import of dnsmasq-2.34.tar.gz

CHANGELOG

@@ -1935,3 +1935,80 @@ version 2.33
 	    Add contrib/wrt/dhcp_release.c which is a small utility 
 	    which removes DHCP leases using DHCPRELEASE operation in
 	    the DHCP protocol.
+
+version 2.34
+	    Tweak network-determination code for another corner case:
+	    in this case a host forced to move between dhcp-ranges on
+	    the same physical interface. Thanks to Matthias Andree.
+	    
+	    Improve handling of high DNS loads by throttling acceptance of
+	    new queries when resources are tight. This should be a
+	    better response than the "forwarding table full..."
+	    message which was logged before.
+
+	    Fixed intermittent infinite loop when re-reading
+	    /etc/ethers after SIGHUP. Thanks to Eldon Ziegler for the
+	    bug report.
+
+	    Provide extra information to the lease-change script: when
+	    a lease loses its hostname (because a new lease comes
+	    along and claims the same new), the "old" action is called 
+	    with the current state of the lease, ie no name. The
+	    change is to provide the former name which the lease had
+	    in the environment variable DNSMASQ_OLD_HOSTNAME. This
+	    helps scripts which do stuff based on hostname, rather
+	    than IP address. Also provide vendor-class and user-class
+	    information to the lease-change script when a new lease is
+	    created in the DNSMASQ_VENDOR_CLASS and
+	    DNSMASQ_USER_CLASS<n> environment variables. Suggestion 
+            from Francois-Xavier Le Bail.
+
+	    Run the lease change script as root, even when dnsmasq is
+	    configured to change UID to an unprivileged user. Since
+	    most uses of the lease change script need root, this
+	    allows its use whilst keeping the security advantages of
+	    running the daemon without privs. The script is invoked
+	    via a small helper process which keeps root UID, and
+	    validates all data received from the main process. To get
+	    root, an attacker would have to break dnsmasq and then
+	    break the helper through the restricted comms channel 
+	    linking the two.
+	    
+	    Add contrib/port-forward/* which is a script to set up 
+	    port-forwards using the DHCP lease-change script. It's
+	    possible to add a host to a config file by name, and when
+	    that host gets a DHCP lease, the script will use iptables
+	    to set up port-forwards to configured ports at the address
+	    which the host is allocated. The script also handles
+	    setting up the port-forward iptables entries after reboot,
+	    using the persistent lease database, and removing them
+	    when a host leaves and its DHCP lease expires.
+
+	    Fix unaligned access problem which caused wrong log
+	    messages with some clients on some architectures. Thanks
+	    to Francois-Xavier Le Bail for the bugreport.
+
+	    Fixed problem with DHCPRELEASE and multi-address
+	    interfaces. Enhanced contrib/wrt/dhcp_release to cope
+	    under these circumstances too. Thanks to Eldon Ziegler for
+	    input on this.
+
+	    Updated French translation: thanks to Gildas Le Nadan.
+
+	    Upgraded the name hash function in the DNS cache. Thanks
+	    to Oleg Khovayko for good work on this.
+
+	    Added --clear-on-reload flag.  Suggestion from Johannes
+	    Stezenbach.
+
+	    Treat a nameserver address of 0.0.0.0 as "nothing". Erwin 
+            Cabrera spotted that specifying a nameserver as 0.0.0.0 
+	    breaks things badly; this is because the network stack
+	    treats is as "this host" and an endless loop ensues.
+		   
+            Added Webmin module in contrib/webmin. Thanks to Neil
+            Fisher for that.
+
+
+
+ 

bld/Makefile

@@ -3,7 +3,7 @@ PKG_CONFIG ?= pkg-config
 
 
 OBJS = cache.o rfc1035.o util.o option.o forward.o isc.o network.o \
-       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o
+       dnsmasq.o dhcp.o lease.o rfc2131.o netlink.o dbus.o bpf.o helper.o
 
 .c.o:
 	$(CC) $(CFLAGS) $(COPTS) $(I18N) `echo $(COPTS) | ../bld/pkg-wrapper $(PKG_CONFIG) --cflags dbus-1` $(RPM_OPT_FLAGS) -Wall -W -c $<

contrib/port-forward/dnsmasq-portforward

+#!/bin/bash
+# 
+# /usr/sbin/dnsmasq-portforward
+#
+# A script which gets run when the dnsmasq DHCP lease database changes.
+# It logs to $LOGFILE, if it exists, and maintains port-forwards using
+# IP-tables so that they always point to the correct host. See
+# $PORTSFILE for details on configuring this. dnsmasq must be version 2.34 
+# or later.
+#
+# To enable this script, add 
+#    dhcp-script=/usr/sbin/dnsmasq-portforward
+# to /etc/dnsmasq.conf
+#
+# To enable logging, touch $LOGFILE
+#
+
+PORTSFILE=/etc/portforward
+LOGFILE=/var/log/dhcp.log
+IPTABLES=/sbin/iptables
+
+action=${1:-0}
+hostname=${4}
+
+# log what's going on.
+if [ -f ${LOGFILE} ] ; then
+    date +"%D %T $*" >>${LOGFILE}
+fi
+
+# If a lease gets stripped of a name, we see that as an "old" action
+# with DNSMASQ_OLD_HOSTNAME set, convert it into a "del" 
+if [ ${DNSMASQ_OLD_HOSTNAME} ] && [ ${action} = old ] ; then
+    action=del
+    hostname=${DNSMASQ_OLD_HOSTNAME}
+fi
+
+# action init is not relevant, and will only be seen when leasefile-ro is set.
+if [ ${action} = init ] ; then
+    exit 0
+fi
+
+if [ ${hostname} ]; then
+    ports=$(sed -n -e "/^${hostname}\ .*/ s/^.* //p" ${PORTSFILE})
+
+    for port in $ports; do
+	verb=removed
+	protocol=tcp
+	if [ ${port:0:1} = u ] ; then
+	    protocol=udp 
+	    port=${port/u/}
+	fi
+	src=${port/:*/}
+	dst=${port/*:/}
+# delete first, to avoid multiple copies of rules.
+	${IPTABLES} -t nat -D PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+        if [ ${action} != del ] ; then
+	    ${IPTABLES} -t nat -A PREROUTING -p $protocol --destination-port $src -j DNAT --to-destination ${3}:$dst
+	    verb=added
+	fi
+	if [ -f ${LOGFILE} ] ; then
+	    echo "     DNAT $protocol $src to ${3}:$dst ${verb}." >>${LOGFILE}
+	fi
+    done
+fi
+    
+exit 0
+
+

contrib/port-forward/portforward

+# This file is read by /usr/sbin/dnsmasq-portforward and used to set up port 
+# forwarding to hostnames. If the dnsmasq-determined hostname matches the
+# first column of this file, then a DNAT port-forward will be set up 
+# to the address which has just been allocated by DHCP . The second field 
+# is port number(s). If there is only one, then the port-forward goes to 
+# the same port on the DHCP-client, if there are two seperated with a 
+# colon, then the second number is the port to which the connection 
+# is forwarded on the DHCP-client. By default, forwarding is set up 
+# for TCP, but it can done for UDP instead by prefixing the port to "u". 
+# To forward both TCP and UDP, two lines are required. 
+#
+# eg.
+# wwwserver 80
+# will set up a port forward from port 80 on this host to port 80 
+# at the address allocated to wwwserver whenever wwwserver gets a DHCP lease.
+#
+# wwwserver 8080:80
+# will set up a port forward from port 8080 on this host to port 80
+# on the DHCP-client.
+#
+# dnsserver 53
+# dnsserver u53
+# will port forward port 53 UDP and TCP from this host to port 53 on dnsserver.
+#
+# Port forwards will recreated when dnsmasq restarts after a reboot, and
+# removed when DHCP leases expire. After editing this file, restart dnsmasq 
+# to install new iptables entries in the kernel.
+

contrib/webmin/README

+
+This is the README for the DNSmasq webmin module.
+
+Problems:
+
+1) There's only basic error checking - if you enter some bad
+addresses or names, they will go straight into the config file
+although we do check for things like IP addresses being of
+the correct form (no letters, 4 groups of up to 3 digits
+separated by dots etc). One thing that ISN'T CHECKED FOR is
+that IP dotted quads are all numbers < 256. Another is that
+netmasks are logical (you could enter a netmask of 255.0.255.0 
+for example). Essentially, if it'll pass the config file
+regex scanner (and the above examples will), it won't be 
+flagged as "bad" even if it is a big no-no for dnsmasq itself. 
+
+2) Code is ugly and a kludge - I ain't a programmer! There are probably 
+a lot of things that could be done to tidy up the code - eg, 
+it probably wouldn't hurt to move some common stuff into the lib file.
+
+3) I've used the %text hash and written an english lang file, but
+I am mono-lingual so no other language support as yet.
+
+4) for reasons unknown to me, the icon does not appear properly
+on the servers page of webmin (at least it doesn't for me!)
+
+5) icons have been shamelessly stolen from the ipfilter module,
+specifically the up and down arrows.
+
+6) if you delete an item, the config file will contain
+an otherwise empty, but commented line. This means that if
+you add some new stuff, then delete it, the config file
+will have a number of lines at the end that are just comments.
+Therefore, the config file could possibly grow quite large.
+
+7) NO INCLUDE FILES!
+if you use an include file, it'll be flagged as an error. 
+OK if the include file line is commented out though.
+
+8) deprecated lines not supported (eg user and group) - they
+may produce an error! (user and group don't, but you can't change
+them)
+
+IOW, it works, it's just not very elegant and not very robust.
+
+Hope you find it useful though - I do, as I prevents me having to ever
+wade through the config file and man pages again.
+
+If you modify it, or add a language file, and you have a spare moment,
+please e-mail me - I won't be upset at all if you fix my poor coding!
+(rather the opposite - I'd be pleased someone found it usefull)
+
+Cheers,
+	Neil Fisher <neil@magnecor.com.au>

contrib/wrt/dhcp_release.c

@@ -44,6 +44,10 @@
 #include <stdlib.h>
 #include <net/if_arp.h>
 #include <sys/ioctl.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include <linux/rtnetlink.h>
+#include <errno.h>
 
 #define DHCP_CHADDR_MAX          16
 #define BOOTREQUEST              1
@@ -69,6 +73,72 @@ struct dhcp_packet {
   unsigned char options[308];
 };
 
+static struct iovec iov;
+
+static int expand_buf(struct iovec *iov, size_t size)
+{
+  void *new;
+
+  if (size <= iov->iov_len)
+    return 1;
+
+  if (!(new = malloc(size)))
+    {
+      errno = ENOMEM;
+      return 0;
+    }
+
+  if (iov->iov_base)
+    {
+      memcpy(new, iov->iov_base, iov->iov_len);
+      free(iov->iov_base);
+    }
+
+  iov->iov_base = new;
+  iov->iov_len = size;
+
+  return 1;
+}
+
+static ssize_t netlink_recv(int fd)
+{
+  struct msghdr msg;
+  ssize_t rc;
+
+  msg.msg_control = NULL;
+  msg.msg_controllen = 0;
+  msg.msg_name = NULL;
+  msg.msg_namelen = 0;
+  msg.msg_iov = &iov;
+  msg.msg_iovlen = 1;
+    
+  while (1)
+    {
+      msg.msg_flags = 0;
+      while ((rc = recvmsg(fd, &msg, MSG_PEEK)) == -1 && errno == EINTR);
+      
+      /* 2.2.x doesn't suport MSG_PEEK at all, returning EOPNOTSUPP, so we just grab a 
+         big buffer and pray in that case. */
+      if (rc == -1 && errno == EOPNOTSUPP)
+        {
+          if (!expand_buf(&iov, 2000))
+            return -1;
+          break;
+        }
+      
+      if (rc == -1 || !(msg.msg_flags & MSG_TRUNC))
+        break;
+            
+      if (!expand_buf(&iov, iov.iov_len + 100))
+        return -1;
+    }
+
+  /* finally, read it for real */
+  while ((rc = recvmsg(fd, &msg, 0)) == -1 && errno == EINTR);
+  
+  return rc;
+}
+
 static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type)
 {
   int i = 0;
@@ -103,6 +173,78 @@ static int parse_hex(char *in, unsigned char *out, int maxlen, int *mac_type)
     return i;
 }
 
+static int is_same_net(struct in_addr a, struct in_addr b, struct in_addr mask)
+{
+  return (a.s_addr & mask.s_addr) == (b.s_addr & mask.s_addr);
+}
+
+static struct in_addr find_interface(struct in_addr client, int fd, int index)
+{
+  struct sockaddr_nl addr;
+  struct nlmsghdr *h;
+  ssize_t len;
+ 
+  struct {
+    struct nlmsghdr nlh;
+    struct rtgenmsg g; 
+  } req;
+
+  addr.nl_family = AF_NETLINK;
+  addr.nl_pad = 0;
+  addr.nl_groups = 0;
+  addr.nl_pid = 0; /* address to kernel */
+
+  req.nlh.nlmsg_len = sizeof(req);
+  req.nlh.nlmsg_type = RTM_GETADDR;
+  req.nlh.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST | NLM_F_ACK; 
+  req.nlh.nlmsg_pid = 0;
+  req.nlh.nlmsg_seq = 1;
+  req.g.rtgen_family = AF_INET; 
+
+  if (sendto(fd, (void *)&req, sizeof(req), 0, 
+	     (struct sockaddr *)&addr, sizeof(addr)) == -1)
+    {
+      perror("sendto failed");
+      exit(1);
+    }
+  
+  while (1)
+    {
+      if ((len = netlink_recv(fd)) == -1)
+	{
+	  perror("netlink");
+	  exit(1);
+	}
+
+      for (h = (struct nlmsghdr *)iov.iov_base; NLMSG_OK(h, (size_t)len); h = NLMSG_NEXT(h, len))
+	if (h->nlmsg_type == NLMSG_DONE)
+	  exit(0);
+	else if (h->nlmsg_type == RTM_NEWADDR)
+          {
+            struct ifaddrmsg *ifa = NLMSG_DATA(h);  
+            struct rtattr *rta;
+            unsigned int len1 = h->nlmsg_len - NLMSG_LENGTH(sizeof(*ifa));
+            
+            if (ifa->ifa_index == index && ifa->ifa_family == AF_INET)
+              {
+                struct in_addr netmask, addr;
+                
+                netmask.s_addr = htonl(0xffffffff << (32 - ifa->ifa_prefixlen));
+                addr.s_addr = 0;
+                
+                for (rta = IFA_RTA(ifa); RTA_OK(rta, len1); rta = RTA_NEXT(rta, len1))
+		  if (rta->rta_type == IFA_LOCAL)
+		    addr = *((struct in_addr *)(rta+1));
+		
+                if (addr.s_addr && is_same_net(addr, client, netmask))
+		  return addr;
+	      }
+	  }
+    }
+ 
+  exit(0);
+}
+
 int main(int argc, char **argv)
 { 
   struct in_addr server, lease;
@@ -112,6 +254,11 @@ int main(int argc, char **argv)
   struct sockaddr_in dest;
   struct ifreq ifr;
   int fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
+  int nl = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+  struct iovec iov;
+ 
+  iov.iov_len = 200;
+  iov.iov_base = malloc(iov.iov_len);
 
   if (argc < 4 || argc > 5)
     { 
@@ -119,7 +266,7 @@ int main(int argc, char **argv)
       exit(1);
     }
 
-  if (fd == -1)
+  if (fd == -1 || nl == -1)
     {
       perror("cannot create socket");
       exit(1);
@@ -128,15 +275,15 @@ int main(int argc, char **argv)
   /* This voodoo fakes up a packet coming from the correct interface, which really matters for 
      a DHCP server */
   strcpy(ifr.ifr_name, argv[1]);
-  ifr.ifr_addr.sa_family = AF_INET;
-  if (ioctl(fd, SIOCGIFADDR, &ifr) == -1 || setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
+  if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1)
     {
       perror("cannot setup interface");
       exit(1);
     }
   
-  server = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr;
+  
   lease.s_addr = inet_addr(argv[2]);
+  server = find_interface(lease, nl, if_nametoindex(argv[1]));
   
   memset(&packet, 0, sizeof(packet));
  
@@ -174,7 +321,7 @@ int main(int argc, char **argv)
   dest.sin_addr = server;
 
   if (sendto(fd, &packet, sizeof(packet), 0, 
-	     (struct sockaddr *)&dest, sizeof(dest)) == 1)
+	     (struct sockaddr *)&dest, sizeof(dest)) == -1)
     {
       perror("sendto failed");
       exit(1);

contrib/wrt/lease_update.sh

@@ -35,9 +35,6 @@ PREFIX=dnsmasq_lease_
 
 # Primary key is address.
 
-NVRAM=/usr/sbin/nvram
-PREFIX=dnsmasq_lease_
-
 if [ ${1} = init ] ; then
      ${NVRAM} show | sed -n -e "/^${PREFIX}.*/ s/^.*=//p"
 else

dnsmasq.conf.example

@@ -11,9 +11,9 @@
 # these requests from bringing up the link uneccessarily.
 
 # Never forward plain names (without a dot or domain part)
-domain-needed
+#domain-needed
 # Never forward addresses in the non-routed address spaces.
-bogus-priv
+#bogus-priv
 
 
 # Uncomment this to filter useless windows-originated DNS requests
@@ -382,3 +382,4 @@ bogus-priv
 
 # Include a another lot of configuration options.
 #conf-file=/etc/dnsmasq.more.conf
+#conf-dir=/etc/dnsmasq.d

man/dnsmasq.8

@@ -219,6 +219,11 @@ server strictly in the order they appear in /etc/resolv.conf
 .B \-n, --no-poll
 Don't poll /etc/resolv.conf for changes.
 .TP
+.B --clear-on-reload
+Whenever /etc/resolv.conf is re-read, clear the DNS cache.
+This is useful when new nameservers may have different
+data than that held in cache.
+.TP
 .B \-D, --domain-needed
 Tells dnsmasq to never forward queries for plain names, without dots
 or domain parts, to upstream nameservers. If the name is not known
@@ -326,11 +331,11 @@ Disable negative caching. Negative caching allows dnsmasq to remember
 identical queries without forwarding them again. This flag disables
 negative caching.
 .TP
-.B \-0, --dns-forward-max
-Set the maximum number of concurrent DNS queries. Unanswered queries
-time out after 20 seconds. If you sometimes see the log message 
-"forwarding table overflow: check for server loops." then it is worth
-experimenting with this setting. The default value is 150.
+.B \-0, --dns-forward-max=<queries>
+Set the maximum number of concurrent DNS queries. The default value is
+150, which should be fine for most setups. The only known situation
+where this needs to be increased is when using web-server log file
+resolvers, which can generate large numbers of concurrent queries.
 .TP
 .B \-F, --dhcp-range=[[net:]network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
 Enable the DHCP server. Addresses will be given out from the range
@@ -363,7 +368,7 @@ addresses given via
 .B dhcp-host
 or from /etc/ethers will be served.
 .TP
-.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
+.B \-G, --dhcp-host=[[<hwaddr>]|[id:[<client_id>][*]]][,net:<netid>][,<ipaddr>][,<hostname>][,<lease_time>][,ignore]
 Specify per host parameters for the DHCP server. This allows a machine
 with a particular hardware address to be always allocated the same
 hostname, IP address and lease time. A hostname specified like this
@@ -557,16 +562,21 @@ if known. "add" means a lease has been created, "del" means it has
 been destroyed, "old" is a notification of an existing lease when
 dnsmasq starts or a change to MAC address or hostname of an existing
 lease (also, lease length or expiry and client-id, if leasefile-ro is set).
-The process is run as any unprivileged user which dnsmasq
-runs as, so it may be necessary to inhibit dropping of the root user,
-using the
-.B -u
-directive, if the script needs root privs.
+The process is run as root (assuming that dnsmasq was originally run as
+root) even if dnsmasq is configured to change UID to an unprivileged user.
 The environment is inherited from the invoker of dnsmasq, and if the
-host provided a client-id, this is stored in the variable
-DNSMASQ_CLIENT_ID. If dnsmasq was compiled with HAVE_BROKEN_RTC, then
+host provided a client-id, this is stored in the environment variable
+DNSMASQ_CLIENT_ID. If the client provides vendor-class or user-class 
+information, these are provided in DNSMASQ_VENDOR_CLASS and 
+DNSMASQ_USER_CLASS0..DNSMASQ_USER_CLASSn variables, but only for the
+"add" actions, since these data are not held in dnsmasq's lease
+database. If dnsmasq was compiled with HAVE_BROKEN_RTC, then
 the length of the lease (in seconds) is stored in
-DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in DNSMASQ_LEASE_EXPIRES.
+DNSMASQ_LEASE_LENGTH, otherwise the time of lease expiry is stored in
+DNSMASQ_LEASE_EXPIRES. If a lease used to have a hostname, which is
+removed, an "old" event is generated with the new state of the lease, 
+ie no name, and the former name is provided in the environment 
+variable DNSMASQ_OLD_HOSTNAME.
 All file decriptors are
 closed except stdin, stdout and stderr which are open to /dev/null
 (except in debug mode).

src/cache.c

@@ -20,6 +20,40 @@ static int bignames_left, log_queries, cache_size, hash_size;
 static int uid;
 static char *addrbuff;
 
+/* type->string mapping: this is also used by the name-hash function as a mixing table. */
+static const struct {
+  unsigned int type;
+  const char * const name;
+} typestr[] = {
+  { 1,   "A" },
+  { 2,   "NS" },
+  { 5,   "CNAME" },
+  { 6,   "SOA" },
+  { 10,  "NULL" },
+  { 11,  "WKS" },
+  { 12,  "PTR" },
+  { 13,  "HINFO" },	
+  { 15,  "MX" },
+  { 16,  "TXT" },
+  { 22,  "NSAP" },
+  { 23,  "NSAP_PTR" },
+  { 24,  "SIG" },
+  { 25,  "KEY" },
+  { 28,  "AAAA" },
+  { 33,  "SRV" },
+  { 36,  "KX" },
+  { 37,  "CERT" },
+  { 38,  "A6" },
+  { 39,  "DNAME" },
+  { 41,  "OPT" },
+  { 250, "TSIG" },
+  { 251, "IXFR" },
+  { 252, "AXFR" },
+  { 253, "MAILB" },
+  { 254, "MAILA" },
+  { 255, "ANY" }
+};
+
 static void cache_free(struct crec *crecp);
 static void cache_unlink(struct crec *crecp);
 static void cache_link(struct crec *crecp);
@@ -66,17 +100,19 @@ void cache_init(int size, int logq)
 
 static struct crec **hash_bucket(char *name)
 {
-  unsigned int c, val = 0;
-  
-  /* don't use tolower and friends here - they may be messed up by LOCALE */
+  unsigned int c, val = 017465; /* Barker code - minimum self-correlationin cyclic shift */
+  const unsigned char *mix_tab = (const unsigned char*)typestr; 
+
   while((c = (unsigned char) *name++))
-    if (c >= 'A' && c <= 'Z')
-      val += c + 'a' - 'A';
-    else
-      val += c;
+    {
+      /* don't use tolower and friends here - they may be messed up by LOCALE */
+      if (c >= 'A' && c <= 'Z')
+	c += 'a' - 'A';
+      val = ((val << 7) | (val >> (32 - 7))) + (mix_tab[(val + c) & 0x1F] ^ c);
+    } 
   
   /* hash_size is a power of two */
-  return hash_table + (val & (hash_size - 1));
+  return hash_table + ((val ^ (val >> 16)) & (hash_size - 1));
 }
 
 static void cache_hash(struct crec *crecp)
@@ -909,38 +945,6 @@ void log_query(unsigned short flags, char *name, struct all_addr *addr,
   else if (flags & F_QUERY)
     {
       unsigned int i;
-      static const struct {
-	unsigned int type;
-	const char * const name;
-      } typestr[] = {
-	{ 1,   "A" },
-	{ 2,   "NS" },
-	{ 5,   "CNAME" },
-	{ 6,   "SOA" },
-	{ 10,  "NULL" },
-	{ 11,  "WKS" },
-	{ 12,  "PTR" },
-	{ 13,  "HINFO" },	
-        { 15,  "MX" },
-	{ 16,  "TXT" },
-	{ 22,  "NSAP" },
-	{ 23,  "NSAP_PTR" },
-	{ 24,  "SIG" },
-	{ 25,  "KEY" },
-	{ 28,  "AAAA" },
- 	{ 33,  "SRV" },
-        { 36,  "KX" },
-        { 37,  "CERT" },
-        { 38,  "A6" },
-        { 39,  "DNAME" },
-	{ 41,  "OPT" },
-	{ 250, "TSIG" },
-	{ 251, "IXFR" },
-	{ 252, "AXFR" },
-        { 253, "MAILB" },
-	{ 254, "MAILA" },
-	{ 255, "ANY" }
-      };
       
       if (type != 0)
         {

src/network.c

@@ -403,6 +403,14 @@ void check_servers(struct daemon *daemon)
 	{
 	  port = prettyprint_addr(&new->addr, daemon->namebuff);
 
+	  /* 0.0.0.0 is nothing, the stack treats it like 127.0.0.1 */
+	  if (new->addr.sa.sa_family == AF_INET &&
+	      new->addr.in.sin_addr.s_addr == 0)
+	    {
+	      free(new);
+	      continue;
+	    }
+
 	  for (iface = daemon->interfaces; iface; iface = iface->next)
 	    if (sockaddr_isequal(&new->addr, &iface->addr))
 	      break;