validateRequest returns a response for invalid request or nil if the request is ok.
(d *DNSContext)
| 752 | // validateRequest returns a response for invalid request or nil if the request |
| 753 | // is ok. |
| 754 | func (p *Proxy) validateRequest(d *DNSContext) (resp *dns.Msg) { |
| 755 | switch { |
| 756 | case len(d.Req.Question) != 1: |
| 757 | p.logger.Debug("invalid number of questions", "req_questions_len", len(d.Req.Question)) |
| 758 | |
| 759 | // TODO(e.burkov): Probably, FORMERR would be a better choice here. |
| 760 | // Check out RFC. |
| 761 | return p.messages.NewMsgSERVFAIL(d.Req) |
| 762 | case p.RefuseAny && d.Req.Question[0].Qtype == dns.TypeANY: |
| 763 | // Refuse requests of type ANY (anti-DDOS measure). |
| 764 | p.logger.Debug("refusing dns type any request") |
| 765 | |
| 766 | return p.messages.NewMsgNOTIMPLEMENTED(d.Req) |
| 767 | case p.recDetector.check(d.Req): |
| 768 | p.logger.Debug("recursion detected", "req_question", d.Req.Question[0].Name) |
| 769 | |
| 770 | return p.messages.NewMsgNXDOMAIN(d.Req) |
| 771 | case d.isForbiddenARPA(p.privateNets, p.logger): |
| 772 | p.logger.Debug( |
| 773 | "private arpa domain is requested", |
| 774 | "addr", d.Addr, |
| 775 | "arpa", d.Req.Question[0].Name, |
| 776 | ) |
| 777 | |
| 778 | return p.messages.NewMsgNXDOMAIN(d.Req) |
| 779 | default: |
| 780 | return nil |
| 781 | } |
| 782 | } |
| 783 | |
| 784 | // cacheWorks returns true if the cache works for the given context. If not, it |
| 785 | // returns false and logs the reason why. |