Pull request: 4120 service domain validation
Merge in DNS/adguard-home from 4120-fix-services to master Closes #4120. Squashed commit of the following: commit ca2e5faf64f567cc6647a300181712236158e69d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 18 14:14:54 2022 +0300 dnsforward: imp docs commit 9ed5f536e691dcdee5b7c94e161c738d31ff8588 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Tue Jan 18 13:50:33 2022 +0300 dnsforward: fix reverse domain validation
This commit is contained in:
parent
008f58c863
commit
061136508e
|
@ -29,6 +29,7 @@ TODO(a.garipov): Remove this deprecation, if v0.108.0 is released before the Go
|
|||
|
||||
### Fixed
|
||||
|
||||
- Incorrectly invalidated service domains ([#4120]).
|
||||
- Poor testing of domain-specific upstream servers ([#4074]).
|
||||
- Omitted aliases of hosts specified by another line within the OS's hosts file
|
||||
([#4079]).
|
||||
|
@ -40,6 +41,7 @@ TODO(a.garipov): Remove this deprecation, if v0.108.0 is released before the Go
|
|||
[#3057]: https://github.com/AdguardTeam/AdGuardHome/issues/3057
|
||||
[#4074]: https://github.com/AdguardTeam/AdGuardHome/issues/4074
|
||||
[#4079]: https://github.com/AdguardTeam/AdGuardHome/issues/4079
|
||||
[#4120]: https://github.com/AdguardTeam/AdGuardHome/issues/4120
|
||||
|
||||
|
||||
|
||||
|
|
2
go.mod
2
go.mod
|
@ -4,7 +4,7 @@ go 1.17
|
|||
|
||||
require (
|
||||
github.com/AdguardTeam/dnsproxy v0.40.4
|
||||
github.com/AdguardTeam/golibs v0.10.3
|
||||
github.com/AdguardTeam/golibs v0.10.4
|
||||
github.com/AdguardTeam/urlfilter v0.15.1
|
||||
github.com/NYTimes/gziphandler v1.1.1
|
||||
github.com/ameshkov/dnscrypt/v2 v2.2.3
|
||||
|
|
3
go.sum
3
go.sum
|
@ -12,8 +12,9 @@ github.com/AdguardTeam/dnsproxy v0.40.4/go.mod h1:PZ9l22h3Er+5mxFQB7oHZMTvx+aa9R
|
|||
github.com/AdguardTeam/golibs v0.4.0/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
||||
github.com/AdguardTeam/golibs v0.4.2/go.mod h1:skKsDKIBB7kkFflLJBpfGX+G8QFTx0WKUzB6TIgtUj4=
|
||||
github.com/AdguardTeam/golibs v0.9.2/go.mod h1:fCAMwPBJ8S7YMYbTWvYS+eeTLblP5E04IDtNAo7y7IY=
|
||||
github.com/AdguardTeam/golibs v0.10.3 h1:FBgk17zf35ESVWQKIqEUiqqB2bDaCBC8X5vMU760yB4=
|
||||
github.com/AdguardTeam/golibs v0.10.3/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
|
||||
github.com/AdguardTeam/golibs v0.10.4 h1:TMBkablZC0IZOpRgg9fzAKlxxNhSN2YJq7qbgtuZ7PQ=
|
||||
github.com/AdguardTeam/golibs v0.10.4/go.mod h1:rSfQRGHIdgfxriDDNgNJ7HmE5zRoURq8R+VdR81Zuzw=
|
||||
github.com/AdguardTeam/gomitmproxy v0.2.0/go.mod h1:Qdv0Mktnzer5zpdpi5rAwixNJzW2FN91LjKJCkVbYGU=
|
||||
github.com/AdguardTeam/urlfilter v0.15.1 h1:dP6S7J6eFAk8MN4IDpUq2fZoBo8K8fmc6pXpxNIv84M=
|
||||
github.com/AdguardTeam/urlfilter v0.15.1/go.mod h1:EwXwrYhowP7bedqmOrmKKmQtpBYFyDNEBFQ+lxdUgQU=
|
||||
|
|
|
@ -352,9 +352,22 @@ func (s *Server) processRestrictLocal(ctx *dnsContext) (rc resultCode) {
|
|||
|
||||
ip, err := netutil.IPFromReversedAddr(q.Name)
|
||||
if err != nil {
|
||||
log.Debug("dns: reversed addr: %s", err)
|
||||
log.Debug("dns: parsing reversed addr: %s", err)
|
||||
|
||||
return resultCodeError
|
||||
// DNS-Based Service Discovery uses PTR records having not an ARPA
|
||||
// format of the domain name in question. Those shouldn't be
|
||||
// invalidated. See http://www.dns-sd.org/ServerStaticSetup.html and
|
||||
// RFC 2782.
|
||||
name := strings.TrimSuffix(q.Name, ".")
|
||||
if err = netutil.ValidateSRVDomainName(name); err != nil {
|
||||
log.Debug("dns: validating service domain: %s", err)
|
||||
|
||||
return resultCodeError
|
||||
}
|
||||
|
||||
log.Debug("dns: request is for a service domain")
|
||||
|
||||
return resultCodeSuccess
|
||||
}
|
||||
|
||||
// Restrict an access to local addresses for external clients. We also
|
||||
|
|
Loading…
Reference in New Issue