|
 |
cab8d5 |
From baa80ae5125beabd49edae2cdfaf3817a88a2ab6 Mon Sep 17 00:00:00 2001
|
|
|
cab8d5 |
From: Simon Kelley <simon@thekelleys.org.uk>
|
|
|
cab8d5 |
Date: Wed, 29 May 2013 16:32:07 +0100
|
|
|
cab8d5 |
Subject: [PATCH 1/1] Remove limit in prefix length in --auth-zone.
|
|
|
cab8d5 |
|
|
|
cab8d5 |
---
|
|
|
cab8d5 |
man/dnsmasq.8 | 9 ++++++---
|
|
|
cab8d5 |
src/auth.c | 4 ++--
|
|
|
cab8d5 |
src/option.c | 2 --
|
|
|
cab8d5 |
3 files changed, 8 insertions(+), 7 deletions(-)
|
|
|
cab8d5 |
|
|
|
cab8d5 |
diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
|
|
|
cab8d5 |
index 2638930..d2e3d18 100644
|
|
|
cab8d5 |
--- a/man/dnsmasq.8
|
|
|
cab8d5 |
+++ b/man/dnsmasq.8
|
|
|
cab8d5 |
@@ -572,13 +572,16 @@ If you use the first DNSSEC mode, validating resolvers in clients,
|
|
|
cab8d5 |
this option is not required. Dnsmasq always returns all the data
|
|
|
cab8d5 |
needed for a client to do validation itself.
|
|
|
cab8d5 |
.TP
|
|
|
cab8d5 |
-.B --auth-zone=<domain>[,<subnet>[,<subnet>.....]]
|
|
|
cab8d5 |
+.B --auth-zone=<domain>[,<subnet>[/<prefix length>][,<subnet>[/<prefix length>].....]]
|
|
|
cab8d5 |
Define a DNS zone for which dnsmasq acts as authoritative server. Locally defined DNS records which are in the domain
|
|
|
cab8d5 |
will be served, except that A and AAAA records must be in one of the
|
|
|
cab8d5 |
specified subnets, or in a subnet corresponding to a constructed DHCP
|
|
|
cab8d5 |
range. The subnet(s) are also used to define in-addr.arpa and
|
|
|
cab8d5 |
-ipv6.arpa domains which are served for reverse-DNS queries. For IPv4
|
|
|
cab8d5 |
-subnets, the prefix length is limited to the values 8, 16 or 24.
|
|
|
cab8d5 |
+ipv6.arpa domains which are served for reverse-DNS queries. If not
|
|
|
cab8d5 |
+specified, the prefix length defaults to 24 for IPv4 and 64 for IPv6.
|
|
|
cab8d5 |
+For IPv4 subnets, the prefix length should be have the value 8, 16 or 24
|
|
|
cab8d5 |
+unless you are familiar with RFC 2317 and have arranged the
|
|
|
cab8d5 |
+in-addr.arpa delegation accordingly.
|
|
|
cab8d5 |
.TP
|
|
|
cab8d5 |
.B --auth-soa=<serial>[,<hostmaster>[,<refresh>[,<retry>[,<expiry>]]]]
|
|
|
cab8d5 |
Specify fields in the SOA record associated with authoritative
|
|
|
cab8d5 |
diff --git a/src/auth.c b/src/auth.c
|
|
|
cab8d5 |
index 2a3f323..b08f85c 100644
|
|
|
cab8d5 |
--- a/src/auth.c
|
|
|
cab8d5 |
+++ b/src/auth.c
|
|
|
cab8d5 |
@@ -520,10 +520,10 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n
|
|
|
cab8d5 |
in_addr_t a = ntohl(subnet->addr4.s_addr) >> 8;
|
|
|
cab8d5 |
char *p = name;
|
|
|
cab8d5 |
|
|
|
cab8d5 |
- if (subnet->prefixlen == 24)
|
|
|
cab8d5 |
+ if (subnet->prefixlen >= 24)
|
|
|
cab8d5 |
p += sprintf(p, "%d.", a & 0xff);
|
|
|
cab8d5 |
a = a >> 8;
|
|
|
cab8d5 |
- if (subnet->prefixlen != 8)
|
|
|
cab8d5 |
+ if (subnet->prefixlen >= 16 )
|
|
|
cab8d5 |
p += sprintf(p, "%d.", a & 0xff);
|
|
|
cab8d5 |
a = a >> 8;
|
|
|
cab8d5 |
p += sprintf(p, "%d.in-addr.arpa", a & 0xff);
|
|
|
cab8d5 |
diff --git a/src/option.c b/src/option.c
|
|
|
cab8d5 |
index ac54c31..25bbf48 100644
|
|
|
cab8d5 |
--- a/src/option.c
|
|
|
cab8d5 |
+++ b/src/option.c
|
|
|
cab8d5 |
@@ -1637,8 +1637,6 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma
|
|
|
cab8d5 |
|
|
|
cab8d5 |
if (inet_pton(AF_INET, arg, &subnet->addr4))
|
|
|
cab8d5 |
{
|
|
|
cab8d5 |
- if ((prefixlen & 0x07) != 0 || prefixlen > 24)
|
|
|
cab8d5 |
- ret_err(_("bad prefix"));
|
|
|
cab8d5 |
subnet->prefixlen = (prefixlen == 0) ? 24 : prefixlen;
|
|
|
cab8d5 |
subnet->is6 = 0;
|
|
|
cab8d5 |
}
|
|
|
cab8d5 |
--
|
|
|
cab8d5 |
1.7.2.5
|
|
|
cab8d5 |
|