summaryrefslogtreecommitdiffstats
path: root/modules/workarounds
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 00:55:53 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 00:55:53 +0000
commit3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch)
treef87bd4a126b3a843858eb447e8fd5893c3ee3882 /modules/workarounds
parentInitial commit. (diff)
downloadknot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.tar.xz
knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.zip
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/workarounds')
-rw-r--r--modules/workarounds/README.rst14
-rw-r--r--modules/workarounds/workarounds.lua54
-rw-r--r--modules/workarounds/workarounds.mk2
3 files changed, 70 insertions, 0 deletions
diff --git a/modules/workarounds/README.rst b/modules/workarounds/README.rst
new file mode 100644
index 0000000..5aa8970
--- /dev/null
+++ b/modules/workarounds/README.rst
@@ -0,0 +1,14 @@
+.. _mod-workarounds:
+
+Workarounds
+-----------
+
+A simple module that alters resolver behavior on specific broken sub-domains.
+Currently it mainly disables case randomization on them.
+
+Running
+^^^^^^^
+.. code-block:: lua
+
+ modules = { 'workarounds < iterate' }
+
diff --git a/modules/workarounds/workarounds.lua b/modules/workarounds/workarounds.lua
new file mode 100644
index 0000000..9766782
--- /dev/null
+++ b/modules/workarounds/workarounds.lua
@@ -0,0 +1,54 @@
+-- Load dependent module
+if not policy then modules.load('policy') end
+
+local M = {} -- the module
+
+function M.config()
+ policy.add(policy.suffix(policy.FLAGS('NO_0X20'), {
+ -- https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0003.md
+ todname('avqs.mcafee.com'), todname('avts.mcafee.com'),
+
+ -- https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0006.md
+ -- Obtained via a reverse search on {ns1,ns3}.panthercdn.com.
+ todname('cdnga.com'), todname('cdngc.com'), todname('cdngd.com'),
+ todname('cdngl.com'), todname('cdngm.com'),
+ todname('cdngc.net'), todname('panthercdn.com'),
+
+ todname('magazine-fashion.net.'),
+ }))
+end
+
+-- Issue #139: When asking certain nameservers for PTR, disable 0x20.
+-- Just listing the *.in-addr.arpa suffixes would be tedious, as there are many.
+M.layer = {
+ produce = function (state, req)
+ req = kres.request_t(req)
+ local qry = req:current()
+ if qry.stype ~= kres.type.PTR
+ or bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0
+ then return state -- quick exit in most cases
+ end
+ if qry.flags.AWAIT_CUT or qry.ns.name == nil
+ then return state end
+ local name = kres.dname2str(qry.ns.name)
+ if not name then return state end
+
+ -- The problematic nameservers:
+ -- (1) rdnsN.turktelekom.com.tr.
+ if string.sub(name, 6) == '.turktelekom.com.tr.' then
+ qry.flags.NO_0X20 = true
+ qry.flags.NO_MINIMIZE = true
+ -- ^ NO_MINIMIZE isn't required for success, as kresd will retry
+ -- after getting refused, but it will speed things up.
+
+ -- (2)
+ elseif name == 'dns1.edatel.net.co.' then
+ qry.flags.NO_0X20 = true
+ end
+
+ return state
+ end,
+}
+
+return M
+
diff --git a/modules/workarounds/workarounds.mk b/modules/workarounds/workarounds.mk
new file mode 100644
index 0000000..6b0493e
--- /dev/null
+++ b/modules/workarounds/workarounds.mk
@@ -0,0 +1,2 @@
+workarounds_SOURCES := workarounds.lua
+$(call make_lua_module,workarounds)