Commits


* make wildcarddnsd compile and run on NetBSD 6.1.5


Log TCP bytes as well...


After talking about a DDOS attack that I saw in my logs with my friend, I decided to log received bytes and sent bytes. Much useless typing for this but I got it.


instead of setproctitle()'ing "wildcarddnsd master on port %u" just display "wildcarddnsd master" as we don't know the port yet when it's defined in the later checked configfile. So DONT LIE if it differs.


* add whitelisting * this mode is based on the filter which is a blacklist. * whitelist assumes everything as denied and opens access to listed ip ranges. * while there fix filtering for tcp6 which was broken


* make everything prettier (KNF) * OpenSMTPD is taken as an example here for prototypes * grooming these was a lot of hard work...


* remove old Berkeley DB code, by now we're committed fully to Berkeley DB versions 4.6 and higher (as long as it's below version 6 which has license changes I read).


* make sure that files are cleaned up upon signals SIGTERM, SIGINT and SIGHUP the databases are written to /var/db/wdns/[pid]/* and then cleaned up after use, after a kernel panic these may be left lingering and should be cleaned up by the administrator per rm -rf once in a while as they will amount...


In programming consistency is key, so clean up the prototypes (KNF), and also move code that was duplicated into it's own check_qtype() function. While there clean up this code and make it consistent.


RFC 1996 (DNS Notify) support, this couldn't be fully tested on IPv6 since I lack a master on IPv6. Tested on FreeBSD 10, OpenBSD 5.5


* NAPTR (RFC 2915) support * while there I did some checking against replysize for large packets in reply_* instead of UDP_MAXSIZE * the NAPTR pointers take up 20KB more per record, so if you got 200 records your database will grow by roughly 4 MB


* Fix up some previous made mistakes regarding EDNS0 * This should _hopefully_ complete EDNS0 support (receive and send) * relevant RFC's are RFC 6891 and RFC3225


* RFC 6891 section 6.2.3 states: Values lower than 512 MUST be treated as equal to 512. This conforms to that.


* RFC 3225 (Indicating Resolver Support of DNSSEC) support * this is a fixup to last commit to show edns0 queries when they are done with the DO bit set. tested on OpenBSD


* first steps at EDNS0 support, this just detects an EDNS0 request but doesn't reply in that fashion. * EDNS0 is RFC 6891 * while there I think I fixed a bug that would have allowed compressed names the check was in a wrong spot, please correct me if I'm wrong.


* add a defineable ratelimit between 1 and 127 packets per second per a 16 bit hash of IP (IPv4 and IPv6). * example configuration is in example8.conf where it's 6 packets per second. * this will add memory to the order of 65536 * (((pps * 2) * 8) + 1) so 12 pps would be 12648448 bytes of shared memory added... * also there is a race that I know about in the adding of a packet to the backlog, but I don't use the -n flag in production so it's limited compiles and tested on OpenBSD 5.5


* fix linux and macosx Makefile * fix use of SLIST_FOREACH macros on BSD with SLIST_FOREACH_SAFE, many many thank yous to Otto Moerbeek of OpenBSD in helping hint that there is a use after free involved and offering hints on how to fix. This fixes W on OpenBSD-current (5.5-current). Tested on OpenBSD-current, FreeBSD 10 Compiles on Linux Raspbian


* add filtering capability, this is like recurse and will traverse a singly linked list everytime a connect or received packet is made. I'm hoping on revisiting this some day. Thanks to the guys that were abusing/scanning my dns server. * rename some variables around the queue(3) macros that I used for singly linked lists. They should have less confusing reuse of names. I did this in search for a bug that is possibly caused by OpenBSD-current which I currently use as my main developing workstation. * add a sample filter entry in example8.conf Tested to work on OpenBSD 5.5-stable


* SSHFP support (RR# 44) RFC 4255 This supports SHA1 and SHA256 fingerprints * instead of replying from an area on the stack, move it to the heap This fixes truncation between udp and tcp queries. Tested on OpenBSD


* SPF (RR 99) rfc 4408 support tested on OpenBSD


* use IPPROTO_UDP instead of the gai struct, fixes W with the -b option


Configuration file options, these override the commandline options they are: -b option == bind IP; -i option == interface "lo0"; -n option == fork 2; -p option == port 10034; -l option == log; The format of these are the following: options "cute options" { log; } as an example. tested on OpenBSD 5.4


* move init_region() to main.c


* reflect the year 2014 in the Copyright


Ooops! I didn't intend to lose support for version 4 database, caught by myself.