diff --git a/src/dns_client.c b/src/dns_client.c index 03771b3..07f14df 100644 --- a/src/dns_client.c +++ b/src/dns_client.c @@ -115,6 +115,7 @@ struct dns_server_info { /* client socket */ int fd; int ttl; + int ttl_range; SSL *ssl; SSL_CTX *ssl_ctx; dns_server_status status; @@ -270,6 +271,7 @@ int _dns_client_server_add(char *server_ip, struct addrinfo *gai, dns_server_typ server_info->status = DNS_SERVER_STATUS_INIT; server_info->result_flag = result_flag; server_info->ttl = ttl; + server_info->ttl_range = 0; if (gai->ai_addrlen > sizeof(server_info->in6)) { tlog(TLOG_ERROR, "addr len invalid, %d, %zd, %d", gai->ai_addrlen, sizeof(server_info->addr), server_info->ai_family); @@ -278,12 +280,16 @@ int _dns_client_server_add(char *server_ip, struct addrinfo *gai, dns_server_typ memcpy(&server_info->addr, gai->ai_addr, gai->ai_addrlen); /* start ping task */ - if (ttl == 0 && (result_flag & DNSSERVER_FLAG_CHECK_TTL)) { + if (ttl <= 0 && (result_flag & DNSSERVER_FLAG_CHECK_TTL)) { server_info->ping_host = fast_ping_start(PING_TYPE_DNS, server_ip, 0, 60000, 1000, _dns_client_server_update_ttl, server_info); if (server_info->ping_host == NULL) { tlog(TLOG_ERROR, "start ping failed."); goto errout; } + + if (ttl < 0) { + server_info->ttl_range = -ttl; + } } /* add to list */ @@ -940,8 +946,10 @@ static int _dns_client_process_udp(struct dns_server_info *server_info, struct e tlog(TLOG_DEBUG, "recv udp, from %s, len: %d, ttl: %d", gethost_by_addr(from_host, (struct sockaddr *)&from, from_len), len, ttl); if ((ttl != server_info->ttl) && (server_info->ttl > 0) && (server_info->result_flag & DNSSERVER_FLAG_CHECK_TTL)) { - /* tlog(TLOG_DEBUG, "TTL mismatch, from:%d, local %d, discard result", ttl, server_info->ttl); */ - return 0; + if ((ttl < server_info->ttl - server_info->ttl_range) || (ttl > server_info->ttl + server_info->ttl_range)) { + /* tlog(TLOG_DEBUG, "TTL mismatch, from:%d, local %d, discard result", ttl, server_info->ttl); */ + return 0; + } } time(&server_info->last_recv); diff --git a/src/dns_conf.c b/src/dns_conf.c index b7a99f9..c5e60f6 100644 --- a/src/dns_conf.c +++ b/src/dns_conf.c @@ -92,7 +92,7 @@ int config_server(int argc, char *argv[], dns_server_type_t type, int default_po } ttl = atoi(optarg); - if (ttl < 0 || ttl > 255) { + if (ttl < -255 || ttl > 255) { tlog(TLOG_ERROR, "ttl value is invalid."); return -1; } diff --git a/src/dns_server.c b/src/dns_server.c index 990e414..b247627 100644 --- a/src/dns_server.c +++ b/src/dns_server.c @@ -185,13 +185,15 @@ static void _dns_server_audit_log(struct dns_request *request) return; } - if (request->qtype == DNS_T_AAAA) { + if (request->qtype == DNS_T_AAAA && request->has_ipv6) { snprintf(req_result, sizeof(req_result), "%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x", request->ipv6_addr[0], request->ipv6_addr[1], request->ipv6_addr[2], request->ipv6_addr[3], request->ipv6_addr[4], request->ipv6_addr[5], request->ipv6_addr[6], request->ipv6_addr[7], request->ipv6_addr[8], request->ipv6_addr[9], request->ipv6_addr[10], request->ipv6_addr[11], request->ipv6_addr[12], request->ipv6_addr[13], request->ipv6_addr[14], request->ipv6_addr[15]); - } else if (request->qtype == DNS_T_A) { + } else if (request->qtype == DNS_T_A && request->has_ipv4) { snprintf(req_result, sizeof(req_result), "%d.%d.%d.%d", request->ipv4_addr[0], request->ipv4_addr[1], request->ipv4_addr[2], request->ipv4_addr[3]); + } else if (request->has_soa) { + return; } else { return; } @@ -508,10 +510,10 @@ int _dns_server_request_complete(struct dns_request *request) } if (request->qtype == DNS_T_A) { - tlog(TLOG_INFO, "result: %s, rcode: %d, %d.%d.%d.%d\n", request->domain, request->rcode, request->ipv4_addr[0], request->ipv4_addr[1], - request->ipv4_addr[2], request->ipv4_addr[3]); - if (request->has_ipv4) { + tlog(TLOG_INFO, "result: %s, rcode: %d, %d.%d.%d.%d\n", request->domain, request->rcode, request->ipv4_addr[0], request->ipv4_addr[1], + request->ipv4_addr[2], request->ipv4_addr[3]); + if (request->has_ping_result == 0 && request->ttl_v4 > DNS_SERVER_TMOUT_TTL) { request->ttl_v4 = DNS_SERVER_TMOUT_TTL; } @@ -524,12 +526,10 @@ int _dns_server_request_complete(struct dns_request *request) } } else if (request->qtype == DNS_T_AAAA) { - tlog(TLOG_INFO, "result: %s, rcode: %d, %.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x", request->domain, request->rcode, - request->ipv6_addr[0], request->ipv6_addr[1], request->ipv6_addr[2], request->ipv6_addr[3], request->ipv6_addr[4], request->ipv6_addr[5], - request->ipv6_addr[6], request->ipv6_addr[7], request->ipv6_addr[8], request->ipv6_addr[9], request->ipv6_addr[10], request->ipv6_addr[11], - request->ipv6_addr[12], request->ipv6_addr[13], request->ipv6_addr[14], request->ipv6_addr[15]); - if (request->has_ipv4) { + tlog(TLOG_INFO, "result: %s, rcode: %d, %d.%d.%d.%d\n", request->domain, request->rcode, request->ipv4_addr[0], request->ipv4_addr[1], + request->ipv4_addr[2], request->ipv4_addr[3]); + dns_cache_insert(request->domain, cname, cname_ttl, request->ttl_v4, DNS_T_AAAA, request->ipv4_addr, DNS_RR_A_LEN); if (((request->ping_ttl_v4 + (dns_conf_dualstack_ip_selection_threshold * 10) < request->ping_ttl_v6) && (request->ping_ttl_v4 > 0)) || @@ -540,6 +540,11 @@ int _dns_server_request_complete(struct dns_request *request) } if (request->has_ipv6) { + tlog(TLOG_INFO, "result: %s, rcode: %d, %.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x:%.2x%.2x", request->domain, request->rcode, + request->ipv6_addr[0], request->ipv6_addr[1], request->ipv6_addr[2], request->ipv6_addr[3], request->ipv6_addr[4], request->ipv6_addr[5], + request->ipv6_addr[6], request->ipv6_addr[7], request->ipv6_addr[8], request->ipv6_addr[9], request->ipv6_addr[10], request->ipv6_addr[11], + request->ipv6_addr[12], request->ipv6_addr[13], request->ipv6_addr[14], request->ipv6_addr[15]); + if (request->has_ping_result == 0 && request->ttl_v6 > DNS_SERVER_TMOUT_TTL) { request->ttl_v6 = DNS_SERVER_TMOUT_TTL; } @@ -556,6 +561,10 @@ int _dns_server_request_complete(struct dns_request *request) return 0; } + if (request->has_soa) { + tlog(TLOG_INFO, "result: %s, qtype: %d, SOA", request->domain, request->qtype); + } + _dns_setup_ipset(request); _dns_reply(request);