From bce61b006f1ea12de90966ae6b7ff88372d905cf Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Fri, 2 Aug 2013 08:45:56 +1200 Subject: [PATCH] Add dns_multicast_local to control mDNS operation Enable admin control over whether mDNS operates or not. Set the default to OFF due to .arpa reverse-DNS requests causing a rise in traffic from this feature even on networks without mDNS responders setup. Also, polish cachemgr idns report to show for queued queries which resolver type and query the entry is involving. mDNS can cause a queue to exist as some lookups timeout on the mDNS resolvers. --- doc/release-notes/release-3.4.sgml | 15 ++++++++++----- src/SquidConfig.h | 1 + src/cf.data.pre | 13 +++++++++++++ src/dns_internal.cc | 23 ++++++++++++++++------- 4 files changed, 40 insertions(+), 12 deletions(-) diff --git a/doc/release-notes/release-3.4.sgml b/doc/release-notes/release-3.4.sgml index 6580bd201f..5f44dedfb4 100644 --- a/doc/release-notes/release-3.4.sgml +++ b/doc/release-notes/release-3.4.sgml @@ -180,11 +180,13 @@ Most user-facing changes are reflected in squid.conf (see below).

The internal DNS component fof Squid now supports multicast DNS (mDNS) resolution in accordance with RFC 6762. -

There is no additional or special configuration required. The multicast DNS group IP - addresses for IPv4 and IPv6 resolving are added to the set of available DNS resolvers - and used automatically for domain names ending in .local before attempting a - secondary resolution on the configured resolvers. Domains without .local are - resolved using only the configured DNS resolvers. +

The dns_multicast_local directive must be set to on to enable this + feature. + +

The multicast DNS group IP addresses for IPv4 and IPv6 resolving are added to the set + of available DNS resolvers and used automatically for domain names ending in .local + and reverse-DNS lookups before attempting a secondary resolution on the configured + resolvers. Domains without .local are resolved using only the configured resolvers.

Statistics for multicast DNS resolution can be found on the idns cache manager report. @@ -218,6 +220,9 @@ This section gives a thorough account of those changes in three categories:

Whether Squid supports directive parameters with spaces, quotes, and other special characters. Surround such parameters with "double quotes". + dns_multicast_local +

Use multicast DNS for .local domains and reverse-DNS resolution. + note

Use ACLs to annotate a transaction with customized annotations which can be logged in access.log diff --git a/src/SquidConfig.h b/src/SquidConfig.h index 3e71d0815e..0efcf0c7be 100644 --- a/src/SquidConfig.h +++ b/src/SquidConfig.h @@ -355,6 +355,7 @@ public: int memory_cache_disk; int hostStrictVerify; int client_dst_passthru; + int dns_mdns; } onoff; int pipeline_max_prefetch; diff --git a/src/cf.data.pre b/src/cf.data.pre index 9160ba3201..753f762514 100644 --- a/src/cf.data.pre +++ b/src/cf.data.pre @@ -8332,6 +8332,19 @@ DOC_START Squid to handle single-component names, enable this option. DOC_END +NAME: dns_multicast_local +COMMENT: on|off +TYPE: onoff +DEFAULT: off +DEFAULT_DOC: Search for .local and .arpa names is disabled. +LOC: Config.onoff.dns_mdns +DOC_START + When set to on, Squid sends multicast DNS lookups on the local + network for domains ending in .local and .arpa. + This enables local servers and devices to be contacted in an + ad-hoc or zero-configuration network environment. +DOC_END + NAME: dns_nameservers TYPE: wordlist DEFAULT: none diff --git a/src/dns_internal.cc b/src/dns_internal.cc index 6a4e5b0b99..47810177bf 100644 --- a/src/dns_internal.cc +++ b/src/dns_internal.cc @@ -268,6 +268,9 @@ static void idnsSendSlaveAAAAQuery(idns_query *q); static void idnsCheckMDNS(idns_query *q) { + if (!Config.onoff.dns_mdns || q->permit_mdns) + return; + size_t slen = strlen(q->name); if (slen > 6 && memcmp(q->name +(slen-6),".local", 6) == 0) { q->permit_mdns = true; @@ -279,6 +282,10 @@ idnsAddMDNSNameservers() { nns_mdns_count=0; + // mDNS is disabled + if (!Config.onoff.dns_mdns) + return; + // mDNS resolver addresses are explicit multicast group IPs if (Ip::EnableIpv6) { idnsAddNameserver("FF02::FB"); @@ -717,21 +724,23 @@ idnsStats(StoreEntry * sentry) storeAppendPrintf(sentry, "Internal DNS Statistics:\n"); storeAppendPrintf(sentry, "\nThe Queue:\n"); storeAppendPrintf(sentry, " DELAY SINCE\n"); - storeAppendPrintf(sentry, " ID SIZE SENDS FIRST SEND LAST SEND\n"); - storeAppendPrintf(sentry, "------ ---- ----- ---------- ---------\n"); + storeAppendPrintf(sentry, " ID SIZE SENDS FIRST SEND LAST SEND M FQDN\n"); + storeAppendPrintf(sentry, "------ ---- ----- ---------- --------- - ----\n"); for (n = lru_list.head; n; n = n->next) { q = (idns_query *)n->data; - storeAppendPrintf(sentry, "%#06x %4d %5d %10.3f %9.3f\n", + storeAppendPrintf(sentry, "%#06x %4d %5d %10.3f %9.3f %c %s\n", (int) q->query_id, (int) q->sz, q->nsends, tvSubDsec(q->start_t, current_time), - tvSubDsec(q->sent_t, current_time)); + tvSubDsec(q->sent_t, current_time), + (q->permit_mdns? 'M':' '), + q->name); } if (Config.dns.packet_max > 0) - storeAppendPrintf(sentry, "DNS jumbo-grams: %zd Bytes\n", Config.dns.packet_max); + storeAppendPrintf(sentry, "\nDNS jumbo-grams: %zd Bytes\n", Config.dns.packet_max); else - storeAppendPrintf(sentry, "DNS jumbo-grams: not working\n"); + storeAppendPrintf(sentry, "\nDNS jumbo-grams: not working\n"); storeAppendPrintf(sentry, "\nNameservers:\n"); storeAppendPrintf(sentry, "IP ADDRESS # QUERIES # REPLIES Type\n"); @@ -1816,7 +1825,7 @@ idnsPTRLookup(const Ip::Address &addr, IDNSCB * callback, void *data) debugs(78, 3, "idnsPTRLookup: buf is " << q->sz << " bytes for " << ip << ", id = 0x" << std::hex << q->query_id); - q->permit_mdns = true; + q->permit_mdns = Config.onoff.dns_mdns; idnsStartQuery(q, callback, data); } -- 2.47.2