From 0b5c0af5eeffcd1aaa2e854fe1ab2572417d1727 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Thu, 10 May 2018 10:39:21 +0200
Subject: [PATCH] IPv6 blocking: add a synthetic SOA record

---
 dnscrypt-proxy/plugin_block_ipv6.go | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/dnscrypt-proxy/plugin_block_ipv6.go b/dnscrypt-proxy/plugin_block_ipv6.go
index 2d628d50..65f57035 100644
--- a/dnscrypt-proxy/plugin_block_ipv6.go
+++ b/dnscrypt-proxy/plugin_block_ipv6.go
@@ -1,6 +1,11 @@
 package main
 
-import "github.com/miekg/dns"
+import (
+	"strings"
+	"time"
+
+	"github.com/miekg/dns"
+)
 
 type PluginBlockIPv6 struct{}
 
@@ -43,6 +48,27 @@ func (plugin *PluginBlockIPv6) Eval(pluginsState *PluginsState, msg *dns.Msg) er
 	hinfo.Cpu = "AAAA queries have been locally blocked by dnscrypt-proxy"
 	hinfo.Os = "Set block_ipv6 to false to disable this feature"
 	synth.Answer = []dns.RR{hinfo}
+	qName := question.Name
+	i := strings.Index(qName, ".")
+	parentZone := "."
+	if !(i < 0 || i+1 >= len(qName)) {
+		parentZone = qName[i+1:]
+	}
+	dotParentZone := "."
+	if parentZone != "." {
+		dotParentZone += parentZone
+	}
+	soa := new(dns.SOA)
+	soa.Mbox = "h" + dotParentZone
+	soa.Ns = "n" + dotParentZone
+	soa.Serial = uint32(time.Now().Unix())
+	soa.Refresh = 10000
+	soa.Minttl = 2400
+	soa.Expire = 604800
+	soa.Retry = 300
+	soa.Hdr = dns.RR_Header{Name: parentZone, Rrtype: dns.TypeSOA,
+		Class: dns.ClassINET, Ttl: 60}
+	synth.Ns = []dns.RR{soa}
 	pluginsState.synthResponse = synth
 	pluginsState.action = PluginsActionSynth
 	return nil