From: Kees Monshouwer <mind04@monshouwer.org>
Date: Wed, 15 Jun 2016 11:24:22 +0000 (+0200)
Subject: add '8bit-dns' config option to disable the valiDNSName rules when needed
X-Git-Tag: auth-4.0.0-rc1~15^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F4001%2Fhead;p=thirdparty%2Fpdns.git

add '8bit-dns' config option to disable the valiDNSName rules when needed
---

diff --git a/docs/markdown/authoritative/settings.md b/docs/markdown/authoritative/settings.md
index 2aa8529428..c20a890c10 100644
--- a/docs/markdown/authoritative/settings.md
+++ b/docs/markdown/authoritative/settings.md
@@ -11,6 +11,13 @@ setting. This is mostly useful for [`include-dir`](#include-dir) directive.
 For boolean settings, specifying the name of the setting without a value means
 `yes`.
 
+## `8bit-dns`
+* Allow 8 bit dns queries
+* Default: no
+* Available since: 4.0.0
+
+Allow 8 bit DNS queries.
+
 ## `allow-axfr-ips`
 * IP ranges, separated by commas
 * Default: 127.0.0.0/8,::1
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index d712ae31ee..3ee2b5a7da 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -34,6 +34,7 @@
 #endif
 
 bool g_anyToTcp;
+bool g_8bitDNS;
 typedef Distributor<DNSPacket,DNSPacket,PacketHandler> DNSDistributor;
 
 ArgvMap theArg;
@@ -185,6 +186,7 @@ void declareArguments()
   ::arg().set("security-poll-suffix","Domain name from which to query security update notifications")="secpoll.powerdns.com.";
 
   ::arg().setSwitch("outgoing-axfr-expand-alias", "Expand ALIAS records during outgoing AXFR")="no";
+  ::arg().setSwitch("8bit-dns", "Allow 8bit dns queries")="no";
 }
 
 static time_t s_start=time(0);
@@ -475,6 +477,7 @@ void mainthread()
      newuid=Utility::makeUidNumeric(::arg()["setuid"]); 
    
    g_anyToTcp = ::arg().mustDo("any-to-tcp");
+   g_8bitDNS = ::arg().mustDo("8bit-dns");
 
    DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
    DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
diff --git a/pdns/common_startup.hh b/pdns/common_startup.hh
index 9300f8edd8..4acb89384b 100644
--- a/pdns/common_startup.hh
+++ b/pdns/common_startup.hh
@@ -52,5 +52,6 @@ extern void mainthread();
 extern int isGuarded( char ** );
 void* carbonDumpThread(void*);
 extern bool g_anyToTcp;
+extern bool g_8bitDNS;
 
 #endif // COMMON_STARTUP_HH
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index e35e4be14a..5f0c0a6ddf 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -883,17 +883,19 @@ int PacketHandler::processNotify(DNSPacket *p)
 
 bool validDNSName(const DNSName &name)
 {
-  string::size_type pos, length;
-  char c;
-  for(const auto& s : name.getRawLabels()) {
-    length=s.length();
-    for(pos=0; pos < length; ++pos) {
-      c=s[pos];
-      if(!((c >= 'a' && c <= 'z') ||
-           (c >= 'A' && c <= 'Z') ||
-           (c >= '0' && c <= '9') ||
-           c =='-' || c == '_' || c=='*' || c=='.' || c=='/' || c=='@' || c==' ' || c=='\\' || c==':'))
-        return false;
+  if (!g_8bitDNS) {
+    string::size_type pos, length;
+    char c;
+    for(const auto& s : name.getRawLabels()) {
+      length=s.length();
+      for(pos=0; pos < length; ++pos) {
+        c=s[pos];
+        if(!((c >= 'a' && c <= 'z') ||
+             (c >= 'A' && c <= 'Z') ||
+             (c >= '0' && c <= '9') ||
+             c =='-' || c == '_' || c=='*' || c=='.' || c=='/' || c=='@' || c==' ' || c=='\\' || c==':'))
+          return false;
+      }
     }
   }
   return true;