[Dnsmasq-discuss] blocklists, blocking servers, rebind attacks & general aaarrggh

Simon Kelley simon at thekelleys.org.uk
Mon Jul 5 20:13:35 UTC 2021


On 05/07/2021 09:20, Kevin Darbyshire-Bryant wrote:
> <snip>
>> I looked at the code that determines private addresses for --bogus-priv
>> and rebind: It's a bit unruly for IPv6, so I've rationalised things and
>> included :: and 0.0.0.0 in the --rebind-localhost-ok coverage, which at
>> least avoids the log spam.
>>
>>
>> I wonder if bogus-nxdomain should be extended to IPv6, or we could add
>> another option which is the equivalent of
>>
>> bogus-nxdomain=0.0.0.0,::
>>
>> Or both.
> 
> Thanks Simon, definitely looks more rational, will give it a try.
> 
> Incidentally, is there a typo in a92c6d77dcd475579c39bdff141f5eb128e2a048 ? - I think you mean to de-ref the pointer, not compare the pointer.
> 
> 
> diff --git a/src/domain-match.c b/src/domain-match.c
> index f82bbdb..97ae9c5 100644
> --- a/src/domain-match.c
> +++ b/src/domain-match.c
> @@ -591,7 +591,7 @@ int add_update_server(int flags,
>    else if (*domain == '*')
>      {
>        domain++;
> -      if (domain != 0)
> +      if (*domain)
>         flags |= SERV_WILDCARD;
>      }
> 
> 

Thanks for catching that. Patch applied.


Simon.




More information about the Dnsmasq-discuss mailing list