Unbreak cloaking plugin
In version 2.1.3, when the cloaking pluging was enabled, a blocked response was returned for records that were not A/AAAA/PTR, even with names that were not in the cloaked list.
This commit is contained in:
parent
2edfdc48b8
commit
68f3ab249c
|
@ -67,6 +67,9 @@ t || dig -p${DNS_PORT} +dnssec www.darpa.mil @127.0.0.1 2>&1 | grep -Fvq 'RRSIG'
|
||||||
|
|
||||||
section
|
section
|
||||||
t || dig -p${DNS_PORT} +short cloaked.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail
|
t || dig -p${DNS_PORT} +short cloaked.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail
|
||||||
|
t || dig -p${DNS_PORT} +short MX cloaked.com @127.0.0.1 | grep -Fq 'locally blocked' || fail
|
||||||
|
t || dig -p${DNS_PORT} +short MX example.com @127.0.0.1 | grep -Fvq 'locally blocked' || fail
|
||||||
|
t || dig -p${DNS_PORT} NS cloaked.com @127.0.0.1 | grep -Fiq 'gtld-servers.net' || fail
|
||||||
t || dig -p${DNS_PORT} +short www.cloaked2.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail
|
t || dig -p${DNS_PORT} +short www.cloaked2.com @127.0.0.1 | grep -Eq '1.1.1.1|1.0.0.1' || fail
|
||||||
t || dig -p${DNS_PORT} +short www.dnscrypt-test @127.0.0.1 | grep -Fq '192.168.100.100' || fail
|
t || dig -p${DNS_PORT} +short www.dnscrypt-test @127.0.0.1 | grep -Fq '192.168.100.100' || fail
|
||||||
t || dig -p${DNS_PORT} a.www.dnscrypt-test @127.0.0.1 | grep -Fq 'NXDOMAIN' || fail
|
t || dig -p${DNS_PORT} a.www.dnscrypt-test @127.0.0.1 | grep -Fq 'NXDOMAIN' || fail
|
||||||
|
|
|
@ -136,12 +136,7 @@ func (plugin *PluginCloak) Reload() error {
|
||||||
|
|
||||||
func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error {
|
func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error {
|
||||||
question := msg.Question[0]
|
question := msg.Question[0]
|
||||||
if question.Qclass != dns.ClassINET ||
|
if question.Qclass != dns.ClassINET || question.Qtype == dns.TypeNS || question.Qtype == dns.TypeSOA {
|
||||||
(question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR) {
|
|
||||||
if question.Qclass != dns.ClassINET || (question.Qtype != dns.TypeNS || question.Qtype == dns.TypeSOA) {
|
|
||||||
pluginsState.action = PluginsActionReject
|
|
||||||
pluginsState.returnCode = PluginsReturnCodeCloak
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
now := time.Now()
|
now := time.Now()
|
||||||
|
@ -151,6 +146,12 @@ func (plugin *PluginCloak) Eval(pluginsState *PluginsState, msg *dns.Msg) error
|
||||||
plugin.RUnlock()
|
plugin.RUnlock()
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
if question.Qtype != dns.TypeA && question.Qtype != dns.TypeAAAA && question.Qtype != dns.TypePTR {
|
||||||
|
plugin.RUnlock()
|
||||||
|
pluginsState.action = PluginsActionReject
|
||||||
|
pluginsState.returnCode = PluginsReturnCodeCloak
|
||||||
|
return nil
|
||||||
|
}
|
||||||
cloakedName := xcloakedName.(*CloakedName)
|
cloakedName := xcloakedName.(*CloakedName)
|
||||||
ttl, expired := plugin.ttl, false
|
ttl, expired := plugin.ttl, false
|
||||||
if cloakedName.lastUpdate != nil {
|
if cloakedName.lastUpdate != nil {
|
||||||
|
|
Loading…
Reference in New Issue