policy: answer to reversed localhost query

author vitas <vitezslav.kriz@nic.cz>

Mon, 10 Jul 2017 14:31:05 +0000 (16:31 +0200)

committer vitas <vitezslav.kriz@nic.cz>

Mon, 10 Jul 2017 14:31:05 +0000 (16:31 +0200)
author vitas <vitezslav.kriz@nic.cz>
Mon, 10 Jul 2017 14:31:05 +0000 (16:31 +0200)
committer vitas <vitezslav.kriz@nic.cz>
Mon, 10 Jul 2017 14:31:05 +0000 (16:31 +0200)
diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua

index 5283b0a96cd4b201ef80f364f420465f4f1d717a..858e40369a8a6b5feb00b26f56c44e6105c6cc25 100644 (file)
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -137,7 +137,23 @@ local function localhost(state, req)
                 answer:begin(kres.section.ANSWER)
                 answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\127\0\0\1')  
         else
-               answer:rcode(kres.rcode.NXDOMAIN)
+               answer:rcode(kres.rcode.NOERROR)
+               answer:begin(kres.section.AUTHORITY)
+               answer:put('\7blocked', 900, answer:qclass(), kres.type.SOA,
+                       '\7blocked\0\0\0\0\0\0\0\0\14\16\0\0\3\132\0\9\58\128\0\0\3\132')
+       end
+       return kres.DONE
+end
+
+local function localhost_reversed(state, req)
+       local qry = req:current()
+       local answer = req.answer
+       ffi.C.kr_pkt_make_auth_header(answer)
+       if qry.stype == kres.type.PTR then
+               answer:begin(kres.section.ANSWER)
+               answer:put(qry.sname, 900, answer:qclass(), kres.type.PTR, todname('localhost'))        
+       else
+               answer:rcode(kres.rcode.NOERROR)
                 answer:begin(kres.section.AUTHORITY)
                 answer:put('\7blocked', 900, answer:qclass(), kres.type.SOA,
                         '\7blocked\0\0\0\0\0\0\0\0\14\16\0\0\3\132\0\9\58\128\0\0\3\132')
@@ -380,7 +396,6 @@ local private_zones = {
         '31.172.in-addr.arpa.',
         '168.192.in-addr.arpa.',
         '0.in-addr.arpa.',
-       '127.in-addr.arpa.',
         '254.169.in-addr.arpa.',
         '2.0.192.in-addr.arpa.',
         '100.51.198.in-addr.arpa.',
@@ -454,7 +469,6 @@ local private_zones = {
  
         -- RFC6303
         '0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.',
-       '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.',
         'd.f.ip6.arpa.',
         '8.e.f.ip6.arpa.',
         '9.e.f.ip6.arpa.',
@@ -482,7 +496,15 @@ policy.special_names = {
         {
                 cb=policy.suffix(localhost, {todname('localhost.')}),
                 count=0
-       }
+       },
+       {
+               cb=policy.suffix_common(localhost_reversed, { 
+                       todname('127.in-addr.arpa.'),
+                       todname('1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.')},
+                       todname('arpa.')),
+               count=0
+       },
+       
  }
  
  return policy
author	vitas <vitezslav.kriz@nic.cz>
	Mon, 10 Jul 2017 14:31:05 +0000 (16:31 +0200)
committer	vitas <vitezslav.kriz@nic.cz>
	Mon, 10 Jul 2017 14:31:05 +0000 (16:31 +0200)