DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold"));
DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
- try {
- doSecPoll(true); // this must be BEFORE chroot
- }
- catch(...) {}
+ secPollParseResolveConf();
if(!::arg()["chroot"].empty()) {
triggerLoadOfLibraries();
AuthWebServer webserver;
Utility::dropUserPrivs(newuid);
+ // We need to start the Recursor Proxy before doing secpoll, see issue #2453
if(::arg().mustDo("recursor")){
DP=new DNSProxy(::arg()["recursor"]);
DP->onlyFrom(::arg()["allow-recursion"]);
DP->go();
}
+
+ try {
+ doSecPoll(true);
+ }
+ catch(...) {}
+
// NOW SAFE TO CREATE THREADS!
dl->go();
string g_security_message;
extern StatBag S;
+static vector<ComboAddress> s_servers;
-static vector<ComboAddress> parseResolveConf()
+void secPollParseResolveConf()
{
- vector<ComboAddress> ret;
ifstream ifs("/etc/resolv.conf");
if(!ifs)
- return ret;
+ return;
string line;
while(std::getline(ifs, line)) {
for(vector<string>::const_iterator iter = parts.begin()+1; iter != parts.end(); ++iter) {
try {
- ret.push_back(ComboAddress(*iter, 53));
+ s_servers.push_back(ComboAddress(*iter, 53));
}
catch(...)
{
}
}
- if(ret.empty()) {
- ret.push_back(ComboAddress("127.0.0.1", 53));
+ if(s_servers.empty()) {
+ s_servers.push_back(ComboAddress("127.0.0.1", 53));
}
-
- return ret;
}
int doResolve(const string& qname, uint16_t qtype, vector<DNSResourceRecord>& ret)
pw.getHeader()->id=dns_random(0xffff);
pw.getHeader()->rd=1;
- static vector<ComboAddress> s_servers;
- vector<ComboAddress> servers = parseResolveConf();
- if(!servers.empty())
- s_servers = servers; // in case we chrooted in the meantime
+ if (s_servers.empty()) {
+ L<<Logger::Warning<<"No recursors set, secpoll impossible."<<endl;
+ return RCode::ServFail;
+ }
- if(s_servers.empty())
- L<<Logger::Warning<<"Unable to poll PowerDNS security status, did not get any servers from resolv.conf"<<endl;
+ string msg ="Doing secpoll, using resolvers: ";
+ for (ComboAddress server : s_servers) {
+ msg += server.toString() + ", ";
+ }
+ L<<Logger::Debug<<msg.substr(0, msg.length() - 2)<<endl;
BOOST_FOREACH(ComboAddress& dest, s_servers) {
Socket sock(dest.sin4.sin_family, SOCK_DGRAM);
ret.push_back(rr);
}
}
-
+ L<<Logger::Debug<<"Secpoll got answered by "<<dest.toString()<<endl;
return mdp.d_header.rcode;
}
return RCode::ServFail;
if(::arg()["security-poll-suffix"].empty())
return;
+ if(::arg().mustDo("recursor") && first)
+ s_servers.push_back(ComboAddress(::arg()["recursor"], 53));
+
struct timeval now;
gettimeofday(&now, 0);
projects / thirdparty / pdns.git / commitdiff
