38 lines
985 B
C
38 lines
985 B
C
/* Copyright (C) Knot Resolver contributors.
|
|
* SPDX-License-Identifier: GPL-3.0-or-later
|
|
*
|
|
* This module responds to all queries without RD bit set with REFUSED. */
|
|
|
|
#include <libknot/consts.h>
|
|
#include <libknot/packet/pkt.h>
|
|
#include "daemon/worker.h"
|
|
#include "lib/module.h"
|
|
#include "lib/layer.h"
|
|
|
|
static int refuse_nord_query(kr_layer_t *ctx)
|
|
{
|
|
struct kr_request *req = ctx->req;
|
|
uint8_t rd = knot_wire_get_rd(req->qsource.packet->wire);
|
|
if (rd)
|
|
return ctx->state;
|
|
|
|
knot_pkt_t *answer = kr_request_ensure_answer(req);
|
|
if (!answer)
|
|
return ctx->state;
|
|
knot_wire_set_rcode(answer->wire, KNOT_RCODE_REFUSED);
|
|
knot_wire_clear_ad(answer->wire);
|
|
kr_request_set_extended_error(req, KNOT_EDNS_EDE_NOTAUTH, "ABC4");
|
|
ctx->state = KR_STATE_DONE;
|
|
return ctx->state;
|
|
}
|
|
|
|
KR_EXPORT int refuse_nord_init(struct kr_module *module)
|
|
{
|
|
static const kr_layer_api_t layer = {
|
|
.begin = &refuse_nord_query,
|
|
};
|
|
module->layer = &layer;
|
|
return kr_ok();
|
|
}
|
|
|
|
KR_MODULE_EXPORT(refuse_nord)
|