From: Wouter Wijngaards Date: Tue, 19 Feb 2008 09:12:35 +0000 (+0000) Subject: donotq localhost default back on yes. X-Git-Tag: release-0.10~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0866b8e60bfbe8a7838dd0ceba63f8e8fb179d67;p=thirdparty%2Funbound.git donotq localhost default back on yes. git-svn-id: file:///svn/unbound/trunk@965 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index cf0cb9751..ea84055da 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,5 +1,7 @@ 19 February 2008: Wouter - applied patch to unbound-host man page from Jan-Piet Mens. + - fix donotquery-localhost: yes default (it erroneously was switched + to default 'no'). 18 February 2008: Wouter - patch to unbound-host from Jan-Piet Mens. diff --git a/iterator/iter_donotq.c b/iterator/iter_donotq.c index 3f53ddc25..352a674a7 100644 --- a/iterator/iter_donotq.c +++ b/iterator/iter_donotq.c @@ -115,6 +115,7 @@ donotq_str_cfg(struct iter_donotq* dq, const char* str) struct sockaddr_storage addr; int net; socklen_t addrlen; + verbose(VERB_ALGO, "donotq: %s", str); if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { log_err("cannot parse donotquery netblock: %s", str); return 0; diff --git a/testdata/iter_donotq127.rpl b/testdata/iter_donotq127.rpl new file mode 100644 index 000000000..c00cd22aa --- /dev/null +++ b/testdata/iter_donotq127.rpl @@ -0,0 +1,98 @@ +; config options +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test iterator donotquery of 127/8. +; The scenario presents an iteration chain that has 127.0.0.2 and +; 127.255.255.255 as nameserver IPs, like a spam-blocklist. +; these are 127/8 localhost and should be blocked, causing servfail. +; if not blocked, they cause a lookup, but this file does not specify +; 127.* responses, so testbound will fail the test. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +example.com. IN NS ns2.example.com. +SECTION ADDITIONAL +;ns.example.com. IN A 1.2.3.4 +ns.example.com. IN A 127.255.255.255 +ns2.example.com. IN A 127.0.0.2 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA SERVFAIL +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END diff --git a/util/config_file.c b/util/config_file.c index fad6742c6..45b546e4d 100644 --- a/util/config_file.c +++ b/util/config_file.c @@ -132,8 +132,6 @@ config_create() cfg->local_zones = NULL; cfg->local_zones_nodefault = NULL; cfg->local_data = NULL; - cfg->donotquery_localhost = 0; /* allow, so that you can ask a - forward nameserver running on localhost */ if(!(cfg->module_conf = strdup("validator iterator"))) goto error_exit; if(!(cfg->val_nsec3_key_iterations = strdup("1024 150 2048 500 4096 2500"))) goto error_exit; @@ -160,6 +158,8 @@ struct config_file* config_create_forlib() cfg->use_syslog = 0; cfg->key_cache_size = 1024*1024; cfg->key_cache_slabs = 1; + cfg->donotquery_localhost = 0; /* allow, so that you can ask a + forward nameserver running on localhost */ return cfg; }