auth: Apply `non-local-bind` to `query-local-address{,6}` when possible

This allows using a non-local address for `query-local-address`
or `query-local-address6`. This only makes sense if no outgoing query
is going to be sent before the address comes up, otherwise it will
fail.

diff --git a/pdns/mastercommunicator.cc b/pdns/mastercommunicator.cc
index 66403dc931b1277d1242fea9732d761d01dc87d8..711d621487ed96e42800688718804cc39a7af2b0 100644 (file)
--- a/pdns/mastercommunicator.cc
+++ b/pdns/mastercommunicator.cc
@@ -276,9 +276,9 @@ bool CommunicatorClass::justNotified(const DNSName &domain, const string &ip)
 
 void CommunicatorClass::makeNotifySockets()
 {
-  d_nsock4 = makeQuerySocket(ComboAddress(::arg()["query-local-address"]), true);
+  d_nsock4 = makeQuerySocket(ComboAddress(::arg()["query-local-address"]), true, ::arg().mustDo("non-local-bind"));
   if(!::arg()["query-local-address6"].empty())
-    d_nsock6 = makeQuerySocket(ComboAddress(::arg()["query-local-address6"]), true);
+    d_nsock6 = makeQuerySocket(ComboAddress(::arg()["query-local-address6"]), true, ::arg().mustDo("non-local-bind"));
   else
     d_nsock6 = -1;
 }

diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index b9a62f6d65be133333090a5a1309f8b98f6eea6e..f37f2eaecae284729d01cb7759046f5af0c127a7 100644 (file)
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -51,7 +51,7 @@
 #include "gss_context.hh"
 #include "namespaces.hh"
 
-int makeQuerySocket(const ComboAddress& local, bool udpOrTCP)
+int makeQuerySocket(const ComboAddress& local, bool udpOrTCP, bool nonLocalBind)
 {
   ComboAddress ourLocal(local);
   
@@ -64,6 +64,10 @@ int makeQuerySocket(const ComboAddress& local, bool udpOrTCP)
   }
 
   setCloseOnExec(sock);
+
+  if(nonLocalBind)
+    Utility::setBindAny(local.sin4.sin_family, sock);
+
   if(udpOrTCP) {
     // udp, try hard to bind an unpredictable port
     int tries=10;
@@ -95,9 +99,9 @@ Resolver::Resolver()
   locals["default4"] = -1;
   locals["default6"] = -1;
   try {
-    locals["default4"] = makeQuerySocket(ComboAddress(::arg()["query-local-address"]), true);
+    locals["default4"] = makeQuerySocket(ComboAddress(::arg()["query-local-address"]), true, ::arg().mustDo("non-local-bind"));
     if(!::arg()["query-local-address6"].empty())
-      locals["default6"] = makeQuerySocket(ComboAddress(::arg()["query-local-address6"]), true);
+      locals["default6"] = makeQuerySocket(ComboAddress(::arg()["query-local-address6"]), true, ::arg().mustDo("non-local-bind"));
   }
   catch(...) {
     if(locals["default4"]>=0)

diff --git a/pdns/resolver.hh b/pdns/resolver.hh
index 03fb4fdcb8a41ffbbc2523a004a7ba7c5520437a..2b336009b0ab28fcf9abfb89a78e7134de237872 100644 (file)
--- a/pdns/resolver.hh
+++ b/pdns/resolver.hh
@@ -49,7 +49,7 @@ public:
 };
 
 // make an IPv4 or IPv6 query socket 
-int makeQuerySocket(const ComboAddress& local, bool udpOrTCP);
+int makeQuerySocket(const ComboAddress& local, bool udpOrTCP, bool nonLocalBind=false);
 //! Resolver class. Can be used synchronously and asynchronously, over IPv4 and over IPv6 (simultaneously)
 class Resolver  : public boost::noncopyable
 {