Commit d42d4706 authored by Simon Kelley's avatar Simon Kelley

Make --localise-queries apply to names from --interface-name.

parent 0740e43e
...@@ -58,6 +58,13 @@ version 2.77 ...@@ -58,6 +58,13 @@ version 2.77
this is Nominum's. Thanks to Dave Täht for spotting the this is Nominum's. Thanks to Dave Täht for spotting the
bug and assisting in the fix. bug and assisting in the fix.
Fix the manpage which lied that only the primary address
of an interface is used by --interface-name.
Make --localise-queries apply to names from --interface-name.
Thanks to Kevin Darbyshire-Bryant and Eric Luehrsen
for pushing this.
version 2.76 version 2.76
Include 0.0.0.0/8 in DNS rebind checks. This range Include 0.0.0.0/8 in DNS rebind checks. This range
......
...@@ -289,8 +289,8 @@ option requires non-standard networking APIs and it is only available ...@@ -289,8 +289,8 @@ option requires non-standard networking APIs and it is only available
under Linux. On other platforms it falls-back to --bind-interfaces mode. under Linux. On other platforms it falls-back to --bind-interfaces mode.
.TP .TP
.B \-y, --localise-queries .B \-y, --localise-queries
Return answers to DNS queries from /etc/hosts which depend on the interface over which the query was Return answers to DNS queries from /etc/hosts and --interface-name which depend on the interface over which the query was
received. If a name in /etc/hosts has more than one address associated with received. If a name has more than one address associated with
it, and at least one of those addresses is on the same subnet as the it, and at least one of those addresses is on the same subnet as the
interface to which the query was sent, then return only the interface to which the query was sent, then return only the
address(es) on that subnet. This allows for a server to have multiple address(es) on that subnet. This allows for a server to have multiple
...@@ -604,7 +604,7 @@ given by the hex data, which may be of the form 01:23:45 or 01 23 45 or ...@@ -604,7 +604,7 @@ given by the hex data, which may be of the form 01:23:45 or 01 23 45 or
012345 or any mixture of these. 012345 or any mixture of these.
.TP .TP
.B --interface-name=<name>,<interface>[/4|/6] .B --interface-name=<name>,<interface>[/4|/6]
Return a DNS record associating the name with the primary address on Return DNS records associating the name with the address(es) of
the given interface. This flag specifies an A or AAAA record for the given the given interface. This flag specifies an A or AAAA record for the given
name in the same way as an /etc/hosts line, except that the address is name in the same way as an /etc/hosts line, except that the address is
not constant, but taken from the given interface. The interface may be not constant, but taken from the given interface. The interface may be
...@@ -614,7 +614,8 @@ down, not configured or non-existent, an empty record is returned. The ...@@ -614,7 +614,8 @@ down, not configured or non-existent, an empty record is returned. The
matching PTR record is also created, mapping the interface address to matching PTR record is also created, mapping the interface address to
the name. More than one name may be associated with an interface the name. More than one name may be associated with an interface
address by repeating the flag; in that case the first instance is used address by repeating the flag; in that case the first instance is used
for the reverse address-to-name mapping. for the reverse address-to-name mapping. Note that a name used in
--interface-name may not appear in /etc/hosts.
.TP .TP
.B --synth-domain=<domain>,<address range>[,<prefix>] .B --synth-domain=<domain>,<address range>[,<prefix>]
Create artificial A/AAAA and PTR records for an address range. The Create artificial A/AAAA and PTR records for an address range. The
......
...@@ -1516,10 +1516,25 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ...@@ -1516,10 +1516,25 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (intr) if (intr)
{ {
struct addrlist *addrlist; struct addrlist *addrlist;
int gotit = 0; int gotit = 0, localise = 0;
enumerate_interfaces(0); enumerate_interfaces(0);
/* See if a putative address is on the network from which we recieved
the query, is so we'll filter other answers. */
if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && type == T_A)
for (intr = daemon->int_names; intr; intr = intr->next)
if (hostname_isequal(name, intr->name))
for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
#ifdef HAVE_IPV6
if (!(addrlist->flags & ADDRLIST_IPV6))
#endif
if (is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask))
{
localise = 1;
break;
}
for (intr = daemon->int_names; intr; intr = intr->next) for (intr = daemon->int_names; intr; intr = intr->next)
if (hostname_isequal(name, intr->name)) if (hostname_isequal(name, intr->name))
{ {
...@@ -1528,6 +1543,10 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, ...@@ -1528,6 +1543,10 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type) if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == type)
#endif #endif
{ {
if (localise &&
!is_same_net(*((struct in_addr *)&addrlist->addr), local_addr, local_netmask))
continue;
#ifdef HAVE_IPV6 #ifdef HAVE_IPV6
if (addrlist->flags & ADDRLIST_REVONLY) if (addrlist->flags & ADDRLIST_REVONLY)
continue; continue;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment