4608. [func] DiG now warns about .local queries which are reserved

for Multicast DNS. [RT #44783]

4608. [func] DiG now warns about .local queries which are reserved
for Multicast DNS. [RT #44783]
7ef453bf · Mark Andrews · 8c6ed0fe · 7ef453bf · 7ef453bf · 7ef453bf
Commit 7ef453bf authored Apr 24, 2017 by Mark Andrews
--- a/CHANGES
+++ b/CHANGES
+4608.	[func]		DiG now warns about .local queries which are reserved
+			for Multicast DNS. [RT #44783]
+
 4607.	[bug]		The memory context's malloced and maxmalloced counters
 			were being updated without the appropriate lock being
 			held.  [RT #44869]

--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -465,6 +465,32 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
 }
 #endif

+static isc_boolean_t
+isdotlocal(dns_message_t *msg) {
+	isc_result_t result;
+	static unsigned char local_ndata[] = { "\005local\0" };
+	static unsigned char local_offsets[] = { 0, 6 };
+	static dns_name_t local = {
+		DNS_NAME_MAGIC,
+		local_ndata, 7, 2,
+		DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
+		local_offsets, NULL,
+		{(void *)-1, (void *)-1},
+		{NULL, NULL}
+	};
+
+	for (result = dns_message_firstname(msg, DNS_SECTION_QUESTION);
+	     result == ISC_R_SUCCESS;
+	     result = dns_message_nextname(msg, DNS_SECTION_QUESTION))
+	{
+		dns_name_t *name = NULL;
+		dns_message_currentname(msg, DNS_SECTION_QUESTION, &name);
+		if (dns_name_issubdomain(name, &local))
+			return (ISC_TRUE);
+	}
+	return (ISC_FALSE);
+}
+
 /*
 * Callback from dighost.c to print the reply from a server
 */
@@ -552,6 +578,12 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 			printf(";; Got answer:\n");

 		if (headers) {
+			if (isdotlocal(msg)) {
+				printf(";; WARNING: .local is reserved for "
+				       "Multicast DNS\n;; You are currently "
+				       "testing what happens when an mDNS "
+				       "query is leaked to DNS\n");
+			}
 			printf(";; ->>HEADER<<- opcode: %s, status: %s, "
 			       "id: %u\n",
 			       opcodetext[msg->opcode],

--- a/bin/tests/system/digdelv/tests.sh
+++ b/bin/tests/system/digdelv/tests.sh
@@ -425,6 +425,13 @@ if [ -x ${DIG} ] ; then
    echo "I:skipping 'dig +idnout' as IDN support is not enabled ($n)"
  fi

+  echo "I:checking that dig warns about .local queries ($n)"
+  ret=0
+  $DIG $DIGOPTS @10.53.0.3 local soa > dig.out.test$n 2>&1 || ret=1
+  grep ";; WARNING: .local is reserved for Multicast DNS" dig.out.test$n > /dev/null || ret=1
+  if [ $ret != 0 ]; then echo "I:failed"; fi
+  status=`expr $status + $ret`
+
 else
  echo "$DIG is needed, so skipping these dig tests"
 fi