' : 'udr_ignore_list',
+ 'section' : 'nod',
+ 'oldname' : 'udr-ignore-list',
+ 'type' : LType.ListStrings,
+ 'default' : '',
+ 'help' : 'List of domains (and implicitly all subdomains) which will never be considered for UDR',
+ 'doc' : '''
+This setting is a list of all domains (and implicitly all subdomains)
+that will never be considered for a new unique domain request.
+For example, if the domain 'xyz123.tv' is in the list, then 'foo.bar.xyz123.tv'
+will never be considered for a new unique domain request. One use-case for the
+ignore list is to never reveal details of internal subdomains
+via the new-domain-lookup feature.
+ ''',
+ 'versionadded' : '5.1.0'
+ },
{
'name' : 'pb_tag',
'section' : 'nod',
projects / thirdparty / pdns.git / commitdiff
