Re: [Dnsmasq-discuss] [PATCH] Add run-time option to disable CHAOS TXT records

Dominik Derigs via Dnsmasq-discuss Sun, 15 Jan 2023 00:52:45 -0800

Hey Simon and Petr, CC list,

Thanks for pointing this out. I fixed it and rebased on
latest master. New patch attached.


The name "--no-ident" has been chosen as the corresponding
compile-time option is called NO_ID - my feeling is that
this corresponds to "no identification (strings)".

I thought about adding the possibility to only disable a
subset of these CHAOS records but it seems to just add to
much code complexity for such a small feature. Hence a "all
or nothing" seems the best fit for me here.

Best,
Dominik

On Tue, 2023-01-03 at 10:48 +0000, Petr Menšík wrote:
> Hi Dominik,
> 
> Good idea. But there is copy&paste error on line 572, no
> help 
> description is changed for new option. What does --no-
> ident stand for by 
> the way? Wouldn't be --no-chaos more descriptive? Should
> we support 
> optional argument to disable only some parts of provided
> records? For 
> example cache statistics might be restricted to localhost
> only or 
> provided only by DBus, while version might be still useful
> to report.
> 
> Cheers,
> Petr


On Fri, 2022-12-23 at 12:54 +0100, Dominik Derigs wrote:
> Dear mailing list members,
> 
> In 2016, dnsmasq got the option to prevent serving the
> server version, some statistics and even the used upstream
> DNS servers to its clients. Compiling with -DNO_ID removes
> the entire *.bind info structure. However, setting -DNO_ID
> requires a (re-)compilation from source.
> 
> This patch adds a new run-time option --no-ident to achieve
> the same without the need for recompiling.
> 
> I wish you some nice and hopefully relaxing Christmas days!
> 
> Best regards,
> Dominik

From d16d26f5740fc9c90b4ec1580a878b34feed82ac Mon Sep 17 00:00:00 2001
From: DL6ER <dl...@dl6er.de>
Date: Fri, 23 Dec 2022 12:36:11 +0100
Subject: [PATCH] Add --no-ident option to disable CHAOS TXT records providing
 server details and statistics.

Signed-off-by: DL6ER <dl...@dl6er.de>
---
 man/dnsmasq.8 | 23 ++++++++++++++---------
 src/dnsmasq.h |  3 ++-
 src/option.c  | 37 ++++++++++++++++++++++---------------
 3 files changed, 38 insertions(+), 25 deletions(-)

diff --git a/man/dnsmasq.8 b/man/dnsmasq.8
index 2495ed1..3d1d96a 100644
--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -2215,6 +2215,20 @@ exit 0
 
 and /share/ads-domains.gz containing a compressed
 list of ad server domains will save disk space with large ad-server blocklists.
+.TP
+.B --no-ident
+Do not respond to class CHAOS and type TXT in domain bind queries.
+
+Without this option being set, the cache statistics are also available in the
+DNS as answers to queries of class CHAOS and type TXT in domain bind. The domain
+names are cachesize.bind, insertions.bind, evictions.bind, misses.bind,
+hits.bind, auth.bind and servers.bind unless disabled at compile-time. An
+example command to query this, using the
+.B dig
+utility would be
+
+dig +short chaos txt cachesize.bind
+
 .SH CONFIG FILE
 At startup, dnsmasq reads
 .I /etc/dnsmasq.conf,
@@ -2264,15 +2278,6 @@ resulted in an error. In
 mode or when full logging is enabled (\fB--log-queries\fP), a complete dump of the
 contents of the cache is made. 
 
-The cache statistics are also available in the DNS as answers to 
-queries of class CHAOS and type TXT in domain bind. The domain names are cachesize.bind, insertions.bind, evictions.bind, 
-misses.bind, hits.bind, auth.bind and servers.bind. An example command to query this, using the 
-.B dig
-utility would be
-
-dig +short chaos txt cachesize.bind
-
-.PP 
 When it receives SIGUSR2 and it is logging direct to a file (see
 .B --log-facility
 ) 
diff --git a/src/dnsmasq.h b/src/dnsmasq.h
index aaa6d62..fe9aa07 100644
--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -281,7 +281,8 @@ struct event_desc {
 #define OPT_STRIP_ECS      69
 #define OPT_STRIP_MAC      70
 #define OPT_NORR           71
-#define OPT_LAST           72
+#define OPT_NO_IDENT       72
+#define OPT_LAST           73
 
 #define OPTION_BITS (sizeof(unsigned int)*8)
 #define OPTION_SIZE ( (OPT_LAST/OPTION_BITS)+((OPT_LAST%OPTION_BITS)!=0) )
diff --git a/src/option.c b/src/option.c
index 8e61a6b..1ea529e 100644
--- a/src/option.c
+++ b/src/option.c
@@ -185,6 +185,7 @@ struct myoption {
 #define LOPT_FAST_RETRY    376
 #define LOPT_STALE_CACHE   377
 #define LOPT_NORR          378
+#define LOPT_NO_IDENT      379
 
 #ifdef HAVE_GETOPT_LONG
 static const struct option opts[] =  
@@ -374,6 +375,7 @@ static const struct myoption opts[] =
     { "port-limit", 1, 0, LOPT_RANDPORT_LIM },
     { "fast-dns-retry", 2, 0, LOPT_FAST_RETRY },
     { "use-stale-cache", 2, 0 , LOPT_STALE_CACHE },
+    { "no-ident", 0, 0, LOPT_NO_IDENT },
     { NULL, 0, 0, 0 }
   };
 
@@ -570,6 +572,7 @@ static struct {
   { LOPT_UMBRELLA, ARG_ONE, "[=<optspec>]", gettext_noop("Send Cisco Umbrella identifiers including remote IP."), NULL },
   { LOPT_QUIET_TFTP, OPT_QUIET_TFTP, NULL, gettext_noop("Do not log routine TFTP."), NULL },
   { LOPT_NORR, OPT_NORR, NULL, gettext_noop("Suppress round-robin ordering of DNS records."), NULL },
+  { LOPT_NO_IDENT, OPT_NO_IDENT, NULL, gettext_noop("Do not add CHAOS TXT records."), NULL },
   { 0, 0, NULL, NULL, NULL }
 }; 
 
@@ -5757,21 +5760,6 @@ void read_opts(int argc, char **argv, char *compile_opts)
   daemon->randport_limit = 1;
   daemon->host_index = SRC_AH;
   
-#ifndef NO_ID
-  add_txt("version.bind", "dnsmasq-" VERSION, 0 );
-  add_txt("authors.bind", "Simon Kelley", 0);
-  add_txt("copyright.bind", COPYRIGHT, 0);
-  add_txt("cachesize.bind", NULL, TXT_STAT_CACHESIZE);
-  add_txt("insertions.bind", NULL, TXT_STAT_INSERTS);
-  add_txt("evictions.bind", NULL, TXT_STAT_EVICTIONS);
-  add_txt("misses.bind", NULL, TXT_STAT_MISSES);
-  add_txt("hits.bind", NULL, TXT_STAT_HITS);
-#ifdef HAVE_AUTH
-  add_txt("auth.bind", NULL, TXT_STAT_AUTH);
-#endif
-  add_txt("servers.bind", NULL, TXT_STAT_SERVERS);
-#endif
-  
   /* See comment above make_servers(). Optimises server-read code. */
   mark_servers(0);
   
@@ -5861,6 +5849,25 @@ void read_opts(int argc, char **argv, char *compile_opts)
 
   free(argbuf);
 
+  /* Add TXT records if wanted */
+#ifndef NO_ID
+  if (!option_bool(OPT_NO_IDENT))
+    {
+      add_txt("version.bind", "dnsmasq-" VERSION, 0 );
+      add_txt("authors.bind", "Simon Kelley", 0);
+      add_txt("copyright.bind", COPYRIGHT, 0);
+      add_txt("cachesize.bind", NULL, TXT_STAT_CACHESIZE);
+      add_txt("insertions.bind", NULL, TXT_STAT_INSERTS);
+      add_txt("evictions.bind", NULL, TXT_STAT_EVICTIONS);
+      add_txt("misses.bind", NULL, TXT_STAT_MISSES);
+      add_txt("hits.bind", NULL, TXT_STAT_HITS);
+#ifdef HAVE_AUTH
+      add_txt("auth.bind", NULL, TXT_STAT_AUTH);
+#endif
+      add_txt("servers.bind", NULL, TXT_STAT_SERVERS);
+    }
+#endif
+
   if (conffile)
     {
       one_file(conffile, 0);
-- 
2.34.1

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

Re: [Dnsmasq-discuss] [PATCH] Add run-time option to disable CHAOS TXT records

Reply via email to