XFR is now limited to certains IP configured in the config file

https://github.com/outout14/sacrebleu-dns/issues/11
https://github.com/outout14/sacrebleu-dns/issues/11#issuecomment-753423572

README.md

@@ -56,6 +56,8 @@ Variables names are case sensitives.
 |Port|int|``6379``|Redis Database port
 |DB|int|``0``|Redis Database ID
 |TTL|int|``10``|Redis Time To Live (in seconds)
+|DNS|Section
+|XfrIPs|[]string|``*,192.0.2.9,192.0.2.98``|Allowed IPs for XFR transfer (``*`` for any)
 
 ## What is working 
 - Read records (stricts & wildcard) from MySQL

core/handleDnsRequest.go

@@ -1,24 +1,36 @@
 package core
 
 import (
+	"net"
+
 	"github.com/miekg/dns"
+	"github.com/outout14/sacrebleu-dns/utils"
 )
 
 //HandleDNSRequest : Handle the DNS request using miekg/dns
 //Requires dns.ReponseWriter and dns.Msg args
-func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
-
+func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg, conf *utils.Conf) {
 	//dns.Msg object
 	//Will be passed to the parseQuery() function
 	m := new(dns.Msg)
 	m.SetReply(r)
 	m.Compress = false
 
+	ip, _, _ := net.SplitHostPort(w.RemoteAddr().String())
+
 	if r.Question[0].Qtype == dns.TypeAXFR {
-		parseAXFR(m)
+		if utils.XfrAllowed(ip, conf) {
+			parseAXFR(m)
+		} else {
+			m := new(dns.Msg)
+			m.SetRcode(r, dns.RcodeRefused)
+			w.WriteMsg(m)
+		}
+
 	} else if r.Opcode == dns.OpcodeQuery { //Only respond to dns queries
 		parseQuery(m)
 	}
 
 	w.WriteMsg(m) //Write the DNS response
+
 }

extra/config.ini.example

@@ -23,6 +23,6 @@ Password = ""
 DB = 0
 TTL = 10  #In seconds 
 
-[Dns]
-XfrIPs = ["*"] #Array of slaves IPs
-Nameservers = ["ns1.example.org", "ns2.example.org", "ns1.example.com"] #Arry of NS urls. (the first one is the master) 
+[DNS]
+XfrIPs = *, 10.100.0.3 #Array of slaves IPs
+Nameservers = ns1.example.org, ns2.example.org, ns1.example.com #Arry of NS urls. (the first one is the master) 

main.go

@@ -35,7 +35,7 @@ func main() {
 	utils.InitLogger(conf)
 
 	//Attach DNS request handler func for all domains
-	dns.HandleFunc(".", core.HandleDNSRequest)
+	dns.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { core.HandleDNSRequest(w, r, conf) })
 
 	//Initialize the redis database
 	utils.RedisDatabase(conf)
@@ -49,7 +49,9 @@ func main() {
 	//Start the DNS server
 	server := &dns.Server{Addr: conf.App.IP + ":" + strconv.Itoa(conf.App.Port), Net: "tcp"}             //define the server
 	logrus.WithFields(logrus.Fields{"ip": conf.App.IP, "port": conf.App.Port}).Infof("SERVER : Started") //log
-	err = server.ListenAndServe()                                                                        //start it
+	logrus.WithFields(logrus.Fields{"XfrIPs": conf.DNS.XfrIPs}).Debug("")
+
+	err = server.ListenAndServe() //start it
 	utils.CheckErr(err)
 
 	defer server.Shutdown() //shut down on application closing

utils/axfr.go

@@ -4,6 +4,19 @@ import (
 	"github.com/outout14/sacrebleu-api/api/types"
 )
 
+//XfrAllowed : check if the IP is allowed to perform XFR requests
+func XfrAllowed(remoteIP string, conf *Conf) bool {
+	for _, ip := range conf.DNS.XfrIPs {
+		if ip == "*" {
+			return true
+		}
+		if ip == remoteIP {
+			return true
+		}
+	}
+	return false
+}
+
 //GetAllRecords : Retrive all records for a domain
 func GetAllRecords(d types.Domain) []types.Record {
 	results := []types.Record{}

utils/structs.go

@@ -39,4 +39,5 @@ type Conf struct {
 	App
 	Database
 	Redis
+	DNS DNS
 }