MCPcopy
hub / github.com/AdguardTeam/dnsproxy / isForbiddenARPA

Method isForbiddenARPA

proxy/server.go:110–137  ·  view source on GitHub ↗

isForbiddenARPA returns true if dctx contains a PTR, SOA, or NS request for some private address and client's address is not within the private network. Otherwise, it sets [DNSContext.RequestedPrivateRDNS] for future use.

(privateNets netutil.SubnetSet, l *slog.Logger)

Source from the content-addressed store, hash-verified

108// some private address and client's address is not within the private network.
109// Otherwise, it sets [DNSContext.RequestedPrivateRDNS] for future use.
110func (dctx *DNSContext) isForbiddenARPA(privateNets netutil.SubnetSet, l *slog.Logger) (ok bool) {
111 q := dctx.Req.Question[0]
112 switch q.Qtype {
113 case dns.TypePTR, dns.TypeSOA, dns.TypeNS:
114 // Go on.
115 //
116 // TODO(e.burkov): Reconsider the list of types involved to private
117 // address space. Perhaps, use the logic for any type. See
118 // https://www.rfc-editor.org/rfc/rfc6761.html#section-6.1.
119 default:
120 return false
121 }
122
123 requestedPref, err := netutil.ExtractReversedAddr(q.Name)
124 if err != nil {
125 l.Debug("parsing reversed subnet", slogutil.KeyError, err)
126
127 return false
128 }
129
130 if privateNets.Contains(requestedPref.Addr()) {
131 dctx.RequestedPrivateRDNS = requestedPref
132
133 return !dctx.IsPrivateClient
134 }
135
136 return false
137}
138
139// respond writes the specified response to the client (or does nothing if d.Res is empty)
140func (p *Proxy) respond(ctx context.Context, d *DNSContext) {

Callers 1

validateRequestMethod · 0.80

Calls 1

AddrMethod · 0.80

Tested by

no test coverage detected