diff options
| author | Kai Blin <kai@samba.org> | 2012-03-27 15:00:01 +0200 |
|---|---|---|
| committer | Kai Blin <kai@samba.org> | 2012-03-27 17:39:26 +0200 |
| commit | 26f7a676f9a0f6f8c5ae3bef9247c675734f35cd (patch) | |
| tree | 5870c22fa36acada2a15ee3cf67d0c2b4fc96783 /source4 | |
| parent | 06dd4d8ee1c5440809fa87fd8a1f3cfac8e9036a (diff) | |
| download | samba-26f7a676f9a0f6f8c5ae3bef9247c675734f35cd.tar.gz samba-26f7a676f9a0f6f8c5ae3bef9247c675734f35cd.tar.bz2 samba-26f7a676f9a0f6f8c5ae3bef9247c675734f35cd.zip | |
s4 dns: Only do recursive queries when allowed/desired
If recursive queries are switched off in smb.conf or the client doesn't ask for
recursion, don't recurse.
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Tue Mar 27 17:39:26 CEST 2012 on sn-devel-104
Diffstat (limited to 'source4')
| -rw-r--r-- | source4/dns_server/dns_query.c | 33 |
1 files changed, 26 insertions, 7 deletions
diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index e1deff4938..b3984a4639 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -20,15 +20,18 @@ */ #include "includes.h" +#include "smbd/service_task.h" #include "libcli/util/werror.h" #include "librpc/ndr/libndr.h" #include "librpc/gen_ndr/ndr_dns.h" #include "librpc/gen_ndr/ndr_dnsp.h" #include <ldb.h> +#include "param/param.h" #include "dsdb/samdb/samdb.h" #include "dsdb/common/util.h" #include "dns_server/dns_server.h" #include "libcli/dns/libdns.h" +#include "lib/util/util_net.h" static WERROR create_response_rr(const struct dns_name_question *question, const struct dnsp_DnssrvRpcRecord *rec, @@ -98,7 +101,8 @@ static WERROR create_response_rr(const struct dns_name_question *question, return WERR_OK; } -static WERROR ask_forwarder(TALLOC_CTX *mem_ctx, +static WERROR ask_forwarder(struct dns_server *dns, + TALLOC_CTX *mem_ctx, struct dns_name_question *question, struct dns_res_rec **answers, uint16_t *ancount, struct dns_res_rec **nsrecs, uint16_t *nscount, @@ -111,6 +115,13 @@ static WERROR ask_forwarder(TALLOC_CTX *mem_ctx, enum ndr_err_code ndr_err; WERROR werr = WERR_OK; struct tevent_req *req; + const char *forwarder = lpcfg_dns_forwarder(dns->task->lp_ctx); + + if (!is_ipaddress(forwarder)) { + DEBUG(0, ("Invalid 'dns forwarder' setting '%s', needs to be " + "an IP address\n", forwarder)); + return DNS_ERR(NAME_ERROR); + } out_packet = talloc_zero(mem_ctx, struct dns_name_packet); W_ERROR_HAVE_NO_MEMORY(out_packet); @@ -127,8 +138,7 @@ static WERROR ask_forwarder(TALLOC_CTX *mem_ctx, return DNS_ERR(SERVER_FAILURE); } - /* FIXME: Don't hardcode this, get that from a configuration somewhere */ - req = dns_udp_request_send(mem_ctx, ev, "127.0.0.1", out.data, out.length); + req = dns_udp_request_send(mem_ctx, ev, forwarder, out.data, out.length); W_ERROR_HAVE_NO_MEMORY(req); if(!tevent_req_poll(req, ev)) { @@ -229,11 +239,20 @@ WERROR dns_server_process_query(struct dns_server *dns, if (dns_authorative_for_zone(dns, in->questions[0].name)) { state->flags |= DNS_FLAG_AUTHORITATIVE; - werror = handle_question(dns, mem_ctx, &in->questions[0], &ans, &num_answers); + werror = handle_question(dns, mem_ctx, &in->questions[0], + &ans, &num_answers); } else { - DEBUG(2, ("I don't feel responsible for '%s', forwarding\n", in->questions[0].name)); - werror = ask_forwarder(mem_ctx, &in->questions[0], &ans, &num_answers, - &ns, &num_nsrecs, &adds, &num_additional); + if (state->flags & DNS_FLAG_RECURSION_DESIRED && + state->flags & DNS_FLAG_RECURSION_AVAIL) { + DEBUG(2, ("Not authorative for '%s', forwarding\n", + in->questions[0].name)); + werror = ask_forwarder(dns, mem_ctx, &in->questions[0], + &ans, &num_answers, + &ns, &num_nsrecs, + &adds, &num_additional); + } else { + werror = DNS_ERR(NAME_ERROR); + } } W_ERROR_NOT_OK_GOTO(werror, query_failed); |