From: Kees Monshouwer <mind04@monshouwer.org>
Date: Mon, 24 Oct 2016 20:22:42 +0000 (+0200)
Subject: remove allow-recursion option
X-Git-Tag: rec-4.1.0-alpha1~231^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6026bf67d765d521d4a5d9c266f30a8375c03d9b;p=thirdparty%2Fpdns.git

remove allow-recursion option
---

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index 997fbec20b..2030c94abd 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -99,8 +99,7 @@ void declareArguments()
   ::arg().set("signing-threads","Default number of signer threads to start")="3";
   ::arg().set("receiver-threads","Default number of receiver threads to start")="1";
   ::arg().set("queue-limit","Maximum number of milliseconds to queue a query")="1500"; 
-  ::arg().set("recursor","If recursion is desired, IP address of a recursing nameserver")="no"; 
-  ::arg().set("allow-recursion","List of subnets that are allowed to recurse")="0.0.0.0/0";
+  ::arg().set("recursor","If alias expansion is desired, IP address of a recursing nameserver")="no";
   ::arg().set("udp-truncation-threshold", "Maximum UDP response size before we truncate")="1680";
   ::arg().set("disable-tcp","Do not listen to TCP queries")="no";
   
@@ -512,7 +511,6 @@ void mainthread()
   // We need to start the Recursor Proxy before doing secpoll, see issue #2453
   if(::arg().mustDo("recursor")){
     DP=new DNSProxy(::arg()["recursor"]);
-    DP->onlyFrom(::arg()["allow-recursion"]);
     DP->go();
   }
 
diff --git a/pdns/dnsproxy.cc b/pdns/dnsproxy.cc
index 0c300b086f..b0849497b0 100644
--- a/pdns/dnsproxy.cc
+++ b/pdns/dnsproxy.cc
@@ -79,23 +79,9 @@ void DNSProxy::go()
   pthread_create(&tid,0,&launchhelper,this);
 }
 
-
-void DNSProxy::onlyFrom(const string &ips)
-{
-  d_ng.toMasks(ips);
-}
-
-bool DNSProxy::recurseFor(DNSPacket* p)
-{
-  return d_ng.match((ComboAddress *)&p->d_remote);
-}
-
 /** returns false if p->remote is not allowed to recurse via us */
 bool DNSProxy::sendPacket(DNSPacket *p)
 {
-  if(!recurseFor(p))
-    return false;
-
   uint16_t id;
   {
     Lock l(&d_lock);
diff --git a/pdns/dnsproxy.hh b/pdns/dnsproxy.hh
index 6144770910..f927c86a7a 100644
--- a/pdns/dnsproxy.hh
+++ b/pdns/dnsproxy.hh
@@ -54,7 +54,6 @@ public:
   DNSProxy(const string &ip); //!< creates socket
   ~DNSProxy(); //<! dtor for DNSProxy
   void go(); //!< launches the actual thread
-  void onlyFrom(const string &ips); //!< Only these netmasks are allowed to recurse via us
   bool sendPacket(DNSPacket *p);    //!< send out a packet and make a conntrack entry to we can send back the answer
   bool completePacket(DNSPacket *r, const DNSName& target,const DNSName& aname);
 
@@ -82,7 +81,6 @@ private:
   typedef map<int,ConntrackEntry> map_t;
 
   // Data
-  NetmaskGroup d_ng;
   AtomicCounter* d_resanswers;
   AtomicCounter* d_udpanswers;
   AtomicCounter* d_resquestions;