Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Additional validation in $dnsrewrite rules #2498

Closed
ainar-g opened this issue Dec 28, 2020 · 2 comments
Closed

Additional validation in $dnsrewrite rules #2498

ainar-g opened this issue Dec 28, 2020 · 2 comments
Assignees
@ainar-g
Labels
enhancement P3: Medium
Milestone
v0.106.0

Comments

@ainar-g
Copy link
Contributor

ainar-g commented Dec 28, 2020

Context: #2101, #2452, #2492.

We need to decide, which additional validations we want for the $dnsrewrite response modifier. Among the ones that are likely to be requested:

  • The FQDN in the MX and PTR rewrites.
  • The hostname in the full-form CNAME rewrites.
  • The hostname in SVCB/HTTPS rewrites.

Any more I've missed?
@ainar-g ainar-g added this to the v0.106.0 milestone Dec 28, 2020
@ainar-g ainar-g self-assigned this Dec 28, 2020
@DandelionSprout
Copy link
Member

Presuming I understand the question correctly: I get quite a few TXT DNS requests to my server, e.g. hostname.bind, id.server, version.bind, etc. For those, they can be treated as hostnames, but without being limited to regular TLDs.

There's also RRSIG requests (to e.g. pizzaseo.com), which I doubt the legitimacy of as a whole. If they are to be treated as legitimate requests, then the hostname is sufficient.

@ainar-g
Copy link
Contributor Author

ainar-g commented Jan 13, 2021

@DandelionSprout

If I recall correctly, TXT records can contain arbitrary textual data, so I don't think we'll apply any validations there besides the byte size.

As for RRSIG records, we currently don't support them. If you have a need for them, please file a separate issue about it and we'll try to add them in v0.106.0 as well.

adguard pushed a commit to AdguardTeam/urlfilter that referenced this issue Mar 12, 2021
@ainar-g
Pull request: all: add srv records, imp validations, tests
5e150db 
Updates AdguardTeam/AdGuardHome#2498.
Updates AdguardTeam/AdGuardHome#2533.

Squashed commit of the following:

commit 7af563d
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Mar 12 19:08:35 2021 +0300

    all: imp docs, tests

commit 4f48cd2
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Mar 12 18:20:56 2021 +0300

    all: add srv records, imp validations, tests
adguard pushed a commit that referenced this issue Mar 15, 2021
@ainar-g
Pull request: dnsforward: fix fqdn in some dns rewrites
75ac1a5 
Updates #2498.
Updates #2533.

Squashed commit of the following:

commit 9eec20a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Mar 15 16:53:29 2021 +0300

    dnsforward: fix fqdn in some dns rewrites
heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@ainar-g @heyxkhoa
Pull request: all: add srv handling to dnsrewrite filters
4743c09 
Closes AdguardTeam#2498.
Updates AdguardTeam#2533.

Squashed commit of the following:

commit 452e0e7
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Fri Mar 12 19:33:18 2021 +0300

    all: add srv handling to dnsrewrite filters
heyxkhoa pushed a commit to heyxkhoa/AdGuardHome that referenced this issue Mar 20, 2023
@ainar-g @heyxkhoa
Pull request: dnsforward: fix fqdn in some dns rewrites
c252250 
Updates AdguardTeam#2498.
Updates AdguardTeam#2533.

Squashed commit of the following:

commit 9eec20a
Author: Ainar Garipov <A.Garipov@AdGuard.COM>
Date:   Mon Mar 15 16:53:29 2021 +0300

    dnsforward: fix fqdn in some dns rewrites
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ainar-g ainar-g

Labels
enhancement P3: Medium
Projects
None yet
Milestone
v0.106.0
Development

No branches or pull requests
2 participants
@ainar-g @DandelionSprout