If we already performed a resolution before, even partial, don't retry
(at least until the TTL expires) So, if www.google.com is cloaked, and forcesafesearch returns a A record but no AAAA, return the cloaked A record for A queries, but don't return the actual AAAA record for AAAA queries: return a synthetic empty response instead.
This commit is contained in:
parent
5c18c51116
commit
18167c0f47
|
@ -105,13 +105,7 @@ func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error
|
|||
if cloakedName == nil {
|
||||
return nil
|
||||
}
|
||||
var ip *net.IP
|
||||
if question.Qtype == dns.TypeA {
|
||||
ip = cloakedName.ipv4
|
||||
} else {
|
||||
ip = cloakedName.ipv6
|
||||
}
|
||||
if ip == nil && !cloakedName.isIP {
|
||||
if cloakedName.ipv4 == nil && cloakedName.ipv6 == nil && !cloakedName.isIP {
|
||||
foundIPs, err := net.LookupIP(cloakedName.target)
|
||||
if err != nil {
|
||||
return nil
|
||||
|
@ -128,20 +122,20 @@ func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error
|
|||
}
|
||||
}
|
||||
plugin.Unlock()
|
||||
if question.Qtype == dns.TypeA {
|
||||
ip = cloakedName.ipv4
|
||||
} else {
|
||||
ip = cloakedName.ipv6
|
||||
}
|
||||
}
|
||||
if ip == nil {
|
||||
return nil
|
||||
var ip *net.IP
|
||||
if question.Qtype == dns.TypeA {
|
||||
ip = cloakedName.ipv4
|
||||
} else {
|
||||
ip = cloakedName.ipv6
|
||||
}
|
||||
synth, err := EmptyResponseFromMessage(msg)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if question.Qtype == dns.TypeA {
|
||||
if ip == nil {
|
||||
synth.Answer = []dns.RR{}
|
||||
} else if question.Qtype == dns.TypeA {
|
||||
rr := new(dns.A)
|
||||
rr.Hdr = dns.RR_Header{Name: question.Name, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 1}
|
||||
rr.A = *ip
|
||||
|
|
Loading…
Reference in New Issue