XFR is now limited to certains IP configured in the config file

https://github.com/outout14/sacrebleu-dns/issues/11
https://github.com/outout14/sacrebleu-dns/issues/11#issuecomment-753423572
This commit is contained in:
Mael GRAMAIN 2021-01-03 15:57:06 -04:00
parent 384ca40434
commit 1ec2b3c5a2
6 changed files with 38 additions and 8 deletions

View file

@ -56,6 +56,8 @@ Variables names are case sensitives.
|Port|int|``6379``|Redis Database port |Port|int|``6379``|Redis Database port
|DB|int|``0``|Redis Database ID |DB|int|``0``|Redis Database ID
|TTL|int|``10``|Redis Time To Live (in seconds) |TTL|int|``10``|Redis Time To Live (in seconds)
|DNS|Section
|XfrIPs|[]string|``*,192.0.2.9,192.0.2.98``|Allowed IPs for XFR transfer (``*`` for any)
## What is working ## What is working
- Read records (stricts & wildcard) from MySQL - Read records (stricts & wildcard) from MySQL

View file

@ -1,24 +1,36 @@
package core package core
import ( import (
"net"
"github.com/miekg/dns" "github.com/miekg/dns"
"github.com/outout14/sacrebleu-dns/utils"
) )
//HandleDNSRequest : Handle the DNS request using miekg/dns //HandleDNSRequest : Handle the DNS request using miekg/dns
//Requires dns.ReponseWriter and dns.Msg args //Requires dns.ReponseWriter and dns.Msg args
func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg) { func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg, conf *utils.Conf) {
//dns.Msg object //dns.Msg object
//Will be passed to the parseQuery() function //Will be passed to the parseQuery() function
m := new(dns.Msg) m := new(dns.Msg)
m.SetReply(r) m.SetReply(r)
m.Compress = false m.Compress = false
ip, _, _ := net.SplitHostPort(w.RemoteAddr().String())
if r.Question[0].Qtype == dns.TypeAXFR { if r.Question[0].Qtype == dns.TypeAXFR {
if utils.XfrAllowed(ip, conf) {
parseAXFR(m) parseAXFR(m)
} else {
m := new(dns.Msg)
m.SetRcode(r, dns.RcodeRefused)
w.WriteMsg(m)
}
} else if r.Opcode == dns.OpcodeQuery { //Only respond to dns queries } else if r.Opcode == dns.OpcodeQuery { //Only respond to dns queries
parseQuery(m) parseQuery(m)
} }
w.WriteMsg(m) //Write the DNS response w.WriteMsg(m) //Write the DNS response
} }

View file

@ -23,6 +23,6 @@ Password = ""
DB = 0 DB = 0
TTL = 10 #In seconds TTL = 10 #In seconds
[Dns] [DNS]
XfrIPs = ["*"] #Array of slaves IPs XfrIPs = *, 10.100.0.3 #Array of slaves IPs
Nameservers = ["ns1.example.org", "ns2.example.org", "ns1.example.com"] #Arry of NS urls. (the first one is the master) Nameservers = ns1.example.org, ns2.example.org, ns1.example.com #Arry of NS urls. (the first one is the master)

View file

@ -35,7 +35,7 @@ func main() {
utils.InitLogger(conf) utils.InitLogger(conf)
//Attach DNS request handler func for all domains //Attach DNS request handler func for all domains
dns.HandleFunc(".", core.HandleDNSRequest) dns.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { core.HandleDNSRequest(w, r, conf) })
//Initialize the redis database //Initialize the redis database
utils.RedisDatabase(conf) utils.RedisDatabase(conf)
@ -49,6 +49,8 @@ func main() {
//Start the DNS server //Start the DNS server
server := &dns.Server{Addr: conf.App.IP + ":" + strconv.Itoa(conf.App.Port), Net: "tcp"} //define the server server := &dns.Server{Addr: conf.App.IP + ":" + strconv.Itoa(conf.App.Port), Net: "tcp"} //define the server
logrus.WithFields(logrus.Fields{"ip": conf.App.IP, "port": conf.App.Port}).Infof("SERVER : Started") //log logrus.WithFields(logrus.Fields{"ip": conf.App.IP, "port": conf.App.Port}).Infof("SERVER : Started") //log
logrus.WithFields(logrus.Fields{"XfrIPs": conf.DNS.XfrIPs}).Debug("")
err = server.ListenAndServe() //start it err = server.ListenAndServe() //start it
utils.CheckErr(err) utils.CheckErr(err)

View file

@ -4,6 +4,19 @@ import (
"github.com/outout14/sacrebleu-api/api/types" "github.com/outout14/sacrebleu-api/api/types"
) )
//XfrAllowed : check if the IP is allowed to perform XFR requests
func XfrAllowed(remoteIP string, conf *Conf) bool {
for _, ip := range conf.DNS.XfrIPs {
if ip == "*" {
return true
}
if ip == remoteIP {
return true
}
}
return false
}
//GetAllRecords : Retrive all records for a domain //GetAllRecords : Retrive all records for a domain
func GetAllRecords(d types.Domain) []types.Record { func GetAllRecords(d types.Domain) []types.Record {
results := []types.Record{} results := []types.Record{}

View file

@ -39,4 +39,5 @@ type Conf struct {
App App
Database Database
Redis Redis
DNS DNS
} }