Hi,
I have made a patch to disable the A-for-A feature.
I believe that the text portions can be made better by an actual DNS expert.

Given the following quote, and if that trend holds true, there are probably
no significant A-for-A requests anymore.

The percentages of A-for-A seen by root servers reported in 2001, 2003, and
2008 was 12%–18%, 7.03%, and 2.7%, respectively. The decreasing trend
continues in our data collected in 2012, where A-for-A only contributes
0.4% of the traffic.

[[ http://cs.northwestern.edu/~ychen/Papers/DNS_ToN15.pdf ]]


---

 man/dnsmasq.8 | 3 +++

 src/dnsmasq.h | 3 ++-

 src/option.c  | 3 +++

 src/rfc1035.c | 2 +-

 4 files changed, 9 insertions(+), 2 deletions(-)


diff --git a/man/dnsmasq.8 b/man/dnsmasq.8

index 6b914ec..40d531c 100644

--- a/man/dnsmasq.8

+++ b/man/dnsmasq.8

@@ -1908,6 +1908,9 @@ A special case of

 which differs in two respects. Firstly, only --server and --rev-server are
allowed

 in the configuration file included. Secondly, the file is re-read and the
configuration

 therein is updated when dnsmasq receives SIGHUP.

+.TP

+.B --no-afora

+Do not treat A-for-A DNS requests special. I.e. do not duck type a FQDN to
an IP.

 .SH CONFIG FILE

 At startup, dnsmasq reads

 .I /etc/dnsmasq.conf,

diff --git a/src/dnsmasq.h b/src/dnsmasq.h

index f4d330a..dbb3477 100644

--- a/src/dnsmasq.h

+++ b/src/dnsmasq.h

@@ -250,7 +250,8 @@ struct event_desc {

 #define OPT_MAC_B64        54

 #define OPT_MAC_HEX        55

 #define OPT_TFTP_APREF_MAC 56

-#define OPT_LAST           57

+#define OPT_NO_AFORA       57

+#define OPT_LAST           58


 /* extra flags for my_syslog, we use a couple of facilities since they are
known

    not to occupy the same bits as priorities, no matter how syslog.h is
set up. */

diff --git a/src/option.c b/src/option.c

index 831593b..be3bb9e 100644

--- a/src/option.c

+++ b/src/option.c

@@ -160,6 +160,7 @@ struct myoption {

 #define LOPT_DHCPTTL       348

 #define LOPT_TFTP_MTU      349

 #define LOPT_REPLY_DELAY   350

+#define LOPT_NO_AFORA      351


 #ifdef HAVE_GETOPT_LONG

 static const struct option opts[] =

@@ -325,6 +326,7 @@ static const struct myoption opts[] =

     { "script-arp", 0, 0, LOPT_SCRIPT_ARP },

     { "dhcp-ttl", 1, 0 , LOPT_DHCPTTL },

     { "dhcp-reply-delay", 1, 0, LOPT_REPLY_DELAY },

+    { "no-afora", 0, 0, LOPT_NO_AFORA },

     { NULL, 0, 0, 0 }

   };


@@ -497,6 +499,7 @@ static struct {

   { LOPT_IGNORE_ADDR, ARG_DUP, "<ipaddr>", gettext_noop("Ignore DNS
responses containing ipaddr."), NULL },

   { LOPT_DHCPTTL, ARG_ONE, "<ttl>", gettext_noop("Set TTL in DNS responses
with DHCP-derived addresses."), NULL },

   { LOPT_REPLY_DELAY, ARG_ONE, "<integer>", gettext_noop("Delay DHCP
replies for at least number of seconds."), NULL },

+  { LOPT_NO_AFORA, OPT_NO_AFORA, NULL, gettext_noop("Do not treat A-for-A
special."), NULL },

   { 0, 0, NULL, NULL, NULL }

 };


diff --git a/src/rfc1035.c b/src/rfc1035.c

index 0ad3ab1..940fc25 100644

--- a/src/rfc1035.c

+++ b/src/rfc1035.c

@@ -1570,7 +1570,7 @@ size_t answer_request(struct dns_header *header, char
*limit, size_t qlen,


              /* Check for "A for A"  queries; be rather conservative

                 about what looks like dotted-quad.  */

-             if (qtype == T_A)

+             if (qtype == T_A && !option_bool(OPT_NO_AFORA))

                {

                  char *cp;

                  unsigned int i, a;
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to