From: Pieter Lexis Date: Sun, 10 May 2015 08:32:21 +0000 (+0200) Subject: Auth: use recursor option for secpoll if provided X-Git-Tag: dnsdist-1.0.0-alpha1~248^2~28^2~38^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6402e23c9260bffd8a7d9ac1ac6a8bc1db5d898;p=thirdparty%2Fpdns.git Auth: use recursor option for secpoll if provided Fixes #2453 --- diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc index 433c5cc0a2..16ccc7f50e 100644 --- a/pdns/common_startup.cc +++ b/pdns/common_startup.cc @@ -464,10 +464,7 @@ void mainthread() DNSPacket::s_udpTruncationThreshold = std::max(512, ::arg().asNum("udp-truncation-threshold")); DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing"); - try { - doSecPoll(true); // this must be BEFORE chroot - } - catch(...) {} + secPollParseResolveConf(); if(!::arg()["chroot"].empty()) { triggerLoadOfLibraries(); @@ -487,11 +484,18 @@ void mainthread() AuthWebServer webserver; Utility::dropUserPrivs(newuid); + // We need to start the Recursor Proxy before doing secpoll, see issue #2453 if(::arg().mustDo("recursor")){ DP=new DNSProxy(::arg()["recursor"]); DP->onlyFrom(::arg()["allow-recursion"]); DP->go(); } + + try { + doSecPoll(true); + } + catch(...) {} + // NOW SAFE TO CREATE THREADS! dl->go(); diff --git a/pdns/secpoll-auth.cc b/pdns/secpoll-auth.cc index 06a6453965..74e3cc6256 100644 --- a/pdns/secpoll-auth.cc +++ b/pdns/secpoll-auth.cc @@ -22,13 +22,13 @@ string g_security_message; extern StatBag S; +static vector s_servers; -static vector parseResolveConf() +void secPollParseResolveConf() { - vector ret; ifstream ifs("/etc/resolv.conf"); if(!ifs) - return ret; + return; string line; while(std::getline(ifs, line)) { @@ -45,7 +45,7 @@ static vector parseResolveConf() for(vector::const_iterator iter = parts.begin()+1; iter != parts.end(); ++iter) { try { - ret.push_back(ComboAddress(*iter, 53)); + s_servers.push_back(ComboAddress(*iter, 53)); } catch(...) { @@ -54,11 +54,9 @@ static vector parseResolveConf() } } - if(ret.empty()) { - ret.push_back(ComboAddress("127.0.0.1", 53)); + if(s_servers.empty()) { + s_servers.push_back(ComboAddress("127.0.0.1", 53)); } - - return ret; } int doResolve(const string& qname, uint16_t qtype, vector& ret) @@ -69,13 +67,16 @@ int doResolve(const string& qname, uint16_t qtype, vector& re pw.getHeader()->id=dns_random(0xffff); pw.getHeader()->rd=1; - static vector s_servers; - vector servers = parseResolveConf(); - if(!servers.empty()) - s_servers = servers; // in case we chrooted in the meantime + if (s_servers.empty()) { + L<& re ret.push_back(rr); } } - + L<