diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 00:55:53 +0000 |
commit | 3d0386f27ca66379acf50199e1d1298386eeeeb8 (patch) | |
tree | f87bd4a126b3a843858eb447e8fd5893c3ee3882 /modules/workarounds | |
parent | Initial commit. (diff) | |
download | knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.tar.xz knot-resolver-3d0386f27ca66379acf50199e1d1298386eeeeb8.zip |
Adding upstream version 3.2.1.upstream/3.2.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'modules/workarounds')
-rw-r--r-- | modules/workarounds/README.rst | 14 | ||||
-rw-r--r-- | modules/workarounds/workarounds.lua | 54 | ||||
-rw-r--r-- | modules/workarounds/workarounds.mk | 2 |
3 files changed, 70 insertions, 0 deletions
diff --git a/modules/workarounds/README.rst b/modules/workarounds/README.rst new file mode 100644 index 0000000..5aa8970 --- /dev/null +++ b/modules/workarounds/README.rst @@ -0,0 +1,14 @@ +.. _mod-workarounds: + +Workarounds +----------- + +A simple module that alters resolver behavior on specific broken sub-domains. +Currently it mainly disables case randomization on them. + +Running +^^^^^^^ +.. code-block:: lua + + modules = { 'workarounds < iterate' } + diff --git a/modules/workarounds/workarounds.lua b/modules/workarounds/workarounds.lua new file mode 100644 index 0000000..9766782 --- /dev/null +++ b/modules/workarounds/workarounds.lua @@ -0,0 +1,54 @@ +-- Load dependent module +if not policy then modules.load('policy') end + +local M = {} -- the module + +function M.config() + policy.add(policy.suffix(policy.FLAGS('NO_0X20'), { + -- https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0003.md + todname('avqs.mcafee.com'), todname('avts.mcafee.com'), + + -- https://github.com/DNS-OARC/dns-violations/blob/master/2017/DVE-2017-0006.md + -- Obtained via a reverse search on {ns1,ns3}.panthercdn.com. + todname('cdnga.com'), todname('cdngc.com'), todname('cdngd.com'), + todname('cdngl.com'), todname('cdngm.com'), + todname('cdngc.net'), todname('panthercdn.com'), + + todname('magazine-fashion.net.'), + })) +end + +-- Issue #139: When asking certain nameservers for PTR, disable 0x20. +-- Just listing the *.in-addr.arpa suffixes would be tedious, as there are many. +M.layer = { + produce = function (state, req) + req = kres.request_t(req) + local qry = req:current() + if qry.stype ~= kres.type.PTR + or bit.band(state, bit.bor(kres.FAIL, kres.DONE)) ~= 0 + then return state -- quick exit in most cases + end + if qry.flags.AWAIT_CUT or qry.ns.name == nil + then return state end + local name = kres.dname2str(qry.ns.name) + if not name then return state end + + -- The problematic nameservers: + -- (1) rdnsN.turktelekom.com.tr. + if string.sub(name, 6) == '.turktelekom.com.tr.' then + qry.flags.NO_0X20 = true + qry.flags.NO_MINIMIZE = true + -- ^ NO_MINIMIZE isn't required for success, as kresd will retry + -- after getting refused, but it will speed things up. + + -- (2) + elseif name == 'dns1.edatel.net.co.' then + qry.flags.NO_0X20 = true + end + + return state + end, +} + +return M + diff --git a/modules/workarounds/workarounds.mk b/modules/workarounds/workarounds.mk new file mode 100644 index 0000000..6b0493e --- /dev/null +++ b/modules/workarounds/workarounds.mk @@ -0,0 +1,2 @@ +workarounds_SOURCES := workarounds.lua +$(call make_lua_module,workarounds) |