[Dnsmasq-discuss] blocklists, blocking servers, rebind attacks & general aaarrggh

Kevin Darbyshire-Bryant kevin at darbyshire-bryant.me.uk
Mon Jul 5 08:20:12 UTC 2021


<snip>
> I looked at the code that determines private addresses for --bogus-priv
> and rebind: It's a bit unruly for IPv6, so I've rationalised things and
> included :: and 0.0.0.0 in the --rebind-localhost-ok coverage, which at
> least avoids the log spam.
> 
> 
> I wonder if bogus-nxdomain should be extended to IPv6, or we could add
> another option which is the equivalent of
> 
> bogus-nxdomain=0.0.0.0,::
> 
> Or both.

Thanks Simon, definitely looks more rational, will give it a try.

Incidentally, is there a typo in a92c6d77dcd475579c39bdff141f5eb128e2a048 ? - I think you mean to de-ref the pointer, not compare the pointer.


diff --git a/src/domain-match.c b/src/domain-match.c
index f82bbdb..97ae9c5 100644
--- a/src/domain-match.c
+++ b/src/domain-match.c
@@ -591,7 +591,7 @@ int add_update_server(int flags,
   else if (*domain == '*')
     {
       domain++;
-      if (domain != 0)
+      if (*domain)
        flags |= SERV_WILDCARD;
     }


Cheers,

Kevin D-B

gpg: 012C ACB2 28C6 C53E 9775  9123 B3A2 389B 9DE2 334A

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20210705/09eb1481/attachment.sig>


More information about the Dnsmasq-discuss mailing list