Allow empty subnet list in --auth-zone

c50f25a3 · Simon Kelley · f25e6c6d · c50f25a3 · c50f25a3
Commit c50f25a3 authored Nov 21, 2013 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 5 deletions

man/dnsmasq.8 man/dnsmasq.8 +6 -3

src/auth.c src/auth.c +11 -2

No files found.
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -593,8 +593,10 @@ needed for a client to do validation itself.
 .TP
 .B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
 Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
-will be served. A and AAAA records must be in one of the
+will be served. If subnet(s) are given, A and AAAA records must be in one of the
-specified subnets. As alternative to directly specifying the subnets, it's possible to
+specified subnets.
+As alternative to directly specifying the subnets, it's possible to
 give the name of an interface, in which case the subnets implied by
 that interface's configured addresses and netmask/prefix-length are
 used; this is useful when using constructed DHCP ranges as the actual
@@ -611,7 +613,8 @@ ipv6.arpa domains which are served for reverse-DNS queries. If not
 specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
 For IPv4 subnets, the prefix length should be have the value 8, 16 or 24
 unless you are familiar with RFC 2317 and have arranged the
-in-addr.arpa delegation accordingly. 
+in-addr.arpa delegation accordingly. Note that if no subnets are
+specified, then no reverse queries are answered.
 .TP
 .B --auth-soa=<serial>[,<hostmaster>[,<refresh>[,<retry>[,<expiry>]]]]
 Specify fields in the SOA record associated with authoritative

--- a/src/auth.c
+++ b/src/auth.c
@@ -18,7 +18,7 @@
 #ifdef HAVE_AUTH
-static struct addrlist *filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
+static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
 {
  struct addrlist *subnet;
@@ -45,6 +45,15 @@ static struct addrlist *filter_zone(struct auth_zone *zone, int flag, struct all
  return NULL;
 }
+static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
+{
+  /* No zones specified, no filter */
+  if (!zone->subnet)
+    return 1;
+  return find_subnet(zone, flag, addr_u) != NULL;
+}
 int in_zone(struct auth_zone *zone, char *name, char **cut)
 {
  size_t namelen = strlen(name);
@@ -130,7 +139,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
 	  if (!local_query)
 	    {
 	      for (zone = daemon->auth_zones; zone; zone = zone->next)
-		if ((subnet = filter_zone(zone, flag, &addr)))
+		if ((subnet = find_subnet(zone, flag, &addr)))
 		  break;
 	      if (!zone)