Merge pull request #677 from pi-hole/fix/MODE_NXDOMAIN

Fix for blocking modes
pi-hole · Jan 20, 2020 · 021cd83 · 021cd83
2 parents ecbeb95 + 9c9c110
commit 021cd83
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 22 deletions.
diff --git a/src/dnsmasq/forward.c b/src/dnsmasq/forward.c
@@ -1645,7 +1645,8 @@ void receive_query(struct listener *listen, time_t now)
 	{
 	  size_t plen = n;
 	  struct all_addr *addrp = NULL;
-	  unsigned int flags = (listen->family == AF_INET) ? F_IPV4 : F_IPV6;
+	  // DNS resource record type for AAAA is 28 (decimal) following RFC 3596, section 2.1
+	  unsigned int flags = (type == 28u) ? F_IPV6 : F_IPV4;
 	  FTL_get_blocking_metadata(&addrp, &flags);
 	  log_query(flags, daemon->namebuff, addrp, (char*)blockingreason);
 	  plen = setup_reply(header, n, addrp, flags, daemon->local_ttl);
@@ -2021,7 +2022,8 @@ unsigned char *tcp_request(int confd, time_t now,
 	  if(piholeblocked)
 	    {
 	      struct all_addr *addrp = NULL;
-	      unsigned int flags = (peer_addr.sa.sa_family == AF_INET) ? F_IPV4 : F_IPV6;
+	      // DNS resource record type for AAAA is 28 (decimal) following RFC 3596, section 2.1
+	      unsigned int flags = (qtype == 28u) ? F_IPV6 : F_IPV4;
 	      FTL_get_blocking_metadata(&addrp, &flags);
 	      log_query(flags, daemon->namebuff, addrp, (char*)blockingreason);
 	      m = setup_reply(header, size, addrp, flags, daemon->local_ttl);

diff --git a/src/dnsmasq_interface.c b/src/dnsmasq_interface.c
@@ -540,13 +540,6 @@ void _FTL_get_blocking_metadata(struct all_addr **addrp, unsigned int *flags, co
 
 	if(*flags & F_IPV6)
 	{
-		if(config.blockingmode == MODE_IP_NODATA_AAAA)
-		{
-			// Overwrite flags in this mode as the response
-			// for IPv4 and IPv6 is different
-			*flags = F_NEG;
-		}
-
 		// Pass blocking IPv6 address (will be :: in most cases)
 		*addrp = &blocking_addrp_v6;
 	}
@@ -555,6 +548,20 @@ void _FTL_get_blocking_metadata(struct all_addr **addrp, unsigned int *flags, co
 		// Pass blocking IPv4 address (will be 0.0.0.0 in most cases)
 		*addrp = &blocking_addrp_v4;
 	}
+
+	if(config.blockingmode == MODE_NX)
+	{
+		// If we block in NXDOMAIN mode, we add the NEGATIVE response
+		// and the NXDOMAIN flags
+		*flags = F_NXDOMAIN;
+	}
+	else if(config.blockingmode == MODE_NODATA ||
+	        (config.blockingmode == MODE_IP_NODATA_AAAA && (*flags & F_IPV6)))
+	{
+		// If we block in NODATA mode or NODATA for AAAA queries, we apply
+		// the NOERROR response flag. This ensures we're sending an empty response
+		*flags = F_NOERR;
+	}
 }
 
 static int findQueryID(const int id)
@@ -1674,19 +1681,6 @@ static void prepare_blocking_metadata(void)
 	// Free IPv4addr
 	clearSetupVarsArray();
 
-	if(config.blockingmode == MODE_NX)
-	{
-		// If we block in NXDOMAIN mode, we add the NXDOMAIN flag and make this host record
-		// also valid for AAAA requests
-		 blocking_flags |= F_NEG | F_NXDOMAIN;
-	}
-	else if(config.blockingmode == MODE_NODATA)
-	{
-		// If we block in NODATA mode, we make this host record also valid for AAAA requests
-		// and apply the NEG response flag (but not the NXDOMAIN flag)
-		blocking_flags |= F_NEG;
-	}
-
 	// Use the blocking IPv6 address from setupVars.conf only if needed for selected blocking mode
 	char* const IPv6addr = read_setupVarsconf("IPV6_ADDRESS");
 	if(config.blockingmode == MODE_IP &&