From 1ec2b3c5a273512af6e5c7d570b4ba303e3ef8dd Mon Sep 17 00:00:00 2001 From: Mael GRAMAIN Date: Sun, 3 Jan 2021 15:57:06 -0400 Subject: [PATCH] XFR is now limited to certains IP configured in the config file https://github.com/outout14/sacrebleu-dns/issues/11 https://github.com/outout14/sacrebleu-dns/issues/11#issuecomment-753423572 --- README.md | 2 ++ core/handleDnsRequest.go | 18 +++++++++++++++--- extra/config.ini.example | 6 +++--- main.go | 6 ++++-- utils/axfr.go | 13 +++++++++++++ utils/structs.go | 1 + 6 files changed, 38 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 250eef1..35d0eee 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ Variables names are case sensitives. |Port|int|``6379``|Redis Database port |DB|int|``0``|Redis Database ID |TTL|int|``10``|Redis Time To Live (in seconds) +|DNS|Section +|XfrIPs|[]string|``*,192.0.2.9,192.0.2.98``|Allowed IPs for XFR transfer (``*`` for any) ## What is working - Read records (stricts & wildcard) from MySQL diff --git a/core/handleDnsRequest.go b/core/handleDnsRequest.go index 97e0499..b9eaaaa 100644 --- a/core/handleDnsRequest.go +++ b/core/handleDnsRequest.go @@ -1,24 +1,36 @@ package core import ( + "net" + "github.com/miekg/dns" + "github.com/outout14/sacrebleu-dns/utils" ) //HandleDNSRequest : Handle the DNS request using miekg/dns //Requires dns.ReponseWriter and dns.Msg args -func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg) { - +func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg, conf *utils.Conf) { //dns.Msg object //Will be passed to the parseQuery() function m := new(dns.Msg) m.SetReply(r) m.Compress = false + ip, _, _ := net.SplitHostPort(w.RemoteAddr().String()) + if r.Question[0].Qtype == dns.TypeAXFR { - parseAXFR(m) + if utils.XfrAllowed(ip, conf) { + parseAXFR(m) + } else { + m := new(dns.Msg) + m.SetRcode(r, dns.RcodeRefused) + w.WriteMsg(m) + } + } else if r.Opcode == dns.OpcodeQuery { //Only respond to dns queries parseQuery(m) } w.WriteMsg(m) //Write the DNS response + } diff --git a/extra/config.ini.example b/extra/config.ini.example index efc13ce..062a2f9 100644 --- a/extra/config.ini.example +++ b/extra/config.ini.example @@ -23,6 +23,6 @@ Password = "" DB = 0 TTL = 10 #In seconds -[Dns] -XfrIPs = ["*"] #Array of slaves IPs -Nameservers = ["ns1.example.org", "ns2.example.org", "ns1.example.com"] #Arry of NS urls. (the first one is the master) \ No newline at end of file +[DNS] +XfrIPs = *, 10.100.0.3 #Array of slaves IPs +Nameservers = ns1.example.org, ns2.example.org, ns1.example.com #Arry of NS urls. (the first one is the master) \ No newline at end of file diff --git a/main.go b/main.go index 14122c6..0a35db6 100644 --- a/main.go +++ b/main.go @@ -35,7 +35,7 @@ func main() { utils.InitLogger(conf) //Attach DNS request handler func for all domains - dns.HandleFunc(".", core.HandleDNSRequest) + dns.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { core.HandleDNSRequest(w, r, conf) }) //Initialize the redis database utils.RedisDatabase(conf) @@ -49,7 +49,9 @@ func main() { //Start the DNS server server := &dns.Server{Addr: conf.App.IP + ":" + strconv.Itoa(conf.App.Port), Net: "tcp"} //define the server logrus.WithFields(logrus.Fields{"ip": conf.App.IP, "port": conf.App.Port}).Infof("SERVER : Started") //log - err = server.ListenAndServe() //start it + logrus.WithFields(logrus.Fields{"XfrIPs": conf.DNS.XfrIPs}).Debug("") + + err = server.ListenAndServe() //start it utils.CheckErr(err) defer server.Shutdown() //shut down on application closing diff --git a/utils/axfr.go b/utils/axfr.go index 3685835..15bcd3a 100644 --- a/utils/axfr.go +++ b/utils/axfr.go @@ -4,6 +4,19 @@ import ( "github.com/outout14/sacrebleu-api/api/types" ) +//XfrAllowed : check if the IP is allowed to perform XFR requests +func XfrAllowed(remoteIP string, conf *Conf) bool { + for _, ip := range conf.DNS.XfrIPs { + if ip == "*" { + return true + } + if ip == remoteIP { + return true + } + } + return false +} + //GetAllRecords : Retrive all records for a domain func GetAllRecords(d types.Domain) []types.Record { results := []types.Record{} diff --git a/utils/structs.go b/utils/structs.go index f188909..1b1f932 100644 --- a/utils/structs.go +++ b/utils/structs.go @@ -39,4 +39,5 @@ type Conf struct { App Database Redis + DNS DNS }