Changeset 826 for trunk/pdns/pdns/pdns_recursor.cc

Timestamp:

05/08/06 09:15:35 (7 years ago)

Author:

ahu

Message:

implement 'back mapping' for IPv4 addresses mapped to IPv6, so things 'just work' and there is no need to manually map
IPv4 addresses to IPv6 for allow-from. Noted by Marcus Rueckert.
Added ::1/128 to default allow-from, as well as fe80::/16.

Files:

• trunk/pdns/pdns/pdns_recursor.cc (modified) (4 diffs)

trunk/pdns/pdns/pdns_recursor.cc

@@ -684 +684 @@
     g_stats.addRemote(addr);
     if(g_allowFrom && !g_allowFrom->match(&addr)) {
+      if(!g_quiet) 
+        L<<Logger::Error<<"["<<MT->getTid()<<"] dropping TCP query from "<<addr.toString()<<", address not matched by allow-from"<<endl;
+
       g_stats.unauthorizedTCP++;
       Utility::closesocket(newsock);
@@ -709 +712 @@
   }
 }
-
+ 
 void handleNewUDPQuestion(int fd, boost::any& var)
 {
@@ -720 +723 @@
     g_stats.addRemote(fromaddr);
     if(g_allowFrom && !g_allowFrom->match(&fromaddr)) {
+      cout<<"mapped: "<<fromaddr.isMappedIPv4()<<endl;
+      if(!g_quiet) 
+        L<<Logger::Error<<"["<<MT->getTid()<<"] dropping UDP query from "<<fromaddr.toString()<<", address not matched by allow-from"<<endl;
+
       g_stats.unauthorizedUDP++;
       return;
@@ -1587 +1594 @@
     ::arg().set("remotes-ringbuffer-entries", "maximum number of packets to store statistics for")="0";
     ::arg().set("version-string", "string reported on version.pdns or version.bind")="PowerDNS Recursor "VERSION" $Id$";
-    ::arg().set("allow-from", "If set, only allow these comma separated netmasks to recurse")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12";
+    ::arg().set("allow-from", "If set, only allow these comma separated netmasks to recurse")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/16";
     ::arg().set("max-tcp-per-client", "If set, maximum number of TCP sessions per client (IP address)")="0";
     ::arg().set("fork", "If set, fork the daemon for possible double performance")="no";