Home Explore Help
Sign In
golang
/
GeoDNS
mirror of https://github.com/abh/geodns
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Add option to make debugging queries private

Add an option to make debugging queries private, meaning only
accepted from the loopback address. The debugging query
(i.e. "_status" right now) contains
information which may be either commercially sensitive or
security sensitive. Therefore provide an option (-privatedebug)
which if set does not return these unless the query comes
from the loopback address.

"_country" is not so restricted as its only use for
debugging is from a non-loopback IP.

The logic looks a little clunky - this is to permit easy
merging of the "_health" RR later.

Signed-off-by: Alex Bligh <[email protected]>
Alex Bligh 10 years ago
parent
d57396c8fc
commit
bf840c060d
2 changed files with 14 additions and 10 deletions
Split View Show Diff Stats
  1. 10 9
      geodns.go
  2. 4 1
      serve.go

+ 10 - 9
geodns.go
View File 

@@ -51,15 +51,16 @@ var (
 
 var timeStarted = time.Now()
 
 
 var (
 
-	flagconfig      = flag.String("config", "./dns/", "directory of zone files")
 
-	flagcheckconfig = flag.Bool("checkconfig", false, "check configuration and exit")
 
-	flagidentifier  = flag.String("identifier", "", "identifier (hostname, pop name or similar)")
 
-	flaginter       = flag.String("interface", "*", "set the listener address")
 
-	flagport        = flag.String("port", "53", "default port number")
 
-	flaghttp        = flag.String("http", ":8053", "http listen address (:8053)")
 
-	flaglog         = flag.Bool("log", false, "be more verbose")
 
-	flagcpus        = flag.Int("cpus", 1, "Set the maximum number of CPUs to use")
 
-	flagLogFile     = flag.String("logfile", "", "log to file")
 
+	flagconfig       = flag.String("config", "./dns/", "directory of zone files")
 
+	flagcheckconfig  = flag.Bool("checkconfig", false, "check configuration and exit")
 
+	flagidentifier   = flag.String("identifier", "", "identifier (hostname, pop name or similar)")
 
+	flaginter        = flag.String("interface", "*", "set the listener address")
 
+	flagport         = flag.String("port", "53", "default port number")
 
+	flaghttp         = flag.String("http", ":8053", "http listen address (:8053)")
 
+	flaglog          = flag.Bool("log", false, "be more verbose")
 
+	flagcpus         = flag.Int("cpus", 1, "Set the maximum number of CPUs to use")
 
+	flagLogFile      = flag.String("logfile", "", "log to file")
 
+	flagPrivateDebug = flag.Bool("privatedebug", false, "Make debugging queries accepted only on loopback")
 
 
 	flagShowVersion = flag.Bool("version", false, "Show dnsconfig version")

+ 4 - 1
serve.go
View File 

@@ -41,6 +41,9 @@ func serve(w dns.ResponseWriter, req *dns.Msg, z *Zone) {
 
 
 	realIp, _, _ := net.SplitHostPort(w.RemoteAddr().String())
 
 
+	realIpIp := net.ParseIP(realIp)
 
+	permitDebug := !*flagPrivateDebug || (realIpIp != nil && realIpIp.IsLoopback())
 
+
 
 	z.Metrics.ClientStats.Add(realIp)
 
 
 	var ip net.IP // EDNS or real IP
 
@@ -101,7 +104,7 @@ func serve(w dns.ResponseWriter, req *dns.Msg, z *Zone) {
 
 
 		firstLabel := (strings.Split(label, "."))[0]
 
 
-		if firstLabel == "_status" {
 
+		if permitDebug && firstLabel == "_status" {
 
 			if qtype == dns.TypeANY || qtype == dns.TypeTXT {
 
 				m.Answer = statusRR(label + "." + z.Origin + ".")
 
 			} else {