1 This patch change djbdns's dnscache program so that it will ignore the
2 IP address given in the ignoreip file. I wrote this patch because of
3 Verisign's oh-so helpful wildcard A record for *.COM and *.NET.
5 If you have djbdns-1.05-ignoreip.patch installed, back it out like this:
6 cd /usr/local/src/djbdns-1.05
7 patch -R <djbdns-1.05-ignoreip.patch
9 Install the patch like this:
10 cd /usr/local/src/djbdns-1.05
11 patch <djbdns-1.05-ignoreip2.patch
12 svc -d /service/dnscache
14 svc -u /service/dnscache
16 Configure it to ignore Verisign's wildcard record like this:
17 echo 64.94.110.11 >/service/dnscache/root/ignoreip
18 svc -t /service/dnscache
20 Configure it to ignore all the cretins like this:
21 awk '{print $2}' <<EOF >/service/dnscache/root/ignoreip
35 svc -t /service/dnscache
37 J.P. Larocque contributes a script which updates root/ignoreip:
38 http://ely.ath.cx/~piranha/software/ignoreip-update/ignoreip-update-0.1
40 If root/ignoreip is not present, no addresses will be ignored.
43 --My blog is at angry-economist.russnelson.com | Free markets express in the
44 Crynwr sells support for free software | PGPok | practical world our belief
45 521 Pleasant Valley Rd. | +1 315 268 1925 voice | that there is that of God
46 Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | in all people. -Chris V.
55 +stralloc ignoreip = {0};
57 static int packetquery(char *buf,unsigned int len,char **q,char qtype[2],char qclass[2],char id[2])
60 @@ -390,6 +392,7 @@ char seed[128];
64 + unsigned int i, j, k;
65 unsigned long cachesize;
67 signal(SIGPIPE, SIG_IGN);
68 @@ -433,6 +436,20 @@ int main()
69 if (!cache_init(cachesize))
70 strerr_die3x(111,FATAL,"not enough memory for cache of size ",x);
72 + if (openreadclose("ignoreip",&ignoreip,64) < 0)
73 + strerr_die2x(111,FATAL,"trouble reading ignoreip");
74 + for(j = k = i = 0; i < ignoreip.len; i++)
75 + if (ignoreip.s[i] == '\n') {
76 + ignoreip.s[i] = '\0';
78 + strerr_die3x(111,FATAL,"badly malformed ip4 address ",ignoreip.s+k);
79 + if (!ip4_scan(ignoreip.s+k,ignoreip.s+j))
80 + strerr_die3x(111,FATAL,"unable to parse address in ignoreip ",ignoreip.s+k);
86 if (env_get("HIDETTL"))
88 if (env_get("FORWARDONLY"))
95 +extern stralloc ignoreip;
97 static int flagforwardonly = 0;
99 void query_forwardonly(void)
100 @@ -173,6 +175,7 @@ static int smaller(char *buf,unsigned in
102 static int doit(struct query *z,int state)
107 unsigned int cachedlen;
108 @@ -662,6 +665,9 @@ static int doit(struct query *z,int stat
109 pos = dns_packet_copy(buf,len,pos,header,10); if (!pos) goto DIE;
110 if (byte_equal(header + 8,2,"\0\4")) {
111 pos = dns_packet_copy(buf,len,pos,header,4); if (!pos) goto DIE;
113 + for(ii = 0; ii < ignoreip.len; ii+= 4)
114 + if (byte_equal(header,4,ignoreip.s+ii)) goto NXDOMAIN;
116 log_rr(whichserver,t1,DNS_T_A,header,4,ttl);