Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix local domain and non-FQDN configuration #1900

Open
wants to merge 2 commits into
base: development-v6
Choose a base branch
from
Open

Fix local domain and non-FQDN configuration #1900

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ad46a10
We should only set local=/<domain>/ if there is no conditional forwar…
DL6ER Mar 7, 2024
231a985
If dns.domainNeeded is set, refuse to send plain domain queries (like…
DL6ER Mar 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
37 changes: 27 additions & 10 deletions src/config/dnsmasq_config.c
View file
Open in desktop
Expand Up @@ -449,6 +449,8 @@ bool __attribute__((const)) write_dnsmasq_config(struct config *conf, bool test_
}
fputs("\n", pihole_conf);

// Add upstream DNS servers for reverse lookups
bool domain_revServer = false;
const unsigned int revServers = cJSON_GetArraySize(conf->dns.revServers.v.json);
for(unsigned int i = 0; i < revServers; i++)
{
Expand Down Expand Up @@ -485,8 +487,15 @@ bool __attribute__((const)) write_dnsmasq_config(struct config *conf, bool test_
// If we have a reverse domain, we forward all queries to this domain to
// the same destination
if(strlen(domain) > 0)
{
fprintf(pihole_conf, "server=/%s/%s\n", domain, target);

// Check if the configured domain is the same as the main domain
if(strlen(config.dns.domain.v.s) > 0 &&
strcasecmp(domain, config.dns.domain.v.s) == 0)
domain_revServer = true;
}

// Forward unqualified names to the target only when the "never forward
// non-FQDN" option is NOT ticked
if(!conf->dns.domainNeeded.v.b)
Expand All @@ -497,27 +506,35 @@ bool __attribute__((const)) write_dnsmasq_config(struct config *conf, bool test_
free(copy);
}

// When there is a Pi-hole domain set and "Never forward non-FQDNs" is
// ticked, we add `local=/domain/` to signal that this domain is purely
// local and FTL may answer queries from /etc/hosts or DHCP but should
// never forward queries on that domain to any upstream servers
// When "Never forward non-FQDNs" is ticked, we add `local=//` to signal
// that non-FQDNs queries should never be sent to any upstream servers
if(conf->dns.domainNeeded.v.b)
{
fputs("# Never forward A or AAAA queries for plain names, without\n",pihole_conf);
fputs("# dots or domain parts, to upstream nameservers. If the name\n", pihole_conf);
fputs("# is not known from /etc/hosts or DHCP a NXDOMAIN is returned\n", pihole_conf);
if(strlen(conf->dns.domain.v.s))
fprintf(pihole_conf, "local=/%s/\n\n", conf->dns.domain.v.s);
else
fputs("\n", pihole_conf);
fputs("# is not known from /etc/hosts or DHCP, NXDOMAIN is returned\n", pihole_conf);
fputs("local=//\n\n", pihole_conf);
}

// Add domain to DNS server. It will also be used for DHCP if the DHCP
// server is enabled below
if(strlen(conf->dns.domain.v.s) > 0)
{
fputs("# DNS domain for both the DNS and DHCP server\n", pihole_conf);
fprintf(pihole_conf, "domain=%s\n\n", conf->dns.domain.v.s);
if(!domain_revServer)
{
fputs("# This DNS domain in purely local. FTL may answer queries from\n", pihole_conf);
fputs("# /etc/hosts or DHCP but should never forward queries on that\n", pihole_conf);
fputs("# domain to any upstream servers\n", pihole_conf);
fprintf(pihole_conf, "domain=%s\n", conf->dns.domain.v.s);
fprintf(pihole_conf, "local=/%s/\n\n", conf->dns.domain.v.s);
}
else
{
fputs("# This DNS domain is also used for reverse lookups\n", pihole_conf);
fputs("# (see server=/<domain>/target above)\n", pihole_conf);
fprintf(pihole_conf, "domain=%s\n\n", conf->dns.domain.v.s);
}
}

if(conf->dhcp.active.v.b)
Expand Down