MCPcopy
hub / github.com/AdguardTeam/dnsproxy / validateRequest

Method validateRequest

proxy/proxy.go:754–782  ·  view source on GitHub ↗

validateRequest returns a response for invalid request or nil if the request is ok.

(d *DNSContext)

Source from the content-addressed store, hash-verified

752// validateRequest returns a response for invalid request or nil if the request
753// is ok.
754func (p *Proxy) validateRequest(d *DNSContext) (resp *dns.Msg) {
755 switch {
756 case len(d.Req.Question) != 1:
757 p.logger.Debug("invalid number of questions", "req_questions_len", len(d.Req.Question))
758
759 // TODO(e.burkov): Probably, FORMERR would be a better choice here.
760 // Check out RFC.
761 return p.messages.NewMsgSERVFAIL(d.Req)
762 case p.RefuseAny && d.Req.Question[0].Qtype == dns.TypeANY:
763 // Refuse requests of type ANY (anti-DDOS measure).
764 p.logger.Debug("refusing dns type any request")
765
766 return p.messages.NewMsgNOTIMPLEMENTED(d.Req)
767 case p.recDetector.check(d.Req):
768 p.logger.Debug("recursion detected", "req_question", d.Req.Question[0].Name)
769
770 return p.messages.NewMsgNXDOMAIN(d.Req)
771 case d.isForbiddenARPA(p.privateNets, p.logger):
772 p.logger.Debug(
773 "private arpa domain is requested",
774 "addr", d.Addr,
775 "arpa", d.Req.Question[0].Name,
776 )
777
778 return p.messages.NewMsgNXDOMAIN(d.Req)
779 default:
780 return nil
781 }
782}
783
784// cacheWorks returns true if the cache works for the given context. If not, it
785// returns false and logs the reason why.

Callers 2

handleDNSRequestMethod · 0.95

Calls 5

checkMethod · 0.80
isForbiddenARPAMethod · 0.80
NewMsgSERVFAILMethod · 0.65
NewMsgNOTIMPLEMENTEDMethod · 0.65
NewMsgNXDOMAINMethod · 0.65

Tested by 1