abc.ex.com should be rejected if both ex.com and bc.ex.com are listed in a blacklist
With the following ruleset: ex.com bc.ex.com "abc.ex.com" finds "bc.ex.com" as the longest suffix. However, since it's not at a label boundary, it is not rejected. However, there is a more general rule that should be considered, ex.com. So we need to perform at least two lookups in that case.
This commit is contained in:
parent
6ca2697128
commit
29fee1585f
|
@ -142,10 +142,18 @@ func (plugin *PluginBlockName) Eval(pluginsState *PluginsState, msg *dns.Msg) er
|
|||
revQname := StringReverse(qName)
|
||||
reject, reason := false, ""
|
||||
if !reject {
|
||||
match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname))
|
||||
if found {
|
||||
if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(revQname)); found {
|
||||
if len(match) == len(qName) || revQname[len(match)] == '.' {
|
||||
reject, reason = true, "*."+StringReverse(string(match))
|
||||
} else if len(match) < len(revQname) && len(revQname) > 0 {
|
||||
if i := strings.LastIndex(revQname, "."); i > 0 {
|
||||
pName := revQname[:i]
|
||||
if match, _, found := plugin.blockedSuffixes.Root().LongestPrefix([]byte(pName)); found {
|
||||
if len(match) == len(pName) || pName[len(match)] == '.' {
|
||||
reject, reason = true, "*."+StringReverse(string(match))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue