diff --git a/etc/smartdns/smartdns.conf b/etc/smartdns/smartdns.conf index 1b3675c..27b2212 100644 --- a/etc/smartdns/smartdns.conf +++ b/etc/smartdns/smartdns.conf @@ -95,8 +95,9 @@ log-level info # log-num 2 # dns audit -# audit-enable: enable or disable audit [yes|no] +# audit-enable [yes|no]: enable or disable audit. # audit-enable yes +# audit-SOA [yes|no]: enable or disalbe log soa result. # audit-size size of each audit file, support k,m,g # audit-file /var/log/smartdns-audit.log # audit-size 128k diff --git a/src/dns_conf.c b/src/dns_conf.c index 0a9b752..db82392 100644 --- a/src/dns_conf.c +++ b/src/dns_conf.c @@ -49,6 +49,7 @@ int dns_conf_log_num = 8; /* auditing */ int dns_conf_audit_enable = 0; +int dns_conf_audit_log_SOA; char dns_conf_audit_file[DNS_MAX_PATH]; size_t dns_conf_audit_size = 1024 * 1024; int dns_conf_audit_num = 2; @@ -1216,6 +1217,7 @@ static struct config_item _config_item[] = { CONF_SIZE("log-size", &dns_conf_log_size, 0, 1024 * 1024 * 1024), CONF_INT("log-num", &dns_conf_log_num, 0, 1024), CONF_YESNO("audit-enable", &dns_conf_audit_enable), + CONF_YESNO("audit-SOA", &dns_conf_audit_log_SOA), CONF_STRING("audit-file", (char *)&dns_conf_audit_file, DNS_MAX_PATH), CONF_SIZE("audit-size", &dns_conf_audit_size, 0, 1024 * 1024 * 1024), CONF_INT("audit-num", &dns_conf_audit_num, 0, 1024), diff --git a/src/dns_conf.h b/src/dns_conf.h index b9a7d8d..b5a4615 100644 --- a/src/dns_conf.h +++ b/src/dns_conf.h @@ -195,6 +195,7 @@ extern struct dns_server_groups dns_conf_server_groups[DNS_NAX_GROUP_NUMBER]; extern int dns_conf_server_group_num; extern int dns_conf_audit_enable; +extern int dns_conf_audit_log_SOA; extern char dns_conf_audit_file[DNS_MAX_PATH]; extern size_t dns_conf_audit_size; extern int dns_conf_audit_num; diff --git a/src/dns_server.c b/src/dns_server.c index 6788b6c..a2fe613 100644 --- a/src/dns_server.c +++ b/src/dns_server.c @@ -290,7 +290,11 @@ static void _dns_server_audit_log(struct dns_request *request) } else if (request->qtype == DNS_T_A && request->has_ipv4) { snprintf(req_result, sizeof(req_result), "%d.%d.%d.%d", request->ipv4_addr[0], request->ipv4_addr[1], request->ipv4_addr[2], request->ipv4_addr[3]); } else if (request->has_soa) { - return; + if (!dns_conf_audit_log_SOA) { + return; + } + + snprintf(req_result, sizeof(req_result), "SOA"); } else { return; } @@ -1747,25 +1751,23 @@ static int _dns_server_pre_process_rule_flags(struct dns_request *request) struct dns_rule_flags *rule_flag = NULL; unsigned int flags = 0; if (request->domain_rule == NULL) { - goto errout; + goto out; } /* get domain rule flag */ rule_flag = request->domain_rule->rules[DOMAIN_RULE_FLAGS]; if (rule_flag == NULL) { - goto errout; + goto out; } flags = rule_flag->flags; if (flags & DOMAIN_FLAG_ADDR_IGN) { /* ignore this domain */ - goto errout; + goto out; } if (_dns_server_is_return_soa(request)) { - /* return SOA */ - _dns_server_reply_SOA(DNS_RC_NOERROR, request); - return 0; + goto soa; } /* return specific type of address */ @@ -1773,34 +1775,38 @@ static int _dns_server_pre_process_rule_flags(struct dns_request *request) case DNS_T_A: if (flags & DOMAIN_FLAG_ADDR_IPV4_IGN) { /* ignore this domain for A reqeust */ - goto errout; + goto out; } if (_dns_server_is_return_soa(request)) { /* return SOA for A request */ - _dns_server_reply_SOA(DNS_RC_NOERROR, request); - return 0; + goto soa; } break; case DNS_T_AAAA: if (flags & DOMAIN_FLAG_ADDR_IPV6_IGN) { /* ignore this domain for A reqeust */ - goto errout; + goto out; } if (_dns_server_is_return_soa(request)) { /* return SOA for A request */ - _dns_server_reply_SOA(DNS_RC_NOERROR, request); - return 0; + goto soa; } break; default: - goto errout; + goto out; break; } -errout: +out: return -1; + +soa: + /* return SOA */ + _dns_server_reply_SOA(DNS_RC_NOERROR, request); + _dns_server_audit_log(request); + return 0; } static int _dns_server_process_address(struct dns_request *request)