Skip to content

D
Dnsmasq
Commit 39c1eb76 authored by Chen Wei's avatar Chen Wei
Browse files
Options

--address=/malware.com/# returns NXDOMAIN 

add a new option for blocking malware site
parent 303dd8b9
Hide whitespace changes
Inline Side-by-side
Showing with 13 additions and 6 deletions
src/dnsmasq.h
View file @ 39c1eb76
...@@ -484,6 +484,7 @@ union mysockaddr { ...@@ -484,6 +484,7 @@ union mysockaddr {
#define SERV_NO_REBIND 2048 /* inhibit dns-rebind protection */ #define SERV_NO_REBIND 2048 /* inhibit dns-rebind protection */
#define SERV_FROM_FILE 4096 /* read from --servers-file */ #define SERV_FROM_FILE 4096 /* read from --servers-file */
#define SERV_LOOP 8192 /* server causes forwarding loop */ #define SERV_LOOP 8192 /* server causes forwarding loop */
#define SERV_NXDOMAIN 16384 /* domain should return NXDOMAIN */
struct serverfd { struct serverfd {
int fd; int fd;
......
src/forward.c
View file @ 39c1eb76
...@@ -164,10 +164,9 @@ search_servers (time_t now, struct all_addr **addrpp, ...@@ -164,10 +164,9 @@ search_servers (time_t now, struct all_addr **addrpp,
*norebind = 1; *norebind = 1;
/* no server, domain is local only */ /* no server, domain is local only */
if (obj->domain_flags & SERV_NO_ADDR) if (obj->domain_flags & SERV_NO_ADDR || obj->domain_flags & SERV_NXDOMAIN)
{ {
flags = F_NXDOMAIN; flags = F_NXDOMAIN;
} }
else if (obj->domain_flags & SERV_LITERAL_ADDRESS) else if (obj->domain_flags & SERV_LITERAL_ADDRESS)
{ {
...@@ -210,7 +209,9 @@ search_servers (time_t now, struct all_addr **addrpp, ...@@ -210,7 +209,9 @@ search_servers (time_t now, struct all_addr **addrpp,
/* don't forward A or AAAA queries for simple names, except the empty name */ /* don't forward A or AAAA queries for simple names, except the empty name */
flags = F_NOERR; flags = F_NOERR;
if (flags == F_NXDOMAIN && check_for_local_domain (qdomain, now)) if (flags == F_NXDOMAIN
&& !(obj->domain_flags & SERV_NXDOMAIN)
&& check_for_local_domain (qdomain, now))
flags = F_NOERR; flags = F_NOERR;
if (flags) if (flags)
...@@ -1827,7 +1828,8 @@ unsigned char *tcp_request(int confd, time_t now, ...@@ -1827,7 +1828,8 @@ unsigned char *tcp_request(int confd, time_t now,
/* largest field in header is 16-bits, so this is still sufficiently aligned */ /* largest field in header is 16-bits, so this is still sufficiently aligned */
struct dns_header *header = (struct dns_header *)payload; struct dns_header *header = (struct dns_header *)payload;
u16 *length = (u16 *)packet; u16 *length = (u16 *)packet;
struct server *last_server, *fwdserv, *serv; struct server *last_server, *serv;
struct server *fwdserv = NULL;
struct in_addr dst_addr_4; struct in_addr dst_addr_4;
union mysockaddr peer_addr; union mysockaddr peer_addr;
socklen_t peer_len = sizeof(union mysockaddr); socklen_t peer_len = sizeof(union mysockaddr);
......
src/option.c
View file @ 39c1eb76
...@@ -2264,12 +2264,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma ...@@ -2264,12 +2264,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
start_addr++; start_addr++;
} }
/* --xxxx=/example.org/# , here "#" means use standard server */
if (start_addr != NULL) if (start_addr != NULL)
{ {
if (*start_addr == '#') if (*start_addr == '#')
{ {
newserv.flags |= SERV_USE_RESOLV; /* --server=/example.org/# , "#" means use standard server */
if (option == 'S')
newserv.flags |= SERV_USE_RESOLV;
/* --address=/malware.com/# , "#" means return NXDOMAIN */
else if (option == 'A')
newserv.flags |= SERV_NXDOMAIN;
} }
/* --xxxx=/example.org/here-is-empty */ /* --xxxx=/example.org/here-is-empty */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment