initial commit of file from CVS for djbdns on Fri 14 Jul 13:46:46 BST 2023

This commit is contained in:
Brian Read 2023-07-14 13:46:46 +01:00
parent 2c2c4a9381
commit 49e72ff364
28 changed files with 1922 additions and 1 deletions

1
.gitattributes vendored Normal file
View File

@ -0,0 +1 @@
*.tar.gz filter=lfs diff=lfs merge=lfs -text

3
.gitignore vendored Normal file
View File

@ -0,0 +1,3 @@
*.rpm
*.log
*spec-20*

19
020-dnsroots-update.patch Normal file
View File

@ -0,0 +1,19 @@
--- a/dnsroots.global
+++ b/dnsroots.global
@@ -1,5 +1,5 @@
198.41.0.4
-128.9.0.107
+192.228.79.201
192.33.4.12
128.8.10.90
192.203.230.10
@@ -7,7 +7,7 @@
192.112.36.4
128.63.2.53
192.36.148.17
-198.41.0.10
+192.58.128.30
193.0.14.129
-198.32.64.12
+199.7.83.42
202.12.27.33

View File

@ -0,0 +1,135 @@
From: Michael Handler <handler@sub-rosa.com>
To: dns@list.cr.yp.to
Subject: tinydns-data SRV & axfr-get SRV/PTR patches
Date: Thu, 14 Sep 2000 20:37:50 -0400
Here's a combined patch that:
a) adds a native SRV type to tinydns-data
Sfqdn:ip:x:port:weight:priority:ttl:timestamp
Standard rules for ip, x, ttl, and timestamp apply. Port, weight, and
priority all range from 0-65535. Weight and priority are optional; they
default to zero if not provided.
Sconsole.zoinks.example.com:1.2.3.4:rack102-con1:2001:69:7:300:
b) makes axfr-get decompose SRV and PTR records and write them out in
native format, rather than opaque. Again, this is necessary because if the
DNAME fields in the records reference the same zone as fqdn, they can have
compression pointers that are bogus outside the context of that specific
packet, and which can't be correctly loaded into data.cdb by tinydns-data.
--michael
Laurent G. Bercot <ska-djbdns@skarnet.org> updated it for djbdns-1.05:
--- a/axfr-get.c
+++ b/axfr-get.c
@@ -209,6 +209,26 @@ unsigned int doit(char *buf,unsigned int
if (!stralloc_cats(&line,".:")) return 0;
if (!stralloc_catulong0(&line,dist,0)) return 0;
}
+ else if (byte_equal(data,2,DNS_T_SRV)) {
+ uint16 dist, weight, port;
+ if (!stralloc_copys(&line,"S")) return 0;
+ if (!dns_domain_todot_cat(&line,d1)) return 0;
+ if (!stralloc_cats(&line,"::")) return 0;
+ pos = x_copy(buf,len,pos,data,2);
+ uint16_unpack_big(data,&dist);
+ pos = x_copy(buf,len,pos,data,2);
+ uint16_unpack_big(data,&weight);
+ pos = x_copy(buf,len,pos,data,2);
+ uint16_unpack_big(data,&port);
+ x_getname(buf,len,pos,&d1);
+ if (!dns_domain_todot_cat(&line,d1)) return 0;
+ if (!stralloc_cats(&line,".:")) return 0;
+ if (!stralloc_catulong0(&line,dist,0)) return 0;
+ if (!stralloc_cats(&line,":")) return 0;
+ if (!stralloc_catulong0(&line,weight,0)) return 0;
+ if (!stralloc_cats(&line,":")) return 0;
+ if (!stralloc_catulong0(&line,port,0)) return 0;
+ }
else if (byte_equal(data,2,DNS_T_A) && (dlen == 4)) {
char ipstr[IP4_FMT];
if (!stralloc_copys(&line,"+")) return 0;
@@ -217,6 +237,14 @@ unsigned int doit(char *buf,unsigned int
x_copy(buf,len,pos,data,4);
if (!stralloc_catb(&line,ipstr,ip4_fmt(ipstr,data))) return 0;
}
+ else if (byte_equal(data,2,DNS_T_PTR)) {
+ if (!stralloc_copys(&line,"^")) return 0;
+ if (!dns_domain_todot_cat(&line,d1)) return 0;
+ if (!stralloc_cats(&line,":")) return 0;
+ x_getname(buf,len,pos,&d1);
+ if (!dns_domain_todot_cat(&line,d1)) return 0;
+ if (!stralloc_cats(&line,".")) return 0;
+ }
else {
unsigned char ch;
unsigned char ch2;
--- a/dns.h
+++ b/dns.h
@@ -20,6 +20,7 @@
#define DNS_T_SIG "\0\30"
#define DNS_T_KEY "\0\31"
#define DNS_T_AAAA "\0\34"
+#define DNS_T_SRV "\0\41"
#define DNS_T_AXFR "\0\374"
#define DNS_T_ANY "\0\377"
--- a/tinydns-data.c
+++ b/tinydns-data.c
@@ -196,6 +196,7 @@ int main()
char type[2];
char soa[20];
char buf[4];
+ char srv[6];
umask(022);
@@ -369,6 +370,43 @@ int main()
rr_finish(d2);
}
break;
+
+ case 'S':
+ if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
+ if (!stralloc_0(&f[6])) nomem();
+ if (!scan_ulong(f[6].s,&ttl)) ttl = TTL_POSITIVE;
+ ttdparse(&f[7],ttd);
+ locparse(&f[8],loc);
+
+ if (!stralloc_0(&f[1])) nomem();
+
+ if (byte_chr(f[2].s,f[2].len,'.') >= f[2].len) {
+ if (!stralloc_cats(&f[2],".srv.")) nomem();
+ if (!stralloc_catb(&f[2],f[0].s,f[0].len)) nomem();
+ }
+ if (!dns_domain_fromdot(&d2,f[2].s,f[2].len)) nomem();
+
+ if (!stralloc_0(&f[4])) nomem();
+ if (!scan_ulong(f[4].s,&u)) u = 0;
+ uint16_pack_big(srv,u);
+ if (!stralloc_0(&f[5])) nomem();
+ if (!scan_ulong(f[5].s,&u)) u = 0;
+ uint16_pack_big(srv + 2,u);
+ if (!stralloc_0(&f[3])) nomem();
+ if (!scan_ulong(f[3].s,&u)) nomem();
+ uint16_pack_big(srv + 4,u);
+
+ rr_start(DNS_T_SRV,ttl,ttd,loc);
+ rr_add(srv,6);
+ rr_addname(d2);
+ rr_finish(d1);
+
+ if (ip4_scan(f[1].s,ip)) {
+ rr_start(DNS_T_A,ttl,ttd,loc);
+ rr_add(ip,4);
+ rr_finish(d2);
+ }
+ break;
case '^': case 'C':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();

View File

@ -0,0 +1,22 @@
--- a/tdlookup.c
+++ b/tdlookup.c
@@ -298,9 +298,17 @@ int respond(char *q,char qtype[2],char i
if (!r) r = cdb_find(&c,key,4);
if (!r) r = cdb_find(&c,key,3);
if (!r) r = cdb_find(&c,key,2);
- if (r == -1) return 0;
+ if (r == -1) {
+ cdb_free(&c);
+ close(fd);
+ return 0;
+ }
if (r && (cdb_datalen(&c) == 2))
- if (cdb_read(&c,clientloc,2,cdb_datapos(&c)) == -1) return 0;
+ if (cdb_read(&c,clientloc,2,cdb_datapos(&c)) == -1) {
+ cdb_free(&c);
+ close(fd);
+ return 0;
+ }
r = doit(q,qtype);

View File

@ -0,0 +1,11 @@
--- a/dns_transmit.c
+++ b/dns_transmit.c
@@ -240,7 +240,7 @@ void dns_transmit_io(struct dns_transmit
int dns_transmit_get(struct dns_transmit *d,const iopause_fd *x,const struct taia *when)
{
- char udpbuf[513];
+ char udpbuf[4097];
unsigned char ch;
int r;
int fd;

View File

@ -0,0 +1,10 @@
--- a/dns_transmit.c
+++ b/dns_transmit.c
@@ -166,6 +166,7 @@ static int thistcp(struct dns_transmit *
taia_uint(&d->deadline,10);
taia_add(&d->deadline,&d->deadline,&now);
if (socket_connect4(d->s1 - 1,ip,53) == 0) {
+ d->pos = 0;
d->tcpstate = 2;
return 0;
}

View File

@ -0,0 +1,41 @@
--- a/query.c
+++ b/query.c
@@ -193,6 +193,7 @@ static int doit(struct query *z,int stat
int k;
int p;
int q;
+ uint32 cachettl;
errno = error_io;
if (state == 1) goto HAVEPACKET;
@@ -470,6 +471,7 @@ static int doit(struct query *z,int stat
rcode = header[3] & 15;
if (rcode && (rcode != 3)) goto DIE; /* impossible; see irrelevant() */
+ cachettl = 0;
flagout = 0;
flagcname = 0;
flagreferral = 0;
@@ -512,6 +514,11 @@ static int doit(struct query *z,int stat
uint16_unpack_big(header + 8,&datalen);
pos += datalen;
+
+ if (flagsoa && (pos <= len)) {
+ cachettl = ttlget(buf + pos - 4);
+ if (soattl < cachettl) cachettl = soattl;
+ }
}
posglue = pos;
@@ -689,8 +696,8 @@ static int doit(struct query *z,int stat
}
if (rcode == 3) {
- log_nxdomain(whichserver,d,soattl);
- cachegeneric(DNS_T_ANY,d,"",0,soattl);
+ log_nxdomain(whichserver,d,cachettl);
+ cachegeneric(DNS_T_ANY,d,"",0,cachettl);
NXDOMAIN:
if (z->level) goto LOWERLEVEL;

View File

@ -0,0 +1,40 @@
--- a/tdlookup.c
+++ b/tdlookup.c
@@ -280,15 +280,24 @@ static int doit(char *q,char qtype[2])
int respond(char *q,char qtype[2],char ip[4])
{
- int fd;
+ static struct tai cdb_valid = { 0 };
+ static int fd = -1;
+ struct tai one_second;
int r;
char key[6];
tai_now(&now);
- fd = open_read("data.cdb");
- if (fd == -1) return 0;
- cdb_init(&c,fd);
-
+ if (tai_less(&cdb_valid, &now)) {
+ if (fd != -1) {
+ cdb_free(&c);
+ close(fd);
+ }
+ fd = open_read("data.cdb");
+ if (fd == -1) return 0;
+ cdb_init(&c,fd);
+ tai_uint(&one_second, 1);
+ tai_add(&cdb_valid, &now, &one_second);
+ }
byte_zero(clientloc,2);
key[0] = 0;
key[1] = '%';
@@ -312,7 +321,5 @@ int respond(char *q,char qtype[2],char i
r = doit(q,qtype);
- cdb_free(&c);
- close(fd);
return r;
}

View File

@ -0,0 +1,93 @@
--- a/pickdns-data.c
+++ b/pickdns-data.c
@@ -123,7 +123,7 @@ void syntaxerror(const char *why)
}
void die_datatmp(void)
{
- strerr_die2sys(111,FATAL,"unable to create data.tmp: ");
+ strerr_die2sys(111,FATAL,"unable to create data.cdb.tmp: ");
}
int main()
@@ -142,7 +142,7 @@ int main()
if (fd == -1) strerr_die2sys(111,FATAL,"unable to open data: ");
buffer_init(&b,buffer_unixread,fd,bspace,sizeof bspace);
- fdcdb = open_trunc("data.tmp");
+ fdcdb = open_trunc("data.cdb.tmp");
if (fdcdb == -1) die_datatmp();
if (cdb_make_start(&cdb,fdcdb) == -1) die_datatmp();
@@ -223,8 +223,8 @@ int main()
if (cdb_make_finish(&cdb) == -1) die_datatmp();
if (fsync(fdcdb) == -1) die_datatmp();
if (close(fdcdb) == -1) die_datatmp(); /* NFS stupidity */
- if (rename("data.tmp","data.cdb") == -1)
- strerr_die2sys(111,FATAL,"unable to move data.tmp to data.cdb: ");
+ if (rename("data.cdb.tmp","data.cdb") == -1)
+ strerr_die2sys(111,FATAL,"unable to move data.cdb.tmp to data.cdb: ");
_exit(0);
}
--- a/rbldns-data.c
+++ b/rbldns-data.c
@@ -42,7 +42,7 @@ void syntaxerror(const char *why)
}
void die_datatmp(void)
{
- strerr_die2sys(111,FATAL,"unable to create data.tmp: ");
+ strerr_die2sys(111,FATAL,"unable to create data.cdb.tmp: ");
}
int main()
@@ -59,7 +59,7 @@ int main()
if (fd == -1) strerr_die2sys(111,FATAL,"unable to open data: ");
buffer_init(&b,buffer_unixread,fd,bspace,sizeof bspace);
- fdcdb = open_trunc("data.tmp");
+ fdcdb = open_trunc("data.cdb.tmp");
if (fdcdb == -1) die_datatmp();
if (cdb_make_start(&cdb,fdcdb) == -1) die_datatmp();
@@ -121,8 +121,8 @@ int main()
if (cdb_make_finish(&cdb) == -1) die_datatmp();
if (fsync(fdcdb) == -1) die_datatmp();
if (close(fdcdb) == -1) die_datatmp(); /* NFS stupidity */
- if (rename("data.tmp","data.cdb") == -1)
- strerr_die2sys(111,FATAL,"unable to move data.tmp to data.cdb: ");
+ if (rename("data.cdb.tmp","data.cdb") == -1)
+ strerr_die2sys(111,FATAL,"unable to move data.cdb.tmp to data.cdb: ");
_exit(0);
}
--- a/tinydns-data.c
+++ b/tinydns-data.c
@@ -27,7 +27,7 @@
void die_datatmp(void)
{
- strerr_die2sys(111,FATAL,"unable to create data.tmp: ");
+ strerr_die2sys(111,FATAL,"unable to create data.cdb.tmp: ");
}
void nomem(void)
{
@@ -207,7 +207,7 @@ int main()
buffer_init(&b,buffer_unixread,fddata,bspace,sizeof bspace);
- fdcdb = open_trunc("data.tmp");
+ fdcdb = open_trunc("data.cdb.tmp");
if (fdcdb == -1) die_datatmp();
if (cdb_make_start(&cdb,fdcdb) == -1) die_datatmp();
@@ -487,8 +487,8 @@ int main()
if (cdb_make_finish(&cdb) == -1) die_datatmp();
if (fsync(fdcdb) == -1) die_datatmp();
if (close(fdcdb) == -1) die_datatmp(); /* NFS stupidity */
- if (rename("data.tmp","data.cdb") == -1)
- strerr_die2sys(111,FATAL,"unable to move data.tmp to data.cdb: ");
+ if (rename("data.cdb.tmp","data.cdb") == -1)
+ strerr_die2sys(111,FATAL,"unable to move data.cdb.tmp to data.cdb: ");
_exit(0);
}

View File

@ -0,0 +1,226 @@
--- a/query.c
+++ b/query.c
@@ -91,6 +91,21 @@ static void cleanup(struct query *z)
}
}
+static int move_name_to_alias(struct query *z,uint32 ttl)
+{
+ int j ;
+
+ if (z->alias[QUERY_MAXALIAS - 1]) return 0 ;
+ for (j = QUERY_MAXALIAS - 1;j > 0;--j)
+ z->alias[j] = z->alias[j - 1];
+ for (j = QUERY_MAXALIAS - 1;j > 0;--j)
+ z->aliasttl[j] = z->aliasttl[j - 1];
+ z->alias[0] = z->name[0];
+ z->aliasttl[0] = ttl;
+ z->name[0] = 0;
+ return 1 ;
+}
+
static int rqa(struct query *z)
{
int i;
@@ -123,7 +138,6 @@ static int globalip(char *d,char ip[4])
static char *t1 = 0;
static char *t2 = 0;
static char *t3 = 0;
-static char *cname = 0;
static char *referral = 0;
static unsigned int *records = 0;
@@ -179,15 +193,14 @@ static int doit(struct query *z,int stat
uint16 datalen;
char *control;
char *d;
+ char *owner_name = 0 ;
const char *dtype;
unsigned int dlen;
int flagout;
- int flagcname;
int flagreferral;
int flagsoa;
uint32 ttl;
uint32 soattl;
- uint32 cnamettl;
int i;
int j;
int k;
@@ -253,7 +266,10 @@ static int doit(struct query *z,int stat
byte_copy(key,2,DNS_T_CNAME);
cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
- if (cached) {
+ /* A previous explicit query might have caused an empty RRSet to have been
+ ** cached. Take care to ignore such a thing.
+ */
+ if (cached && cachedlen) {
if (typematch(DNS_T_CNAME,dtype)) {
log_cachedanswer(d,DNS_T_CNAME);
if (!rqa(z)) goto DIE;
@@ -262,8 +278,11 @@ static int doit(struct query *z,int stat
return 1;
}
log_cachedcname(d,cached);
- if (!dns_domain_copy(&cname,cached)) goto DIE;
- goto CNAME;
+ if (!z->level) {
+ if (!move_name_to_alias(z,ttl)) goto DIE ;
+ }
+ if (!dns_domain_copy(&z->name[z->level],cached)) goto DIE;
+ goto NEWNAME;
}
if (typematch(DNS_T_NS,dtype)) {
@@ -352,7 +371,7 @@ static int doit(struct query *z,int stat
}
}
- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_CNAME,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
+ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
byte_copy(key,2,dtype);
cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
@@ -473,29 +492,31 @@ static int doit(struct query *z,int stat
cachettl = 0;
flagout = 0;
- flagcname = 0;
flagreferral = 0;
flagsoa = 0;
soattl = 0;
- cnamettl = 0;
+ if (!dns_domain_copy(&owner_name,d)) goto DIE;
+ /* This code assumes that the CNAME chain is presented in the correct
+ ** order. The example algorithm in RFC 1034 will actually result in this
+ ** being the case, but the words do not require it to be so.
+ */
for (j = 0;j < numanswers;++j) {
pos = dns_packet_getname(buf,len,pos,&t1); if (!pos) goto DIE;
pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE;
- if (dns_domain_equal(t1,d))
+ if (dns_domain_equal(t1,owner_name))
if (byte_equal(header + 2,2,DNS_C_IN)) { /* should always be true */
if (typematch(header,dtype))
flagout = 1;
else if (typematch(header,DNS_T_CNAME)) {
- if (!dns_packet_getname(buf,len,pos,&cname)) goto DIE;
- flagcname = 1;
- cnamettl = ttlget(header + 4);
+ if (!dns_packet_getname(buf,len,pos,&owner_name)) goto DIE;
}
}
uint16_unpack_big(header + 8,&datalen);
pos += datalen;
}
+ dns_domain_free(&owner_name) ;
posauthority = pos;
for (j = 0;j < numauthority;++j) {
@@ -522,15 +543,6 @@ static int doit(struct query *z,int stat
}
posglue = pos;
-
- if (!flagcname && !rcode && !flagout && flagreferral && !flagsoa)
- if (dns_domain_equal(referral,control) || !dns_domain_suffix(referral,control)) {
- log_lame(whichserver,control,referral);
- byte_zero(whichserver,4);
- goto HAVENS;
- }
-
-
if (records) { alloc_free(records); records = 0; }
k = numanswers + numauthority + numglue;
@@ -677,24 +689,36 @@ static int doit(struct query *z,int stat
alloc_free(records); records = 0;
+ if (byte_diff(DNS_T_CNAME,2,dtype)) {
+ /* This code assumes that the CNAME chain is presented in the correct
+ ** order. The example algorithm in RFC 1034 will actually result in this
+ ** being the case, but the words do not require it to be so.
+ */
+ pos = posanswers;
+ for (j = 0;j < numanswers;++j) {
+ pos = dns_packet_getname(buf,len,pos,&t1); if (!pos) goto DIE;
+ pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE;
+
+ if (dns_domain_equal(t1,d))
+ if (byte_equal(header + 2,2,DNS_C_IN)) { /* should always be true */
+ if (typematch(header,DNS_T_CNAME)) {
+ ttl = ttlget(header + 4);
+ if (z->level == 0) {
+ if (!move_name_to_alias(z,ttl)) goto DIE ;
+ }
+ if (!dns_packet_getname(buf,len,pos,&z->name[z->level])) goto DIE;
+ d = z->name[z->level];
+ if (!dns_domain_suffix(d,control) || !roots_same(d,control))
+ goto NEWNAME ; /* Cannot trust the chain further - restart using current name */
+ }
+ }
- if (flagcname) {
- ttl = cnamettl;
- CNAME:
- if (!z->level) {
- if (z->alias[QUERY_MAXALIAS - 1]) goto DIE;
- for (j = QUERY_MAXALIAS - 1;j > 0;--j)
- z->alias[j] = z->alias[j - 1];
- for (j = QUERY_MAXALIAS - 1;j > 0;--j)
- z->aliasttl[j] = z->aliasttl[j - 1];
- z->alias[0] = z->name[0];
- z->aliasttl[0] = ttl;
- z->name[0] = 0;
+ uint16_unpack_big(header + 8,&datalen);
+ pos += datalen;
}
- if (!dns_domain_copy(&z->name[z->level],cname)) goto DIE;
- goto NEWNAME;
}
+ /* A "no such name" error applies to the end of any CNAME chain, not to the start. */
if (rcode == 3) {
log_nxdomain(whichserver,d,cachettl);
cachegeneric(DNS_T_ANY,d,"",0,cachettl);
@@ -707,10 +731,26 @@ static int doit(struct query *z,int stat
return 1;
}
+ /* We check for a lame server _after_ we have cached any records that it
+ ** might have returned to us. This copes better with the incorrect
+ ** behaviour of one content DNS server software that doesn't return
+ ** complete CNAME chains but instead returns only the first link in a
+ ** chain followed by a lame delegation to the same server.
+ ** Also: We check for a lame server _after_ following the CNAME chain. The
+ ** delegation in a referral answer applies to the _end_ of the chain, not
+ ** to the beginning.
+ */
+ if (!rcode && !flagout && flagreferral && !flagsoa)
+ if (dns_domain_equal(referral,control) || !dns_domain_suffix(referral,control)) {
+ log_lame(whichserver,control,referral);
+ byte_zero(whichserver,4);
+ goto HAVENS;
+ }
+
if (!flagout && flagsoa)
+ /* Don't save empty RRSets for those types that we use as special markers. */
if (byte_diff(DNS_T_ANY,2,dtype))
- if (byte_diff(DNS_T_AXFR,2,dtype))
- if (byte_diff(DNS_T_CNAME,2,dtype)) {
+ if (byte_diff(DNS_T_AXFR,2,dtype)) {
save_start();
save_finish(dtype,d,soattl);
log_nodata(whichserver,d,dtype,soattl);
@@ -822,6 +862,7 @@ static int doit(struct query *z,int stat
DIE:
cleanup(z);
if (records) { alloc_free(records); records = 0; }
+ dns_domain_free(&owner_name) ;
return -1;
}

View File

@ -0,0 +1,47 @@
--- a/log.h
+++ b/log.h
@@ -25,6 +25,7 @@ extern void log_nxdomain(const char *,co
extern void log_nodata(const char *,const char *,const char *,unsigned int);
extern void log_servfail(const char *);
extern void log_lame(const char *,const char *,const char *);
+extern void log_ignore_referral(const char *,const char *,const char *);
extern void log_rr(const char *,const char *,const char *,const char *,unsigned int,unsigned int);
extern void log_rrns(const char *,const char *,const char *,unsigned int);
--- a/log.c
+++ b/log.c
@@ -197,6 +197,13 @@ void log_lame(const char server[4],const
line();
}
+void log_ignore_referral(const char server[4],const char * control, const char *referral)
+{
+ string("ignored referral "); ip(server); space();
+ name(control); space(); name(referral);
+ line();
+}
+
void log_servfail(const char *dn)
{
const char *x = error_str(errno);
--- a/query.c
+++ b/query.c
@@ -828,6 +828,18 @@ static int doit(struct query *z,int stat
if (!dns_domain_suffix(d,referral)) goto DIE;
+
+ /* In strict "forwardonly" mode, we don't, as the manual states,
+ ** contact a chain of servers according to "NS" resource records.
+ ** We don't obey any referral responses, therefore. Instead, we
+ ** eliminate the server from the list and try the next one.
+ */
+ if (flagforwardonly) {
+ log_ignore_referral(whichserver,control,referral);
+ byte_zero(whichserver,4);
+ goto HAVENS;
+ }
+
control = d + dns_domain_suffixpos(d,referral);
z->control[z->level] = control;
byte_zero(z->servers[z->level],64);

View File

@ -0,0 +1,194 @@
--- a/tinydns-data.c
+++ b/tinydns-data.c
@@ -25,6 +25,14 @@
#define FATAL "tinydns-data: fatal: "
+void die_semantic2(const char * s1, const char * s2)
+{
+ strerr_die3x(111,FATAL,s1,s2) ;
+}
+void die_semantic4(const char * s1, const char * s2,const char * s3, const char * s4)
+{
+ strerr_die5x(111,FATAL,s1,s2,s3,s4) ;
+}
void die_datatmp(void)
{
strerr_die2sys(111,FATAL,"unable to create data.cdb.tmp: ");
@@ -34,20 +42,39 @@ void nomem(void)
strerr_die1sys(111,FATAL);
}
+void ttlparse(stralloc *sa,unsigned long * ttl, unsigned long defttl, const char * ltype)
+{
+ int ttllen ;
+
+ if (sa->len > 0) {
+ if (!stralloc_0(sa)) nomem();
+ ttllen = scan_ulong(sa->s,ttl) ;
+ if (ttllen + 1 != sa->len)
+ die_semantic4("unparseable TTL in ",ltype," line: ", sa->s) ;
+ } else
+ *ttl = defttl;
+}
+
void ttdparse(stralloc *sa,char ttd[8])
{
unsigned int i;
char ch;
byte_zero(ttd,8);
- for (i = 0;(i < 16) && (i < sa->len);++i) {
+ for (i = 0;i < sa->len;++i) {
+ if (i >= 16) {
+ if (!stralloc_0(sa)) nomem() ;
+ die_semantic2("timestamp is too long: ", sa->s) ;
+ }
ch = sa->s[i];
if ((ch >= '0') && (ch <= '9'))
ch -= '0';
else if ((ch >= 'a') && (ch <= 'f'))
ch -= 'a' - 10;
- else
- ch = 0;
+ else {
+ if (!stralloc_0(sa)) nomem() ;
+ die_semantic2("timestamp contains an invalid character: ", sa->s) ;
+ }
if (!(i & 1)) ch <<= 4;
ttd[i >> 1] |= ch;
}
@@ -55,6 +82,10 @@ void ttdparse(stralloc *sa,char ttd[8])
void locparse(stralloc *sa,char loc[2])
{
+ if (sa->len > 2) {
+ if (!stralloc_0(sa)) nomem() ;
+ die_semantic2("location code longer than two characters: ", sa->s) ;
+ }
loc[0] = (sa->len > 0) ? sa->s[0] : 0;
loc[1] = (sa->len > 1) ? sa->s[1] : 0;
}
@@ -187,6 +218,7 @@ int main()
int i;
int j;
int k;
+ int iplen ;
char ch;
unsigned long ttl;
char ttd[8];
@@ -267,8 +299,7 @@ int main()
if (!scan_ulong(f[7].s,&u)) uint32_unpack_big(defaultsoa + 16,&u);
uint32_pack_big(soa + 16,u);
- if (!stralloc_0(&f[8])) nomem();
- if (!scan_ulong(f[8].s,&ttl)) ttl = TTL_NEGATIVE;
+ ttlparse(&f[8],&ttl,TTL_NEGATIVE,"Z");
ttdparse(&f[9],ttd);
locparse(&f[10],loc);
@@ -283,8 +314,7 @@ int main()
case '.': case '&':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
- if (!stralloc_0(&f[3])) nomem();
- if (!scan_ulong(f[3].s,&ttl)) ttl = TTL_NS;
+ ttlparse(&f[3],&ttl,TTL_NS,". or &");
ttdparse(&f[4],ttd);
locparse(&f[5],loc);
@@ -309,24 +339,26 @@ int main()
rr_addname(d2);
rr_finish(d1);
- if (ip4_scan(f[1].s,ip)) {
+ iplen = ip4_scan(f[1].s,ip) ;
+ if (iplen != 0 && iplen + 1 == f[1].len) {
rr_start(DNS_T_A,ttl,ttd,loc);
rr_add(ip,4);
rr_finish(d2);
- }
+ } else if (f[1].len > 1)
+ die_semantic4("unparseable IP address in ","& or ."," line: ", f[1].s) ;
break;
case '+': case '=':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
- if (!stralloc_0(&f[2])) nomem();
- if (!scan_ulong(f[2].s,&ttl)) ttl = TTL_POSITIVE;
+ ttlparse(&f[2],&ttl,TTL_POSITIVE,"+ or =");
ttdparse(&f[3],ttd);
locparse(&f[4],loc);
if (!stralloc_0(&f[1])) nomem();
- if (ip4_scan(f[1].s,ip)) {
+ iplen = ip4_scan(f[1].s,ip) ;
+ if (iplen != 0 && iplen + 1 == f[1].len) {
rr_start(DNS_T_A,ttl,ttd,loc);
rr_add(ip,4);
rr_finish(d1);
@@ -337,13 +369,15 @@ int main()
rr_addname(d1);
rr_finish(dptr);
}
- }
+ } else if (f[1].len > 1)
+ die_semantic4("unparseable IP address in ","+ or ="," line: ", f[1].s) ;
+ else
+ die_semantic4("missing IP address in ","+ or ="," line: ", f[1].s) ;
break;
case '@':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
- if (!stralloc_0(&f[4])) nomem();
- if (!scan_ulong(f[4].s,&ttl)) ttl = TTL_POSITIVE;
+ ttlparse(&f[4],&ttl,TTL_POSITIVE,"@");
ttdparse(&f[5],ttd);
locparse(&f[6],loc);
@@ -401,18 +435,19 @@ int main()
rr_addname(d2);
rr_finish(d1);
- if (ip4_scan(f[1].s,ip)) {
+ iplen = ip4_scan(f[1].s,ip) ;
+ if (iplen != 0 && iplen + 1 == f[1].len) {
rr_start(DNS_T_A,ttl,ttd,loc);
rr_add(ip,4);
rr_finish(d2);
- }
+ } else if (f[1].len > 1)
+ die_semantic4("unparseable IP address in ","@"," line: ", f[1].s) ;
break;
case '^': case 'C':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
if (!dns_domain_fromdot(&d2,f[1].s,f[1].len)) nomem();
- if (!stralloc_0(&f[2])) nomem();
- if (!scan_ulong(f[2].s,&ttl)) ttl = TTL_POSITIVE;
+ ttlparse(&f[2],&ttl,TTL_POSITIVE,"^ or C");
ttdparse(&f[3],ttd);
locparse(&f[4],loc);
@@ -426,8 +461,7 @@ int main()
case '\'':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
- if (!stralloc_0(&f[2])) nomem();
- if (!scan_ulong(f[2].s,&ttl)) ttl = TTL_POSITIVE;
+ ttlparse(&f[2],&ttl,TTL_POSITIVE,"\'");
ttdparse(&f[3],ttd);
locparse(&f[4],loc);
@@ -449,8 +483,7 @@ int main()
case ':':
if (!dns_domain_fromdot(&d1,f[0].s,f[0].len)) nomem();
- if (!stralloc_0(&f[3])) nomem();
- if (!scan_ulong(f[3].s,&ttl)) ttl = TTL_POSITIVE;
+ ttlparse(&f[3],&ttl,TTL_POSITIVE,":");
ttdparse(&f[4],ttd);
locparse(&f[5],loc);

View File

@ -0,0 +1,87 @@
--- a/tdlookup.c
+++ b/tdlookup.c
@@ -103,12 +103,13 @@ static int doname(void)
return response_addname(d1);
}
-static int doit(char *q,char qtype[2])
+static int doit1(char **pqname,char qtype[2])
{
unsigned int bpos;
unsigned int anpos;
unsigned int aupos;
unsigned int arpos;
+ char *q;
char *control;
char *wild;
int flaggavesoa;
@@ -122,6 +123,12 @@ static int doit(char *q,char qtype[2])
int addrnum;
uint32 addrttl;
int i;
+ int loop = 0 ;
+
+RESTART:
+ if (loop++ >= 100) return 0 ;
+
+ q = *pqname ;
anpos = response_len;
@@ -136,7 +143,14 @@ static int doit(char *q,char qtype[2])
if (byte_equal(type,2,DNS_T_NS)) flagns = 1;
}
if (flagns) break;
- if (!*control) return 0; /* q is not within our bailiwick */
+ if (!*control) { /* q is not within our bailiwick */
+ if (loop <= 1)
+ return 0 ;
+ else {
+ response[2] &= ~4;
+ goto DONE; /* The administrator has issued contradictory instructions */
+ }
+ }
control += *control;
control += 1;
}
@@ -172,9 +186,17 @@ static int doit(char *q,char qtype[2])
continue;
}
if (!response_rstart(q,type,ttl)) return 0;
- if (byte_equal(type,2,DNS_T_NS) || byte_equal(type,2,DNS_T_CNAME) || byte_equal(type,2,DNS_T_PTR)) {
+ if (byte_equal(type,2,DNS_T_NS) || byte_equal(type,2,DNS_T_PTR)) {
if (!doname()) return 0;
}
+ else if (byte_equal(type,2,DNS_T_CNAME)) {
+ if (!doname()) return 0;
+ if (byte_diff(type,2,qtype)) {
+ response_rfinish(RESPONSE_ANSWER);
+ if (!dns_domain_copy(pqname,d1)) return 0 ;
+ goto RESTART ;
+ }
+ }
else if (byte_equal(type,2,DNS_T_MX)) {
if (!dobytes(2)) return 0;
if (!doname()) return 0;
@@ -275,9 +297,21 @@ static int doit(char *q,char qtype[2])
}
}
+DONE:
return 1;
}
+static int doit(char *qname,char qtype[2])
+{
+ int r ;
+ char * q = 0 ;
+
+ if (!dns_domain_copy(&q, qname)) return 0 ;
+ r = doit1(&q, qtype) ;
+ dns_domain_free(&q) ;
+ return r ;
+}
+
int respond(char *q,char qtype[2],char ip[4])
{
static struct tai cdb_valid = { 0 };

View File

@ -0,0 +1,16 @@
--- a/dnscache.c
+++ b/dnscache.c
@@ -1,4 +1,5 @@
#include <unistd.h>
+#include <signal.h>
#include "env.h"
#include "exit.h"
#include "scan.h"
@@ -391,6 +392,7 @@ int main()
char *x;
unsigned long cachesize;
+ signal(SIGPIPE, SIG_IGN);
x = env_get("IP");
if (!x)
strerr_die2x(111,FATAL,"$IP not set");

View File

@ -0,0 +1,11 @@
--- a/response.c
+++ b/response.c
@@ -34,7 +34,7 @@ int response_addname(const char *d)
uint16_pack_big(buf,49152 + name_ptr[i]);
return response_addbytes(buf,2);
}
- if (dlen <= 128)
+ if ((dlen <= 128) && (response_len < 16384))
if (name_num < NAMES) {
byte_copy(name[name_num],dlen,d);
name_ptr[name_num] = response_len;

View File

@ -0,0 +1,328 @@
--- a/Makefile
+++ b/Makefile
@@ -315,11 +315,11 @@ stralloc.h iopause.h taia.h tai.h uint64
./compile dns_txt.c
dnscache: \
-load dnscache.o droproot.o okclient.o log.o cache.o query.o \
+load dnscache.o droproot.o okclient.o log.o cache.o query.o qmerge.o \
response.o dd.o roots.o iopause.o prot.o dns.a env.a alloc.a buffer.a \
libtai.a unix.a byte.a socket.lib
./load dnscache droproot.o okclient.o log.o cache.o \
- query.o response.o dd.o roots.o iopause.o prot.o dns.a \
+ query.o qmerge.o response.o dd.o roots.o iopause.o prot.o dns.a \
env.a alloc.a buffer.a libtai.a unix.a byte.a `cat \
socket.lib`
@@ -340,7 +340,7 @@ compile dnscache.c env.h exit.h scan.h s
uint16.h uint64.h socket.h uint16.h dns.h stralloc.h gen_alloc.h \
iopause.h taia.h tai.h uint64.h taia.h taia.h byte.h roots.h fmt.h \
iopause.h query.h dns.h uint32.h alloc.h response.h uint32.h cache.h \
-uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h
+uint32.h uint64.h ndelay.h log.h uint64.h okclient.h droproot.h maxclient.h
./compile dnscache.c
dnsfilter: \
@@ -685,11 +685,16 @@ qlog.o: \
compile qlog.c buffer.h qlog.h uint16.h
./compile qlog.c
+qmerge.o: \
+compile qmerge.c qmerge.h dns.h stralloc.h gen_alloc.h iopause.h \
+taia.h tai.h uint64.h log.h maxclient.h
+ ./compile qmerge.c
+
query.o: \
compile query.c error.h roots.h log.h uint64.h case.h cache.h \
uint32.h uint64.h byte.h dns.h stralloc.h gen_alloc.h iopause.h \
taia.h tai.h uint64.h taia.h uint64.h uint32.h uint16.h dd.h alloc.h \
-response.h uint32.h query.h dns.h uint32.h
+response.h uint32.h query.h dns.h uint32.h qmerge.h
./compile query.c
random-ip: \
--- a/dnscache.c
+++ b/dnscache.c
@@ -20,6 +20,7 @@
#include "response.h"
#include "cache.h"
#include "ndelay.h"
+#include "maxclient.h"
#include "log.h"
#include "okclient.h"
#include "droproot.h"
@@ -57,7 +58,6 @@ uint64 numqueries = 0;
static int udp53;
-#define MAXUDP 200
static struct udpclient {
struct query q;
struct taia start;
@@ -134,7 +134,6 @@ void u_new(void)
static int tcp53;
-#define MAXTCP 20
struct tcpclient {
struct query q;
struct taia start;
--- a/log.c
+++ b/log.c
@@ -151,6 +151,13 @@ void log_tx(const char *q,const char qty
line();
}
+void log_tx_piggyback(const char *q, const char qtype[2], const char *control)
+{
+ string("txpb ");
+ logtype(qtype); space(); name(q); space(); name(control);
+ line();
+}
+
void log_cachedanswer(const char *q,const char type[2])
{
string("cached "); logtype(type); space();
--- a/log.h
+++ b/log.h
@@ -20,6 +20,7 @@ extern void log_cachednxdomain(const cha
extern void log_cachedns(const char *,const char *);
extern void log_tx(const char *,const char *,const char *,const char *,unsigned int);
+extern void log_tx_piggyback(const char *,const char *,const char *);
extern void log_nxdomain(const char *,const char *,unsigned int);
extern void log_nodata(const char *,const char *,const char *,unsigned int);
--- /dev/null
+++ b/maxclient.h
@@ -0,0 +1,7 @@
+#ifndef MAXCLIENT_H
+#define MAXCLIENT_H
+
+#define MAXUDP 200
+#define MAXTCP 20
+
+#endif /* MAXCLIENT_H */
--- /dev/null
+++ b/qmerge.c
@@ -0,0 +1,115 @@
+#include "qmerge.h"
+#include "byte.h"
+#include "log.h"
+#include "maxclient.h"
+
+#define QMERGE_MAX (MAXUDP+MAXTCP)
+struct qmerge inprogress[QMERGE_MAX];
+
+static
+int qmerge_key_init(struct qmerge_key *qmk, const char *q, const char qtype[2],
+ const char *control)
+{
+ if (!dns_domain_copy(&qmk->q, q)) return 0;
+ byte_copy(qmk->qtype, 2, qtype);
+ if (!dns_domain_copy(&qmk->control, control)) return 0;
+ return 1;
+}
+
+static
+int qmerge_key_equal(struct qmerge_key *a, struct qmerge_key *b)
+{
+ return
+ byte_equal(a->qtype, 2, b->qtype) &&
+ dns_domain_equal(a->q, b->q) &&
+ dns_domain_equal(a->control, b->control);
+}
+
+static
+void qmerge_key_free(struct qmerge_key *qmk)
+{
+ dns_domain_free(&qmk->q);
+ dns_domain_free(&qmk->control);
+}
+
+void qmerge_free(struct qmerge **x)
+{
+ struct qmerge *qm;
+
+ qm = *x;
+ *x = 0;
+ if (!qm || !qm->active) return;
+
+ qm->active--;
+ if (!qm->active) {
+ qmerge_key_free(&qm->key);
+ dns_transmit_free(&qm->dt);
+ }
+}
+
+int qmerge_start(struct qmerge **qm, const char servers[64], int flagrecursive,
+ const char *q, const char qtype[2], const char localip[4],
+ const char *control)
+{
+ struct qmerge_key k;
+ int i;
+ int r;
+
+ qmerge_free(qm);
+
+ byte_zero(&k, sizeof k);
+ if (!qmerge_key_init(&k, q, qtype, control)) return -1;
+ for (i = 0; i < QMERGE_MAX; i++) {
+ if (!inprogress[i].active) continue;
+ if (!qmerge_key_equal(&k, &inprogress[i].key)) continue;
+ log_tx_piggyback(q, qtype, control);
+ inprogress[i].active++;
+ *qm = &inprogress[i];
+ qmerge_key_free(&k);
+ return 0;
+ }
+
+ for (i = 0; i < QMERGE_MAX; i++)
+ if (!inprogress[i].active)
+ break;
+ if (i == QMERGE_MAX) return -1;
+
+ log_tx(q, qtype, control, servers, 0);
+ r = dns_transmit_start(&inprogress[i].dt, servers, flagrecursive, q, qtype, localip);
+ if (r == -1) { qmerge_key_free(&k); return -1; }
+ inprogress[i].active++;
+ inprogress[i].state = 0;
+ qmerge_key_free(&inprogress[i].key);
+ byte_copy(&inprogress[i].key, sizeof k, &k);
+ *qm = &inprogress[i];
+ return 0;
+}
+
+void qmerge_io(struct qmerge *qm, iopause_fd *io, struct taia *deadline)
+{
+ if (qm->state == 0) {
+ dns_transmit_io(&qm->dt, io, deadline);
+ qm->state = 1;
+ }
+ else {
+ io->fd = -1;
+ io->events = 0;
+ }
+}
+
+int qmerge_get(struct qmerge **x, const iopause_fd *io, const struct taia *when)
+{
+ int r;
+ struct qmerge *qm;
+
+ qm = *x;
+ if (qm->state == -1) return -1; /* previous error */
+ if (qm->state == 0) return 0; /* no packet */
+ if (qm->state == 2) return 1; /* already got packet */
+
+ r = dns_transmit_get(&qm->dt, io, when);
+ if (r == -1) { qm->state = -1; return -1; } /* error */
+ if (r == 0) { qm->state = 0; return 0; } /* must wait for i/o */
+ if (r == 1) { qm->state = 2; return 1; } /* got packet */
+ return -1; /* bug */
+}
--- /dev/null
+++ b/qmerge.h
@@ -0,0 +1,24 @@
+#ifndef QMERGE_H
+#define QMERGE_H
+
+#include "dns.h"
+
+struct qmerge_key {
+ char *q;
+ char qtype[2];
+ char *control;
+};
+
+struct qmerge {
+ int active;
+ struct qmerge_key key;
+ struct dns_transmit dt;
+ int state; /* -1 = error, 0 = need io, 1 = need get, 2 = got packet */
+};
+
+extern int qmerge_start(struct qmerge **,const char *,int,const char *,const char *,const char *,const char *);
+extern void qmerge_io(struct qmerge *,iopause_fd *,struct taia *);
+extern int qmerge_get(struct qmerge **,const iopause_fd *,const struct taia *);
+extern void qmerge_free(struct qmerge **);
+
+#endif /* QMERGE_H */
--- a/query.c
+++ b/query.c
@@ -83,7 +83,7 @@ static void cleanup(struct query *z)
int j;
int k;
- dns_transmit_free(&z->dt);
+ qmerge_free(&z->qm);
for (j = 0;j < QUERY_MAXALIAS;++j)
dns_domain_free(&z->alias[j]);
for (j = 0;j < QUERY_MAXLEVEL;++j) {
@@ -452,14 +452,8 @@ static int doit(struct query *z,int stat
if (j == 64) goto SERVFAIL;
dns_sortip(z->servers[z->level],64);
- if (z->level) {
- log_tx(z->name[z->level],DNS_T_A,z->control[z->level],z->servers[z->level],z->level);
- if (dns_transmit_start(&z->dt,z->servers[z->level],flagforwardonly,z->name[z->level],DNS_T_A,z->localip) == -1) goto DIE;
- }
- else {
- log_tx(z->name[0],z->type,z->control[0],z->servers[0],0);
- if (dns_transmit_start(&z->dt,z->servers[0],flagforwardonly,z->name[0],z->type,z->localip) == -1) goto DIE;
- }
+ dtype = z->level ? DNS_T_A : z->type;
+ if (qmerge_start(&z->qm,z->servers[z->level],flagforwardonly,z->name[z->level],dtype,z->localip,z->control[z->level]) == -1) goto DIE;
return 0;
@@ -473,10 +467,10 @@ static int doit(struct query *z,int stat
HAVEPACKET:
if (++z->loop == 100) goto DIE;
- buf = z->dt.packet;
- len = z->dt.packetlen;
+ buf = z->qm->dt.packet;
+ len = z->qm->dt.packetlen;
- whichserver = z->dt.servers + 4 * z->dt.curserver;
+ whichserver = z->qm->dt.servers + 4 * z->qm->dt.curserver;
control = z->control[z->level];
d = z->name[z->level];
dtype = z->level ? DNS_T_A : z->type;
@@ -902,7 +896,7 @@ int query_start(struct query *z,char *dn
int query_get(struct query *z,iopause_fd *x,struct taia *stamp)
{
- switch(dns_transmit_get(&z->dt,x,stamp)) {
+ switch(qmerge_get(&z->qm,x,stamp)) {
case 1:
return doit(z,1);
case -1:
@@ -913,5 +907,5 @@ int query_get(struct query *z,iopause_fd
void query_io(struct query *z,iopause_fd *x,struct taia *deadline)
{
- dns_transmit_io(&z->dt,x,deadline);
+ qmerge_io(z->qm,x,deadline);
}
--- a/query.h
+++ b/query.h
@@ -1,7 +1,7 @@
#ifndef QUERY_H
#define QUERY_H
-#include "dns.h"
+#include "qmerge.h"
#include "uint32.h"
#define QUERY_MAXLEVEL 5
@@ -20,7 +20,7 @@ struct query {
char localip[4];
char type[2];
char class[2];
- struct dns_transmit dt;
+ struct qmerge *qm;
} ;
extern int query_start(struct query *,char *,char *,char *,char *);

View File

@ -0,0 +1,67 @@
--- a/query.c
+++ b/query.c
@@ -342,6 +342,29 @@ static int doit(struct query *z,int stat
}
}
+ if (typematch(DNS_T_SOA,dtype)) {
+ byte_copy(key,2,DNS_T_SOA);
+ cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
+ if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
+ log_cachedanswer(d,DNS_T_SOA);
+ if (!rqa(z)) goto DIE;
+ pos = 0;
+ while (pos = dns_packet_copy(cached,cachedlen,pos,misc,20)) {
+ pos = dns_packet_getname(cached,cachedlen,pos,&t2);
+ if (!pos) break;
+ pos = dns_packet_getname(cached,cachedlen,pos,&t3);
+ if (!pos) break;
+ if (!response_rstart(d,DNS_T_SOA,ttl)) goto DIE;
+ if (!response_addname(t2)) goto DIE;
+ if (!response_addname(t3)) goto DIE;
+ if (!response_addbytes(misc,20)) goto DIE;
+ response_rfinish(RESPONSE_ANSWER);
+ }
+ cleanup(z);
+ return 1;
+ }
+ }
+
if (typematch(DNS_T_A,dtype)) {
byte_copy(key,2,DNS_T_A);
cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
@@ -374,7 +397,7 @@ static int doit(struct query *z,int stat
}
}
- if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype)) {
+ if (!typematch(DNS_T_ANY,dtype) && !typematch(DNS_T_AXFR,dtype) && !typematch(DNS_T_NS,dtype) && !typematch(DNS_T_PTR,dtype) && !typematch(DNS_T_A,dtype) && !typematch(DNS_T_MX,dtype) && !typematch(DNS_T_SOA,dtype)) {
byte_copy(key,2,dtype);
cached = cache_get(key,dlen + 2,&cachedlen,&ttl);
if (cached && (cachedlen || byte_diff(dtype,2,DNS_T_ANY))) {
@@ -601,15 +624,24 @@ static int doit(struct query *z,int stat
else if (byte_equal(type,2,DNS_T_AXFR))
;
else if (byte_equal(type,2,DNS_T_SOA)) {
+ int non_authority = 0;
+ save_start();
while (i < j) {
pos = dns_packet_skipname(buf,len,records[i]); if (!pos) goto DIE;
pos = dns_packet_getname(buf,len,pos + 10,&t2); if (!pos) goto DIE;
pos = dns_packet_getname(buf,len,pos,&t3); if (!pos) goto DIE;
pos = dns_packet_copy(buf,len,pos,misc,20); if (!pos) goto DIE;
- if (records[i] < posauthority)
+ if (records[i] < posauthority) {
log_rrsoa(whichserver,t1,t2,t3,misc,ttl);
+ save_data(misc,20);
+ save_data(t2,dns_domain_length(t2));
+ save_data(t3,dns_domain_length(t3));
+ non_authority++;
+ }
++i;
}
+ if (non_authority)
+ save_finish(DNS_T_SOA,t1,ttl);
}
else if (byte_equal(type,2,DNS_T_CNAME)) {
pos = dns_packet_skipname(buf,len,records[j - 1]); if (!pos) goto DIE;

View File

@ -0,0 +1,59 @@
--- djbdns-1.05/query.c 2012-08-30 22:14:28.885825918 +0800
+++ djbdns-1.05-new/query.c 2012-08-30 22:22:23.887727783 +0800
@@ -220,7 +217,7 @@
NEWNAME:
- if (++z->loop == 100) goto DIE;
+ if (++z->loop == 150) goto DIE;
d = z->name[z->level];
dtype = z->level ? DNS_T_A : z->type;
dlen = dns_domain_length(d);
@@ -489,7 +486,7 @@
HAVEPACKET:
- if (++z->loop == 100) goto DIE;
+ if (++z->loop == 150) goto DIE;
buf = z->qm->dt.packet;
len = z->qm->dt.packetlen;
@@ -722,6 +716,7 @@
alloc_free(records); records = 0;
if (byte_diff(DNS_T_CNAME,2,dtype)) {
+ int flagcname = 0;
/* This code assumes that the CNAME chain is presented in the correct
** order. The example algorithm in RFC 1034 will actually result in this
** being the case, but the words do not require it to be so.
@@ -734,20 +729,29 @@
if (dns_domain_equal(t1,d))
if (byte_equal(header + 2,2,DNS_C_IN)) { /* should always be true */
if (typematch(header,DNS_T_CNAME)) {
+ flagcname = 1;
ttl = ttlget(header + 4);
if (z->level == 0) {
if (!move_name_to_alias(z,ttl)) goto DIE ;
}
+ if (!dns_domain_copy(&owner_name, control)) goto DIE ;
if (!dns_packet_getname(buf,len,pos,&z->name[z->level])) goto DIE;
d = z->name[z->level];
- if (!dns_domain_suffix(d,control) || !roots_same(d,control))
+ if (!dns_domain_suffix(d,owner_name) || !roots_same(d,owner_name)) {
+ dns_domain_free(&owner_name);
goto NEWNAME ; /* Cannot trust the chain further - restart using current name */
}
+ control = d + dns_domain_suffixpos(d,owner_name);
+ z->control[z->level] = control;
+ dns_domain_free(&owner_name);
+ }
}
uint16_unpack_big(header + 8,&datalen);
pos += datalen;
}
+ if (flagcname != 0)
+ goto HAVENS;
}
/* A "no such name" error applies to the end of any CNAME chain, not to the start. */

View File

@ -0,0 +1,41 @@
# initial patch http://marc.info/?l=djbdns&m=134190748729079&w=2
#--- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200
#+++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200
#@@ -578,6 +578,7 @@
# }
#
# if (!dns_domain_suffix(t1,control)) { i = j; continue; }
#+ if (byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) { i = j; continue; }
# if (!roots_same(t1,control)) { i = j; continue; }
#
# if (byte_equal(type,2,DNS_T_ANY))
#
# alternative http://marc.info/?l=djbdns&m=134219930603966&w=2
#--- djbdns-1.05.orig/query.c 2001-02-11 22:11:45.000000000 +0100
#+++ djbdns-1.05/query.c 2012-07-13 18:52:16.313862281 +0200
#@@ -578,6 +578,7 @@
# }
#
# if (!dns_domain_suffix(t1,control)) { i = j; continue; }
#+ if (byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control) && (posauthority <= records[i])) { i = j; continue; } if (!roots_same(t1,control)) { i = j; continue; }
# if (byte_equal(type,2,DNS_T_ANY))
#
#http://marc.info/?l=djbdns&m=134269902121506&w=2
# Created 2012 by Peter Conrad <conrad@tivano.de>
#
# This patch is public domain.
#
--- djbdns-1.05/query.c.orig 2012-07-10 09:24:23.000000000 +0200
+++ djbdns-1.05/query.c 2012-07-10 09:24:26.000000000 +0200
@@ -578,6 +578,10 @@
}
if (!dns_domain_suffix(t1,control)) { i = j; continue; }
+ if (!flagforwardonly && byte_equal(type,2,DNS_T_NS) && dns_domain_equal(t1,control)) {
+ char dummy[256];
+ if (!roots(dummy,control)) { i = j; continue; }
+ }
if (!roots_same(t1,control)) { i = j; continue; }
if (byte_equal(type,2,DNS_T_ANY))

View File

@ -0,0 +1,31 @@
--- djbdns-1.05/query.c 2012-08-30 22:14:28.885825918 +0800
+++ djbdns-1.05-new/query.c 2012-08-30 22:22:23.887727783 +0800
@@ -220,7 +217,7 @@
NEWNAME:
- if (++z->loop == 150) goto DIE;
+ if (++z->loop == QUERY_MAXLOOP) goto DIE;
d = z->name[z->level];
dtype = z->level ? DNS_T_A : z->type;
dlen = dns_domain_length(d);
@@ -489,7 +486,7 @@
HAVEPACKET:
- if (++z->loop == 150) goto DIE;
+ if (++z->loop == QUERY_MAXLOOP) goto DIE;
buf = z->qm->dt.packet;
len = z->qm->dt.packetlen;
diff -ru djbdns-1.05/query.h djbdns-1.05-new/query.h
--- djbdns-1.05/query.h 2001-02-11 22:11:45.000000000 +0100
+++ djbdns-1.05-new/query.h 2005-11-10 18:39:58.000000000 +0100
@@ -7,6 +7,7 @@
#define QUERY_MAXLEVEL 5
#define QUERY_MAXALIAS 16
#define QUERY_MAXNS 16
+#define QUERY_MAXLOOP 500
struct query {
unsigned int loop;

21
Makefile Normal file
View File

@ -0,0 +1,21 @@
# Makefile for source rpm: djbdns
# $Id: Makefile,v 1.1 2016/02/04 12:33:23 vip-ire Exp $
NAME := djbdns
SPECFILE = $(firstword $(wildcard *.spec))
define find-makefile-common
for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
endef
MAKEFILE_COMMON := $(shell $(find-makefile-common))
ifeq ($(MAKEFILE_COMMON),)
# attept a checkout
define checkout-makefile-common
test -f CVS/Root && { cvs -Q -d $$(cat CVS/Root) checkout common && echo "common/Makefile.common" ; } || { echo "ERROR: I can't figure out how to checkout the 'common' module." ; exit -1 ; } >&2
endef
MAKEFILE_COMMON := $(shell $(checkout-makefile-common))
endif
include $(MAKEFILE_COMMON)

View File

@ -1,3 +1,11 @@
# djbdns
3rd Party (Maintained by Koozali) git repo for djbdns smeserver
## Description
<br />*This description has been generated by an LLM AI system and cannot be relied on to be fully correct.*
*Once it has been checked, then this comment will be deleted*
<br />
Djbdns is an open source software package designed to provide a secure and reliable Domain Name System (DNS) for small networks. The djbdns package includes a DNS server, a DNS library, and tools to manage DNS zones. The DNS server is designed to be fast, secure, and reliable, while the DNS library can be used to develop custom applications that use DNS lookups. The tools included in the package allow users to create, update, and delete DNS entries as well as manage the DNS zones for a domain.

1
contriborbase Normal file
View File

@ -0,0 +1 @@
sme10

View File

@ -0,0 +1,155 @@
diff -ruN djbdns-1.05-00/Makefile djbdns-1.05-01/Makefile
--- djbdns-1.05-00/Makefile Sun Feb 11 16:11:45 2001
+++ djbdns-1.05-01/Makefile Tue Feb 20 12:18:30 2001
@@ -37,6 +37,22 @@
compile auto_home.c
./compile auto_home.c
+root_auto_home.c: \
+auto-str conf-home
+ ./auto-str root_auto_home `pwd`/root`head -1 conf-home` > root_auto_home.c
+
+root_auto_home.o: \
+compile root_auto_home.c
+ ./compile root_auto_home.c
+
+root.c: \
+auto-str conf-home
+ ./auto-str root `pwd`/root > root.c
+
+root.o: \
+compile root.c
+ ./compile root.c
+
axfr-get: \
load axfr-get.o iopause.o timeoutread.o timeoutwrite.o dns.a libtai.a \
alloc.a buffer.a unix.a byte.a
@@ -515,20 +531,20 @@
./choose clr tryshsgr hasshsgr.h1 hasshsgr.h2 > hasshsgr.h
hier.o: \
-compile hier.c auto_home.h
+compile hier.c root_auto_home.h root.h
./compile hier.c
install: \
-load install.o hier.o auto_home.o buffer.a unix.a byte.a
- ./load install hier.o auto_home.o buffer.a unix.a byte.a
+load install.o hier.o root.o root_auto_home.o buffer.a unix.a byte.a
+ ./load install hier.o root.o root_auto_home.o buffer.a unix.a byte.a
install.o: \
compile install.c buffer.h strerr.h error.h open.h exit.h
./compile install.c
instcheck: \
-load instcheck.o hier.o auto_home.o buffer.a unix.a byte.a
- ./load instcheck hier.o auto_home.o buffer.a unix.a byte.a
+load instcheck.o hier.o root.o root_auto_home.o buffer.a unix.a byte.a
+ ./load instcheck hier.o root.o root_auto_home.o buffer.a unix.a byte.a
instcheck.o: \
compile instcheck.c strerr.h error.h exit.h
diff -ruN djbdns-1.05-00/hier.c djbdns-1.05-01/hier.c
--- djbdns-1.05-00/hier.c Sun Feb 11 16:11:45 2001
+++ djbdns-1.05-01/hier.c Tue Feb 20 12:19:33 2001
@@ -1,42 +1,43 @@
-#include "auto_home.h"
+#include "root_auto_home.h"
+#include "root.h"
void hier()
{
- c("/","etc","dnsroots.global",-1,-1,0644);
+ c(root,"etc","dnsroots.global",-1,-1,0644);
- h(auto_home,-1,-1,02755);
- d(auto_home,"bin",-1,-1,02755);
+ h(root_auto_home,-1,-1,02755);
+ d(root_auto_home,"bin",-1,-1,02755);
- c(auto_home,"bin","dnscache-conf",-1,-1,0755);
- c(auto_home,"bin","tinydns-conf",-1,-1,0755);
- c(auto_home,"bin","walldns-conf",-1,-1,0755);
- c(auto_home,"bin","rbldns-conf",-1,-1,0755);
- c(auto_home,"bin","pickdns-conf",-1,-1,0755);
- c(auto_home,"bin","axfrdns-conf",-1,-1,0755);
-
- c(auto_home,"bin","dnscache",-1,-1,0755);
- c(auto_home,"bin","tinydns",-1,-1,0755);
- c(auto_home,"bin","walldns",-1,-1,0755);
- c(auto_home,"bin","rbldns",-1,-1,0755);
- c(auto_home,"bin","pickdns",-1,-1,0755);
- c(auto_home,"bin","axfrdns",-1,-1,0755);
-
- c(auto_home,"bin","tinydns-get",-1,-1,0755);
- c(auto_home,"bin","tinydns-data",-1,-1,0755);
- c(auto_home,"bin","tinydns-edit",-1,-1,0755);
- c(auto_home,"bin","rbldns-data",-1,-1,0755);
- c(auto_home,"bin","pickdns-data",-1,-1,0755);
- c(auto_home,"bin","axfr-get",-1,-1,0755);
-
- c(auto_home,"bin","dnsip",-1,-1,0755);
- c(auto_home,"bin","dnsipq",-1,-1,0755);
- c(auto_home,"bin","dnsname",-1,-1,0755);
- c(auto_home,"bin","dnstxt",-1,-1,0755);
- c(auto_home,"bin","dnsmx",-1,-1,0755);
- c(auto_home,"bin","dnsfilter",-1,-1,0755);
- c(auto_home,"bin","random-ip",-1,-1,0755);
- c(auto_home,"bin","dnsqr",-1,-1,0755);
- c(auto_home,"bin","dnsq",-1,-1,0755);
- c(auto_home,"bin","dnstrace",-1,-1,0755);
- c(auto_home,"bin","dnstracesort",-1,-1,0755);
+ c(root_auto_home,"bin","dnscache-conf",-1,-1,0755);
+ c(root_auto_home,"bin","tinydns-conf",-1,-1,0755);
+ c(root_auto_home,"bin","walldns-conf",-1,-1,0755);
+ c(root_auto_home,"bin","rbldns-conf",-1,-1,0755);
+ c(root_auto_home,"bin","pickdns-conf",-1,-1,0755);
+ c(root_auto_home,"bin","axfrdns-conf",-1,-1,0755);
+
+ c(root_auto_home,"bin","dnscache",-1,-1,0755);
+ c(root_auto_home,"bin","tinydns",-1,-1,0755);
+ c(root_auto_home,"bin","walldns",-1,-1,0755);
+ c(root_auto_home,"bin","rbldns",-1,-1,0755);
+ c(root_auto_home,"bin","pickdns",-1,-1,0755);
+ c(root_auto_home,"bin","axfrdns",-1,-1,0755);
+
+ c(root_auto_home,"bin","tinydns-get",-1,-1,0755);
+ c(root_auto_home,"bin","tinydns-data",-1,-1,0755);
+ c(root_auto_home,"bin","tinydns-edit",-1,-1,0755);
+ c(root_auto_home,"bin","rbldns-data",-1,-1,0755);
+ c(root_auto_home,"bin","pickdns-data",-1,-1,0755);
+ c(root_auto_home,"bin","axfr-get",-1,-1,0755);
+
+ c(root_auto_home,"bin","dnsip",-1,-1,0755);
+ c(root_auto_home,"bin","dnsipq",-1,-1,0755);
+ c(root_auto_home,"bin","dnsname",-1,-1,0755);
+ c(root_auto_home,"bin","dnstxt",-1,-1,0755);
+ c(root_auto_home,"bin","dnsmx",-1,-1,0755);
+ c(root_auto_home,"bin","dnsfilter",-1,-1,0755);
+ c(root_auto_home,"bin","random-ip",-1,-1,0755);
+ c(root_auto_home,"bin","dnsqr",-1,-1,0755);
+ c(root_auto_home,"bin","dnsq",-1,-1,0755);
+ c(root_auto_home,"bin","dnstrace",-1,-1,0755);
+ c(root_auto_home,"bin","dnstracesort",-1,-1,0755);
}
diff -ruN djbdns-1.05-00/root.h djbdns-1.05-01/root.h
--- djbdns-1.05-00/root.h Wed Dec 31 19:00:00 1969
+++ djbdns-1.05-01/root.h Tue Feb 20 12:19:51 2001
@@ -0,0 +1,6 @@
+#ifndef ROOT_H
+#define ROOT_H
+
+extern const char root[];
+
+#endif
diff -ruN djbdns-1.05-00/root_auto_home.h djbdns-1.05-01/root_auto_home.h
--- djbdns-1.05-00/root_auto_home.h Wed Dec 31 19:00:00 1969
+++ djbdns-1.05-01/root_auto_home.h Tue Feb 20 12:19:59 2001
@@ -0,0 +1,6 @@
+#ifndef ROOT_AUTO_HOME_H
+#define ROOT_AUTO_HOME_H
+
+extern const char root_auto_home[];
+
+#endif

BIN
djbdns-1.05.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

240
djbdns.spec Normal file
View File

@ -0,0 +1,240 @@
# $Id: djbdns.spec,v 1.4 2021/04/13 01:01:10 jpp Exp $
#
# RPM spec file for Dan Bernstein's djbdns package
#
# $Id: djbdns.spec,v 1.4 2021/04/13 01:01:10 jpp Exp $
#
Summary: collection of Domain Name System tools
%define name djbdns
Name: %{name}
%define version 1.05
%define release 11
Version: %{version}
Release: %{release}%{?dist}
License: Public Domain
Group: Networking/Daemons
Source: http://cr.yp.to/%{name}/%{name}-%{version}.tar.gz
URL: http://cr.yp.to/%{name}.html
Patch0: %{name}-%{version}.patch.2001022000
Patch1: dns_transmit-bug.patch
#Patch2: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/dnscache-cname-handling.patch
#Patch3: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/dnscache-strict-forwardonly.patch
#Patch4: http://homepages.tesco.net./~J.deBoynePollard/Softwares/djbdns/tinydns-alias-chain-truncation.patch
# openwrt patches
Patch20: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/020-dnsroots-update.patch
Patch30: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/030-srv-records-and-axfrget.patch
Patch50: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/050-tinydns-mmap-leak.patch
Patch60: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/060-dnscache-big-udp-packets.patch
Patch70: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/070-dnscache-dpos-tcp-servfail.patch
Patch90: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/090-tinydns-one-second.patch
Patch80: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/080-dnscache-cache-negatives.patch
Patch120: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/120-compiler-temporary-filename.patch
Patch200: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/200-dnscache-cname-handling.patch
Patch210: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/210-dnscache-strict-forwardonly.patch
Patch230: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/230-tinydns-data-semantic-error.patch
Patch240: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/240-tinydns-alias-chain-truncation.patch
Patch270: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/270-dnscache-sigpipe-fix.patch
Patch300: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/300-bugfix-dnscache-dempsky-poison.patch
Patch310: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/310-bugfix-dnscache-merge-outgoing-requests.patch
Patch320: https://dev.openwrt.org/export/HEAD/packages/net/djbdns/patches/320-bugfix-dnscache-cache-soa-records.patch
Patch330: https://dev.openwrt.org/raw-attachment/ticket/5881/330-fix-dnscache-cname-handling.patch
#after openwrt applied patches
Patch450: 450-dnscache-ghost-domain-CVE-2012-1191.patch
Patch500: 500-cutom-dnscache-maxloop.patch
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
Provides: djbdns
AutoReqProv: no
%description
djbdns is a collection of Domain Name System tools. It includes several
components:
- The dnscache program is a local DNS cache. It accepts recursive
DNS queries from local clients such as web browsers. It collects
responses from remote DNS servers.
- The tinydns program is a fast, UDP-only DNS server. It makes
local DNS information available to the Internet. It supports load
balancing and client differentiation.
- The walldns program is a reverse DNS wall. It provides matching
reverse and forward records while hiding local host information.
- The rbldns program is an IP-address-listing DNS server. It uses
DNS to publish a list of IP addresses, such as RBL or DUL.
- The dns library handles outgoing and incoming DNS packets. It can
be used by clients such as web browsers to look up host addresses,
host names, MX records, etc. It supports asynchronous resolution.
- The dnsfilter program is a parallel IP-address-to-host-name
converter.
- The dnsip, dnsipq, dnsname, dnstxt, and dnsmx programs are simple
command-line interfaces to DNS.
- The dnsq and dnstrace programs are DNS debugging tools.
djbdns was written by Daniel J Bernstein, and was placed into the public
domain on Dec 28, 2007.
%changelog
* Fri Jul 14 2023 BogusDateBot
- Eliminated rpmbuild "bogus date" warnings due to inconsistent weekday,
by assuming the date is correct and changing the weekday.
* Mon Apr 12 2021 Jean-Philippe Pialasse <tests@pialasse.com> 1.05-11.sme
- import modification from SME9 [SME: 11548]
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362]
- 500-cutom-dnscache-maxloop.patch: set QUERY_MAXLEVEL 5 QUERY_MAXLOOP 500 QUERY_MAXNS 16 [SME: 10300]
* Wed Jul 12 2017 Jean-Philippe Pialasse <tests@pialasse.com> 1.05-10.sme
- improve short ttl cname resolution and glueless answer from akadns [SME: 8362]
- 500-cutom-dnscache-maxloop.patch: increase QUERY_MAXLEVEL 5->10 , set QUERY_MAXLOOP 160
* Tue Jul 11 2017 Jean-Philippe Pialasse <tests@pialasse.com> 1.05-9.sme
--import patches from openwrt and rename already applied patches
--fix security issues [SME: 10374]
- 020-dnsroots-update.patch: update list of root DNS servers
- 070-dnscache-dpos-tcp-servfail.patch: SERVFAIL rename previous patch dns_transmit-bug.patch
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 210-dnscache-strict-forwardonly.patch: rename previous patch dnscache-strict-forwardonly.patch
- 240-tinydns-alias-chain-truncation.patch: rename previous patch tinydns-alias-chain-truncation.patch
- 270-dnscache-sigpipe-fix.patch: SIGPIPE
- 300-bugfix-dnscache-dempsky-poison.patch: CVE-2009-0858
- 310-bugfix-dnscache-merge-outgoing-requests.patch: CVE-2008-4392
- 320-bugfix-dnscache-cache-soa-records.patch: CVE-2008-4392
- 450-dnscache-ghost-domain-CVE-2012-1191.patch: CVE-2012-1191 http://marc.info/?l=djbdns&m=134190748729079&w=2
--bug fixes [SME: 10374]
- 060-dnscache-big-udp-packets.patch: accept and handle longer than 512 bytes UDP packets
- 230-tinydns-data-semantic-error.patch: handle semantic error to avoid publishing false dns records
--fix issue with short ttl cname like akamaid [SME: 8362]
- 200-dnscache-cname-handling.patch: rename previous patch dnscache-cname-handling.patch
- 330-fix-dnscache-cname-handling.patch: fix dnscache cname for short ttl
- 500-cutom-dnscache-maxloop.patch: set max loop to 200
--needed for previous patches to apply cleanly
- 030-srv-records-and-axfrget.patch: add SRV record type and axfr-get decompose SRC and PTR records (for 230-*.patch)
- 050-tinydns-mmap-leak.patch: report cdb leak
- 080-dnscache-cache-negatives.patch: rfc2308 ?
- 090-tinydns-one-second.patch: improve tinydns with 8 or more concurent connections (for 240-*.patch)
- 120-compiler-temporary-filename.patch: change tmp filename to avoid conflicts (for 230-*.patch)
* Mon Mar 24 2008 Shad L. Lords <slords@mail.com> 1.05-8
- Comment out contentious patches for now [SME: 3826] [SME: 3824]
* Mon Jan 28 2008 Charlie Brady <charlie_brady@mitel.com> 1.05-7
- Patch tinydns to publish complete client-side alias chains. [SME: 3826]
* Mon Jan 28 2008 Charlie Brady <charlie_brady@mitel.com> 1.05-6
- Patch to fix problems with delegation loops. [SME: 3825]
* Mon Jan 28 2008 Charlie Brady <charlie_brady@mitel.com> 1.05-5
- Patch to fix various problems in dnscache CNAME record handling. [SME: 3824]
* Thu Jan 10 2008 Charlie Brady <charlieb@e-smith.com> 1.05-4
- Patch around TCP bug: http://alkemio.org/dns_transmit-bug.html
- Change license to "Public Domain' - http://cr.yp.to/distributors.html
* Sun Apr 29 2007 Shad L. Lords <slords@mail.com>
- Clean up spec so package can be built by koji/plague
* Thu Dec 07 2006 Shad L. Lords <slords@mail.com>
- Update to new release naming. No functional changes.
- Make Packager generic
* Thu Nov 11 2004 Charlie Brady <charlieb@e-smith.com> 1.05-02
- Use "conf-cc" value which works around errno problem.
* Tue Feb 20 2001 Peter Samuel <peters@e-smith.com>
- [1.05-01]
- Updated for djbdns-1.05.
* Tue Feb 6 2001 Peter Samuel <peters@e-smith.com>
- [1.04-01]
- Now installs in its own root area prior to creating binary RPM.
%prep
%setup
# This patch allows files to be installed in a relative directory prior
# to creating the binary RPM. It does not change the installed files or
# their final installed locations.
%patch0 -p1
# Create the relative installation directories.
mkdir -p ./root/usr
mkdir -p ./root/etc
%patch20 -p1
%patch30 -p1
%patch50 -p1
%patch60 -p1
%patch70 -p1
%patch80 -p1
%patch90 -p1
%patch120 -p1
%patch200 -p1
%patch210 -p1
%patch230 -p1
%patch240 -p1
%patch270 -p1
%patch300 -p1
%patch310 -p1
%patch320 -p1
%patch330 -p1
%patch450 -p1
%patch500 -p1
%build
echo "gcc -O2 -Wall --include /usr/include/errno.h" > conf-cc
echo "gcc -s -Os -pipe" > conf-ld
make
%install
make setup
make check
rm -rf $RPM_BUILD_ROOT
(cd root ; find . -depth -print | cpio -dump $RPM_BUILD_ROOT)
%clean
rm -rf $RPM_BUILD_ROOT
%files
%attr(644,root,root) /etc/dnsroots.global
%attr(755,root,root) /usr/local/bin/axfrdns
%attr(755,root,root) /usr/local/bin/axfrdns-conf
%attr(755,root,root) /usr/local/bin/axfr-get
%attr(755,root,root) /usr/local/bin/dnscache
%attr(755,root,root) /usr/local/bin/dnscache-conf
%attr(755,root,root) /usr/local/bin/dnsfilter
%attr(755,root,root) /usr/local/bin/dnsip
%attr(755,root,root) /usr/local/bin/dnsipq
%attr(755,root,root) /usr/local/bin/dnsmx
%attr(755,root,root) /usr/local/bin/dnsname
%attr(755,root,root) /usr/local/bin/dnsq
%attr(755,root,root) /usr/local/bin/dnsqr
%attr(755,root,root) /usr/local/bin/dnstrace
%attr(755,root,root) /usr/local/bin/dnstracesort
%attr(755,root,root) /usr/local/bin/dnstxt
%attr(755,root,root) /usr/local/bin/pickdns
%attr(755,root,root) /usr/local/bin/pickdns-conf
%attr(755,root,root) /usr/local/bin/pickdns-data
%attr(755,root,root) /usr/local/bin/random-ip
%attr(755,root,root) /usr/local/bin/rbldns
%attr(755,root,root) /usr/local/bin/rbldns-conf
%attr(755,root,root) /usr/local/bin/rbldns-data
%attr(755,root,root) /usr/local/bin/tinydns
%attr(755,root,root) /usr/local/bin/tinydns-conf
%attr(755,root,root) /usr/local/bin/tinydns-data
%attr(755,root,root) /usr/local/bin/tinydns-edit
%attr(755,root,root) /usr/local/bin/tinydns-get
%attr(755,root,root) /usr/local/bin/walldns
%attr(755,root,root) /usr/local/bin/walldns-conf

11
dns_transmit-bug.patch Normal file
View File

@ -0,0 +1,11 @@
diff -Nur -x '*.orig' -x '*.rej' djbdns-1.05/dns_transmit.c mezzanine_patched_djbdns-1.05/dns_transmit.c
--- djbdns-1.05/dns_transmit.c 2001-02-11 16:11:45.000000000 -0500
+++ mezzanine_patched_djbdns-1.05/dns_transmit.c 2008-01-10 14:37:04.000000000 -0500
@@ -166,6 +166,7 @@
taia_uint(&d->deadline,10);
taia_add(&d->deadline,&d->deadline,&now);
if (socket_connect4(d->s1 - 1,ip,53) == 0) {
+ d->pos = 0;
d->tcpstate = 2;
return 0;
}