--address=/malware.com/# returns NXDOMAIN

add a new option for blocking malware site

--address=/malware.com/# returns NXDOMAIN
add a new option for blocking malware site
39c1eb76 · Chen Wei · 303dd8b9 · 39c1eb76 · 39c1eb76 · 39c1eb76
Commit 39c1eb76 authored Mar 23, 2015 by Chen Wei
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

src/dnsmasq.h src/dnsmasq.h +1 -0

src/forward.c src/forward.c +6 -4

src/option.c src/option.c +6 -2

No files found.
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -484,6 +484,7 @@ union mysockaddr {
 #define SERV_NO_REBIND      2048  /* inhibit dns-rebind protection */
 #define SERV_FROM_FILE      4096  /* read from --servers-file */
 #define SERV_LOOP           8192  /* server causes forwarding loop */
+#define SERV_NXDOMAIN      16384  /* domain should return NXDOMAIN */

 struct serverfd {
  int fd;

--- a/src/forward.c
+++ b/src/forward.c
@@ -164,10 +164,9 @@ search_servers (time_t now, struct all_addr **addrpp,
        *norebind = 1;

      /* no server, domain is local only */
-      if (obj->domain_flags & SERV_NO_ADDR)
+      if (obj->domain_flags & SERV_NO_ADDR || obj->domain_flags & SERV_NXDOMAIN)
        {
          flags = F_NXDOMAIN;
-
        }
      else if (obj->domain_flags & SERV_LITERAL_ADDRESS)
        {
@@ -210,7 +209,9 @@ search_servers (time_t now, struct all_addr **addrpp,
    /* don't forward A or AAAA queries for simple names, except the empty name */
    flags = F_NOERR;

-  if (flags == F_NXDOMAIN && check_for_local_domain (qdomain, now))
+  if (flags == F_NXDOMAIN
+      && !(obj->domain_flags & SERV_NXDOMAIN)
+      && check_for_local_domain (qdomain, now))
    flags = F_NOERR;

  if (flags)
@@ -1827,7 +1828,8 @@ unsigned char *tcp_request(int confd, time_t now,
  /* largest field in header is 16-bits, so this is still sufficiently aligned */
  struct dns_header *header = (struct dns_header *)payload;
  u16 *length = (u16 *)packet;
-  struct server *last_server, *fwdserv, *serv;
+  struct server *last_server, *serv;
+  struct server *fwdserv = NULL;
  struct in_addr dst_addr_4;
  union mysockaddr peer_addr;
  socklen_t peer_len = sizeof(union mysockaddr);

--- a/src/option.c
+++ b/src/option.c
@@ -2264,12 +2264,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
            start_addr++;
          }

-        /* --xxxx=/example.org/# , here "#" means use standard server */
        if (start_addr != NULL)
          {
            if (*start_addr == '#')
              {
-                newserv.flags |= SERV_USE_RESOLV;
+                /* --server=/example.org/# , "#" means use standard server */
+                if (option == 'S')
+                  newserv.flags |= SERV_USE_RESOLV;
+                /* --address=/malware.com/# , "#" means return NXDOMAIN */
+                else if (option == 'A')
+                  newserv.flags |= SERV_NXDOMAIN;
              }

            /* --xxxx=/example.org/here-is-empty */