Also the log now uses the same format query UID format as elsewhere.
- prefill module: avoid crash on empty zone file (#474, !840)
- rebinding module: avoid excessive iteration on blocked attempts (!842)
- rebinding module: fix crash caused by race condition (!842)
+- rebinding module: log each blocked query only in verbose mode (!842)
Knot Resolver 4.0.0 (2019-04-18)
struct kr_query *kr_rplan_resolved(struct kr_rplan *);
struct kr_query *kr_rplan_last(struct kr_rplan *);
int kr_nsrep_set(struct kr_query *, size_t, const struct sockaddr *);
+void kr_log_qverbose_impl(const struct kr_query *, const char *, const char *, ...);
int kr_make_query(struct kr_query *, knot_pkt_t *);
void kr_pkt_make_auth_header(knot_pkt_t *);
int kr_pkt_put(knot_pkt_t *, const knot_dname_t *, uint32_t, uint16_t, uint16_t, const uint8_t *, uint16_t);
# Nameservers
kr_nsrep_set
# Utils
+ kr_log_qverbose_impl
kr_make_query
kr_pkt_make_auth_header
kr_pkt_put
+local ffi = require('ffi')
+
-- Protection from DNS rebinding attacks
local kres = require('kres')
local renumber = require('kres_modules.renumber')
qry.flags.RESOLVED = 1 -- stop iteration
qry.flags.CACHED = 1 -- do not cache
refuse(req)
- log('[' .. string.format('%5d', qry.id) .. '][rebinding] '
- .. 'blocking blacklisted IP \'' .. kres.rr2str(bad_rr)
- .. '\' received from IP ' .. tostring(kres.sockaddr_t(req.upstream.addr)))
+ if verbose() then
+ ffi.C.kr_log_qverbose_impl(qry, 'rebinding',
+ 'blocking blacklisted IP in RR \'%s\' received from IP %s\n',
+ kres.rr2str(bad_rr),
+ tostring(kres.sockaddr_t(req.upstream.addr)))
+ end
return kres.DONE
end
projects / thirdparty / knot-resolver.git / commitdiff
