diff --git a/daemon/worker.c b/daemon/worker.c index 263fcdd..f787b70 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -1213,6 +1213,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); } + + if(worker->env.cfg->drop_tld) { + int lab = dname_count_labels(qinfo.qname); + if (lab == 2) { + comm_point_drop_reply(repinfo); + verbose(VERB_ALGO, "Dropping one label query."); + return 0; + } + } if(qinfo.qtype == LDNS_RR_TYPE_AXFR || qinfo.qtype == LDNS_RR_TYPE_IXFR) { verbose(VERB_ALGO, "worker request: refused zone transfer."); diff --git a/util/config_file.h b/util/config_file.h index b3ef930..2791541 100644 --- a/util/config_file.h +++ b/util/config_file.h @@ -274,6 +274,8 @@ struct config_file { int prefetch_key; /** deny queries of type ANY with an empty answer */ int deny_any; + /** Drop TLD queries from clients **/ + int drop_tld; /** chrootdir, if not "" or chroot will be done */ char* chrootdir; diff --git a/util/configlexer.lex b/util/configlexer.lex index a86ddf5..9bbedbb 100644 --- a/util/configlexer.lex +++ b/util/configlexer.lex @@ -299,6 +299,7 @@ private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } +drop-tld{COLON} { YDVAR(1, VAR_DROP_TLD) } stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } name{COLON} { YDVAR(1, VAR_NAME) } stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } diff --git a/util/configparser.y b/util/configparser.y index 10227a2..567d68e 100644 --- a/util/configparser.y +++ b/util/configparser.y @@ -164,6 +164,7 @@ extern struct config_parser_state* cfg_parser; %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY +%token VAR_DROP_TLD %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES %token VAR_TLS_SESSION_TICKET_KEYS @@ -266,6 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port | server_tls_cert_bundle | server_tls_additional_port | server_low_rtt | server_fast_server_permil | server_fast_server_num | server_tls_win_cert | server_tcp_connection_limit | server_log_servfail | server_deny_any | + server_drop_tld | server_unknown_server_time_limit | server_log_tag_queryreply | server_stream_wait_size | server_tls_ciphers | server_tls_ciphersuites | server_tls_session_ticket_keys @@ -1466,6 +1468,16 @@ server_deny_any: VAR_DENY_ANY STRING_ARG free($2); } ; + +server_drop_tld: VAR_DROP_TLD STRING_ARG + { + OUTYY(("P(server_drop_tld:%s)\n", $2)); + if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) + yyerror("expected yes or no."); + else cfg_parser->cfg->drop_tld = (strcmp($2, "yes")==0); + free($2); + } + ; server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG { OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2));