src/patches/dnsmasq/012-Update_list_of_subnet_for_--bogus-priv.patch

   1 From 90477fb79420a34124b66ebd808c578817a30e4c Mon Sep 17 00:00:00 2001
   2 From: Simon Kelley <simon@thekelleys.org.uk>
   3 Date: Tue, 20 Oct 2015 21:21:32 +0100
   4 Subject: [PATCH] Update list of subnet for --bogus-priv
   5
   6 RFC6303 specifies & recommends following zones not be forwarded
   7 to globally facing servers.
   8 +------------------------------+-----------------------+
   9 | Zone                         | Description           |
  10 +------------------------------+-----------------------+
  11 | 0.IN-ADDR.ARPA               | IPv4 "THIS" NETWORK   |
  12 | 127.IN-ADDR.ARPA             | IPv4 Loopback NETWORK |
  13 | 254.169.IN-ADDR.ARPA         | IPv4 LINK LOCAL       |
  14 | 2.0.192.IN-ADDR.ARPA         | IPv4 TEST-NET-1       |
  15 | 100.51.198.IN-ADDR.ARPA      | IPv4 TEST-NET-2       |
  16 | 113.0.203.IN-ADDR.ARPA       | IPv4 TEST-NET-3       |
  17 | 255.255.255.255.IN-ADDR.ARPA | IPv4 BROADCAST        |
  18 +------------------------------+-----------------------+
  19
  20 Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
  21 ---
  22  src/rfc1035.c |    8 ++++++--
  23  1 file changed, 6 insertions(+), 2 deletions(-)
  24
  25 diff --git a/src/rfc1035.c b/src/rfc1035.c
  26 index 6a51b30..4eb1772 100644
  27 --- a/src/rfc1035.c
  28 +++ b/src/rfc1035.c
  29 @@ -756,10 +756,14 @@ int private_net(struct in_addr addr, int ban_localhost)
  30    return
  31      (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost)  /* 127.0.0.0/8    (loopback) */ ||
  32      ((ip_addr & 0xFF000000) == 0x00000000)  /* RFC 5735 section 3. "here" network */ ||
  33 -    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
  34      ((ip_addr & 0xFF000000) == 0x0A000000)  /* 10.0.0.0/8     (private)  */ ||
  35      ((ip_addr & 0xFFF00000) == 0xAC100000)  /* 172.16.0.0/12  (private)  */ ||
  36 -    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ;
  37 +    ((ip_addr & 0xFFFF0000) == 0xC0A80000)  /* 192.168.0.0/16 (private)  */ ||
  38 +    ((ip_addr & 0xFFFF0000) == 0xA9FE0000)  /* 169.254.0.0/16 (zeroconf) */ ||
  39 +    ((ip_addr & 0xFFFFFF00) == 0xC0000200)  /* 192.0.2.0/24   (test-net) */ ||
  40 +    ((ip_addr & 0xFFFFFF00) == 0xC6336400)  /* 198.51.100.0/24(test-net) */ ||
  41 +    ((ip_addr & 0xFFFFFF00) == 0xCB007100)  /* 203.0.113.0/24 (test-net) */ ||
  42 +    ((ip_addr & 0xFFFFFFFF) == 0xFFFFFFFF)  /* 255.255.255.255/32 (broadcast)*/ ;
  43  }
  44
  45  static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name, int *doctored)
  46 --
  47 1.7.10.4
  48