From: vitas <vitezslav.kriz@nic.cz>
Date: Mon, 10 Jul 2017 14:31:05 +0000 (+0200)
Subject: policy: answer to reversed localhost query
X-Git-Tag: v1.3.3~8^2~8
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cb04490051c9394aeadef6f2b730787d7aa5ac17;p=thirdparty%2Fknot-resolver.git

policy: answer to reversed localhost query
---

diff --git a/modules/policy/policy.lua b/modules/policy/policy.lua
index 5283b0a96..858e40369 100644
--- a/modules/policy/policy.lua
+++ b/modules/policy/policy.lua
@@ -137,7 +137,23 @@ local function localhost(state, req)
 		answer:begin(kres.section.ANSWER)
 		answer:put(qry.sname, 900, answer:qclass(), kres.type.A, '\127\0\0\1')	
 	else
-		answer:rcode(kres.rcode.NXDOMAIN)
+		answer:rcode(kres.rcode.NOERROR)
+		answer:begin(kres.section.AUTHORITY)
+		answer:put('\7blocked', 900, answer:qclass(), kres.type.SOA,
+			'\7blocked\0\0\0\0\0\0\0\0\14\16\0\0\3\132\0\9\58\128\0\0\3\132')
+	end
+	return kres.DONE
+end
+
+local function localhost_reversed(state, req)
+	local qry = req:current()
+	local answer = req.answer
+	ffi.C.kr_pkt_make_auth_header(answer)
+	if qry.stype == kres.type.PTR then
+		answer:begin(kres.section.ANSWER)
+		answer:put(qry.sname, 900, answer:qclass(), kres.type.PTR, todname('localhost'))	
+	else
+		answer:rcode(kres.rcode.NOERROR)
 		answer:begin(kres.section.AUTHORITY)
 		answer:put('\7blocked', 900, answer:qclass(), kres.type.SOA,
 			'\7blocked\0\0\0\0\0\0\0\0\14\16\0\0\3\132\0\9\58\128\0\0\3\132')
@@ -380,7 +396,6 @@ local private_zones = {
 	'31.172.in-addr.arpa.',
 	'168.192.in-addr.arpa.',
 	'0.in-addr.arpa.',
-	'127.in-addr.arpa.',
 	'254.169.in-addr.arpa.',
 	'2.0.192.in-addr.arpa.',
 	'100.51.198.in-addr.arpa.',
@@ -454,7 +469,6 @@ local private_zones = {
 
 	-- RFC6303
 	'0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.',
-	'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.',
 	'd.f.ip6.arpa.',
 	'8.e.f.ip6.arpa.',
 	'9.e.f.ip6.arpa.',
@@ -482,7 +496,15 @@ policy.special_names = {
 	{
 		cb=policy.suffix(localhost, {todname('localhost.')}),
 		count=0
-	}
+	},
+	{
+		cb=policy.suffix_common(localhost_reversed, { 
+			todname('127.in-addr.arpa.'),
+			todname('1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.')},
+			todname('arpa.')),
+		count=0
+	},
+	
 }
 
 return policy