XFR is now limited to certains IP configured in the config file

https://github.com/outout14/sacrebleu-dns/issues/11
https://github.com/outout14/sacrebleu-dns/issues/11#issuecomment-753423572
This commit is contained in:
Mael GRAMAIN 2021-01-03 15:57:06 -04:00
parent 384ca40434
commit 1ec2b3c5a2
6 changed files with 38 additions and 8 deletions

View file

@ -56,6 +56,8 @@ Variables names are case sensitives.
|Port|int|``6379``|Redis Database port
|DB|int|``0``|Redis Database ID
|TTL|int|``10``|Redis Time To Live (in seconds)
|DNS|Section
|XfrIPs|[]string|``*,192.0.2.9,192.0.2.98``|Allowed IPs for XFR transfer (``*`` for any)
## What is working
- Read records (stricts & wildcard) from MySQL

View file

@ -1,24 +1,36 @@
package core
import (
"net"
"github.com/miekg/dns"
"github.com/outout14/sacrebleu-dns/utils"
)
//HandleDNSRequest : Handle the DNS request using miekg/dns
//Requires dns.ReponseWriter and dns.Msg args
func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg) {
func HandleDNSRequest(w dns.ResponseWriter, r *dns.Msg, conf *utils.Conf) {
//dns.Msg object
//Will be passed to the parseQuery() function
m := new(dns.Msg)
m.SetReply(r)
m.Compress = false
ip, _, _ := net.SplitHostPort(w.RemoteAddr().String())
if r.Question[0].Qtype == dns.TypeAXFR {
parseAXFR(m)
if utils.XfrAllowed(ip, conf) {
parseAXFR(m)
} else {
m := new(dns.Msg)
m.SetRcode(r, dns.RcodeRefused)
w.WriteMsg(m)
}
} else if r.Opcode == dns.OpcodeQuery { //Only respond to dns queries
parseQuery(m)
}
w.WriteMsg(m) //Write the DNS response
}

View file

@ -23,6 +23,6 @@ Password = ""
DB = 0
TTL = 10 #In seconds
[Dns]
XfrIPs = ["*"] #Array of slaves IPs
Nameservers = ["ns1.example.org", "ns2.example.org", "ns1.example.com"] #Arry of NS urls. (the first one is the master)
[DNS]
XfrIPs = *, 10.100.0.3 #Array of slaves IPs
Nameservers = ns1.example.org, ns2.example.org, ns1.example.com #Arry of NS urls. (the first one is the master)

View file

@ -35,7 +35,7 @@ func main() {
utils.InitLogger(conf)
//Attach DNS request handler func for all domains
dns.HandleFunc(".", core.HandleDNSRequest)
dns.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { core.HandleDNSRequest(w, r, conf) })
//Initialize the redis database
utils.RedisDatabase(conf)
@ -49,7 +49,9 @@ func main() {
//Start the DNS server
server := &dns.Server{Addr: conf.App.IP + ":" + strconv.Itoa(conf.App.Port), Net: "tcp"} //define the server
logrus.WithFields(logrus.Fields{"ip": conf.App.IP, "port": conf.App.Port}).Infof("SERVER : Started") //log
err = server.ListenAndServe() //start it
logrus.WithFields(logrus.Fields{"XfrIPs": conf.DNS.XfrIPs}).Debug("")
err = server.ListenAndServe() //start it
utils.CheckErr(err)
defer server.Shutdown() //shut down on application closing

View file

@ -4,6 +4,19 @@ import (
"github.com/outout14/sacrebleu-api/api/types"
)
//XfrAllowed : check if the IP is allowed to perform XFR requests
func XfrAllowed(remoteIP string, conf *Conf) bool {
for _, ip := range conf.DNS.XfrIPs {
if ip == "*" {
return true
}
if ip == remoteIP {
return true
}
}
return false
}
//GetAllRecords : Retrive all records for a domain
func GetAllRecords(d types.Domain) []types.Record {
results := []types.Record{}

View file

@ -39,4 +39,5 @@ type Conf struct {
App
Database
Redis
DNS DNS
}