Mattias Hellström
2018-01-25 15:03:57 UTC
Hi,
I have made a patch to disable the A-for-A feature.
I believe that the text portions can be made better by an actual DNS expert.
Given the following quote, and if that trend holds true, there are probably
no significant A-for-A requests anymore.
The percentages of A-for-A seen by root servers reported in 2001, 2003, and
2008 was 12%â18%, 7.03%, and 2.7%, respectively. The decreasing trend
continues in our data collected in 2012, where A-for-A only contributes
0.4% of the traffic.
[[ http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf ]]
---
man/dnsmasq.8 | 3 +++
src/dnsmasq.h | 3 ++-
src/option.c | 3 +++
src/rfc1035.c | 2 +-
4 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 6b914ec..40d531c 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1908,6 +1908,9 @@ A special case of
which differs in two respects. Firstly, only --server and --rev-server are
allowed
in the configuration file included. Secondly, the file is re-read and the
configuration
therein is updated when dnsmasq receives SIGHUP.
+.TP
+.B --no-afora
+Do not treat A-for-A DNS requests special. I.e. do not duck type a FQDN to
an IP.
.SH CONFIG FILE
At startup, dnsmasq reads
.I /etc/dnsmasq.conf,
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f4d330a..dbb3477 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -250,7 +250,8 @@ struct event_desc {
#define OPT_MAC_B64 54
#define OPT_MAC_HEX 55
#define OPT_TFTP_APREF_MAC 56
-#define OPT_LAST 57
+#define OPT_NO_AFORA 57
+#define OPT_LAST 58
/* extra flags for my_syslog, we use a couple of facilities since they are
known
not to occupy the same bits as priorities, no matter how syslog.h is
set up. */
diff --git a/src/option.c b/src/option.c
index 831593b..be3bb9e 100644
--- a/src/option.c
+++ b/src/option.c
@@ -160,6 +160,7 @@ struct myoption {
#define LOPT_DHCPTTL 348
#define LOPT_TFTP_MTU 349
#define LOPT_REPLY_DELAY 350
+#define LOPT_NO_AFORA 351
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -325,6 +326,7 @@ static const struct myoption opts[] =
{ "script-arp", 0, 0, LOPT_SCRIPT_ARP },
{ "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
{ "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },
+ { "no-afora", 0, 0, LOPT_NO_AFORA },
{ NULL, 0, 0, 0 }
};
@@ -497,6 +499,7 @@ static struct {
{ LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS
responses containing ipaddr."), NULL },
{ LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses
with DHCP-derived addresses."), NULL },
{ LOPT_REPLY_DELAY, ARG_ONE, "<integer>", gettext_noop("Delay DHCP
replies for at least number of seconds."), NULL },
+ { LOPT_NO_AFORA, OPT_NO_AFORA, NULL, gettext_noop("Do not treat A-for-A
special."), NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 0ad3ab1..940fc25 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1570,7 +1570,7 @@ size_t answer_request(struct dns_header *header, char
*limit, size_t qlen,
/* Check for "A for A" queries; be rather conservative
about what looks like dotted-quad. */
- if (qtype == T_A)
+ if (qtype == T_A && !option_bool(OPT_NO_AFORA))
{
char *cp;
unsigned int i, a;
I have made a patch to disable the A-for-A feature.
I believe that the text portions can be made better by an actual DNS expert.
Given the following quote, and if that trend holds true, there are probably
no significant A-for-A requests anymore.
The percentages of A-for-A seen by root servers reported in 2001, 2003, and
2008 was 12%â18%, 7.03%, and 2.7%, respectively. The decreasing trend
continues in our data collected in 2012, where A-for-A only contributes
0.4% of the traffic.
[[ http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf ]]
---
man/dnsmasq.8 | 3 +++
src/dnsmasq.h | 3 ++-
src/option.c | 3 +++
src/rfc1035.c | 2 +-
4 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 6b914ec..40d531c 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -1908,6 +1908,9 @@ A special case of
which differs in two respects. Firstly, only --server and --rev-server are
allowed
in the configuration file included. Secondly, the file is re-read and the
configuration
therein is updated when dnsmasq receives SIGHUP.
+.TP
+.B --no-afora
+Do not treat A-for-A DNS requests special. I.e. do not duck type a FQDN to
an IP.
.SH CONFIG FILE
At startup, dnsmasq reads
.I /etc/dnsmasq.conf,
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index f4d330a..dbb3477 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -250,7 +250,8 @@ struct event_desc {
#define OPT_MAC_B64 54
#define OPT_MAC_HEX 55
#define OPT_TFTP_APREF_MAC 56
-#define OPT_LAST 57
+#define OPT_NO_AFORA 57
+#define OPT_LAST 58
/* extra flags for my_syslog, we use a couple of facilities since they are
known
not to occupy the same bits as priorities, no matter how syslog.h is
set up. */
diff --git a/src/option.c b/src/option.c
index 831593b..be3bb9e 100644
--- a/src/option.c
+++ b/src/option.c
@@ -160,6 +160,7 @@ struct myoption {
#define LOPT_DHCPTTL 348
#define LOPT_TFTP_MTU 349
#define LOPT_REPLY_DELAY 350
+#define LOPT_NO_AFORA 351
#ifdef HAVE_GETOPT_LONG
static const struct option opts[] =
@@ -325,6 +326,7 @@ static const struct myoption opts[] =
{ "script-arp", 0, 0, LOPT_SCRIPT_ARP },
{ "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },
{ "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },
+ { "no-afora", 0, 0, LOPT_NO_AFORA },
{ NULL, 0, 0, 0 }
};
@@ -497,6 +499,7 @@ static struct {
{ LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS
responses containing ipaddr."), NULL },
{ LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses
with DHCP-derived addresses."), NULL },
{ LOPT_REPLY_DELAY, ARG_ONE, "<integer>", gettext_noop("Delay DHCP
replies for at least number of seconds."), NULL },
+ { LOPT_NO_AFORA, OPT_NO_AFORA, NULL, gettext_noop("Do not treat A-for-A
special."), NULL },
{ 0, 0, NULL, NULL, NULL }
};
diff --git a/src/rfc1035.c b/src/rfc1035.c
index 0ad3ab1..940fc25 100644
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1570,7 +1570,7 @@ size_t answer_request(struct dns_header *header, char
*limit, size_t qlen,
/* Check for "A for A" queries; be rather conservative
about what looks like dotted-quad. */
- if (qtype == T_A)
+ if (qtype == T_A && !option_bool(OPT_NO_AFORA))
{
char *cp;
unsigned int i, a;