From 1fc615eeb8157af88b11429444104bbb487ef0fe Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:16:30 +0530 Subject: [PATCH 01/30] AuthZoneManager: Added LoadSpecialPrimaryZones() methods to allow bulk loading/importing zones. Updated Query() to add isRecursionAllowed parameter to be used to set expected RA flag value. Minor code refactoring changes done. --- .../Dns/ZoneManagers/AuthZoneManager.cs | 84 ++++++++++++++----- 1 file changed, 63 insertions(+), 21 deletions(-) diff --git a/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs b/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs index d7b64b14..eb153bd1 100644 --- a/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs +++ b/DnsServerCore/Dns/ZoneManagers/AuthZoneManager.cs @@ -134,18 +134,14 @@ namespace DnsServerCore.Dns.ZoneManagers } catch (Exception ex) { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write(ex); + _dnsServer.LogManager?.Write(ex); } } } } catch (Exception ex) { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write(ex); + _dnsServer.LogManager?.Write(ex); } //update server domain @@ -744,15 +740,11 @@ namespace DnsServerCore.Dns.ZoneManagers _zoneIndex.Add(zoneInfo); } - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server successfully loaded zone file: " + zoneFile); + _dnsServer.LogManager?.Write("DNS Server successfully loaded zone file: " + zoneFile); } catch (Exception ex) { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server failed to load zone file: " + zoneFile + "\r\n" + ex.ToString()); + _dnsServer.LogManager?.Write("DNS Server failed to load zone file: " + zoneFile + "\r\n" + ex.ToString()); } } @@ -788,6 +780,60 @@ namespace DnsServerCore.Dns.ZoneManagers return null; } + internal void LoadSpecialPrimaryZones(IReadOnlyList zoneNames, DnsSOARecordData soaRecord, DnsNSRecordData ns) + { + _zoneIndexLock.EnterWriteLock(); + try + { + foreach (string zoneName in zoneNames) + { + PrimaryZone apexZone = new PrimaryZone(_dnsServer, zoneName, soaRecord, ns); + + if (_root.TryAdd(apexZone)) + { + AuthZoneInfo zoneInfo = new AuthZoneInfo(apexZone); + _zoneIndex.Add(zoneInfo); + } + } + + _zoneIndex.Sort(); + } + finally + { + _zoneIndexLock.ExitWriteLock(); + } + } + + internal void LoadSpecialPrimaryZones(Func getZoneName, DnsSOARecordData soaRecord, DnsNSRecordData ns) + { + _zoneIndexLock.EnterWriteLock(); + try + { + string zoneName; + + while (true) + { + zoneName = getZoneName(); + if (zoneName is null) + break; + + PrimaryZone apexZone = new PrimaryZone(_dnsServer, zoneName, soaRecord, ns); + + if (_root.TryAdd(apexZone)) + { + AuthZoneInfo zoneInfo = new AuthZoneInfo(apexZone); + _zoneIndex.Add(zoneInfo); + } + } + + _zoneIndex.Sort(); + } + finally + { + _zoneIndexLock.ExitWriteLock(); + } + } + public AuthZoneInfo CreatePrimaryZone(string zoneName, string primaryNameServer, bool @internal) { PrimaryZone apexZone = new PrimaryZone(_dnsServer, zoneName, primaryNameServer, @internal); @@ -1849,7 +1895,7 @@ namespace DnsServerCore.Dns.ZoneManagers return null; } - public DnsDatagram Query(DnsDatagram request) + public DnsDatagram Query(DnsDatagram request, bool isRecursionAllowed) { DnsQuestionRecord question = request.Question[0]; @@ -1934,7 +1980,7 @@ namespace DnsServerCore.Dns.ZoneManagers } } - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, false, false, false, rCode, request.Question, answer, authority); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, isRecursionAllowed, false, false, rCode, request.Question, answer, authority); } else { @@ -2092,7 +2138,7 @@ namespace DnsServerCore.Dns.ZoneManagers } } - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, authority, additional); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, authority, additional); } } @@ -2350,9 +2396,7 @@ namespace DnsServerCore.Dns.ZoneManagers } } - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("Saved zone file for domain: " + (zoneName == "" ? "" : zoneName)); + _dnsServer.LogManager?.Write("Saved zone file for domain: " + (zoneName == "" ? "" : zoneName)); } public void DeleteZoneFile(string zoneName) @@ -2361,9 +2405,7 @@ namespace DnsServerCore.Dns.ZoneManagers File.Delete(Path.Combine(_dnsServer.ConfigFolder, "zones", zoneName + ".zone")); - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("Deleted zone file for domain: " + zoneName); + _dnsServer.LogManager?.Write("Deleted zone file for domain: " + zoneName); } #endregion From 5f831ed99806c0bc39b97206bc6eb8fe1f44b347 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:18:09 +0530 Subject: [PATCH 02/30] AllowedZoneManager: using LoadSpecialPrimaryZones() to bulk load and import to avoid loading delays due to indexing. Minor code refactoring changes done. --- .../Dns/ZoneManagers/AllowedZoneManager.cs | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/DnsServerCore/Dns/ZoneManagers/AllowedZoneManager.cs b/DnsServerCore/Dns/ZoneManagers/AllowedZoneManager.cs index 7b94a70d..5f34fc6d 100644 --- a/DnsServerCore/Dns/ZoneManagers/AllowedZoneManager.cs +++ b/DnsServerCore/Dns/ZoneManagers/AllowedZoneManager.cs @@ -76,9 +76,7 @@ namespace DnsServerCore.Dns.ZoneManagers try { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server is loading allowed zone file: " + allowedZoneFile); + _dnsServer.LogManager?.Write("DNS Server is loading allowed zone file: " + allowedZoneFile); using (FileStream fS = new FileStream(allowedZoneFile, FileMode.Open, FileAccess.Read)) { @@ -92,9 +90,15 @@ namespace DnsServerCore.Dns.ZoneManagers { case 1: int length = bR.ReadInt32(); + int i = 0; - for (int i = 0; i < length; i++) - AllowZone(bR.ReadShortString()); + _zoneManager.LoadSpecialPrimaryZones(delegate () + { + if (i++ < length) + return bR.ReadShortString(); + + return null; + }, _soaRecord, _nsRecord); break; @@ -103,19 +107,21 @@ namespace DnsServerCore.Dns.ZoneManagers } } - if (log != null) - log.Write("DNS Server allowed zone file was loaded: " + allowedZoneFile); + _dnsServer.LogManager?.Write("DNS Server allowed zone file was loaded: " + allowedZoneFile); } catch (FileNotFoundException) { } catch (Exception ex) { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server encountered an error while loading allowed zone file: " + allowedZoneFile + "\r\n" + ex.ToString()); + _dnsServer.LogManager?.Write("DNS Server encountered an error while loading allowed zone file: " + allowedZoneFile + "\r\n" + ex.ToString()); } } + public void ImportZones(string[] domains) + { + _zoneManager.LoadSpecialPrimaryZones(domains, _soaRecord, _nsRecord); + } + public bool AllowZone(string domain) { if (_zoneManager.CreateSpecialPrimaryZone(domain, _soaRecord, _nsRecord) != null) @@ -171,9 +177,7 @@ namespace DnsServerCore.Dns.ZoneManagers bW.WriteShortString(zone.Name); } - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server allowed zone file was saved: " + allowedZoneFile); + _dnsServer.LogManager?.Write("DNS Server allowed zone file was saved: " + allowedZoneFile); } public bool IsAllowed(DnsDatagram request) @@ -181,7 +185,7 @@ namespace DnsServerCore.Dns.ZoneManagers if (_zoneManager.TotalZones < 1) return false; - return _zoneManager.Query(request) is not null; + return _zoneManager.Query(request, false) is not null; } #endregion From 03603b1482d3823e55dfb69a6e4e26f07caa78bd Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:18:37 +0530 Subject: [PATCH 03/30] BlockedZoneManager: using LoadSpecialPrimaryZones() to bulk load and import to avoid loading delays due to indexing. Minor code refactoring changes done. --- .../Dns/ZoneManagers/BlockedZoneManager.cs | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/DnsServerCore/Dns/ZoneManagers/BlockedZoneManager.cs b/DnsServerCore/Dns/ZoneManagers/BlockedZoneManager.cs index cfe11d88..f4472753 100644 --- a/DnsServerCore/Dns/ZoneManagers/BlockedZoneManager.cs +++ b/DnsServerCore/Dns/ZoneManagers/BlockedZoneManager.cs @@ -87,16 +87,12 @@ namespace DnsServerCore.Dns.ZoneManagers } catch (Exception ex) { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write(ex); + _dnsServer.LogManager?.Write(ex); } try { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server is loading blocked zone file: " + blockedZoneFile); + _dnsServer.LogManager?.Write("DNS Server is loading blocked zone file: " + blockedZoneFile); using (FileStream fS = new FileStream(blockedZoneFile, FileMode.Open, FileAccess.Read)) { @@ -110,9 +106,15 @@ namespace DnsServerCore.Dns.ZoneManagers { case 1: int length = bR.ReadInt32(); + int i = 0; - for (int i = 0; i < length; i++) - BlockZone(bR.ReadShortString()); + _zoneManager.LoadSpecialPrimaryZones(delegate () + { + if (i++ < length) + return bR.ReadShortString(); + + return null; + }, _soaRecord, _nsRecord); break; @@ -121,19 +123,21 @@ namespace DnsServerCore.Dns.ZoneManagers } } - if (log != null) - log.Write("DNS Server blocked zone file was loaded: " + blockedZoneFile); + _dnsServer.LogManager?.Write("DNS Server blocked zone file was loaded: " + blockedZoneFile); } catch (FileNotFoundException) { } catch (Exception ex) { - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server encountered an error while loading blocked zone file: " + blockedZoneFile + "\r\n" + ex.ToString()); + _dnsServer.LogManager?.Write("DNS Server encountered an error while loading blocked zone file: " + blockedZoneFile + "\r\n" + ex.ToString()); } } + public void ImportZones(string[] domains) + { + _zoneManager.LoadSpecialPrimaryZones(domains, _soaRecord, _nsRecord); + } + public bool BlockZone(string domain) { if (_zoneManager.CreateSpecialPrimaryZone(domain, _soaRecord, _nsRecord) != null) @@ -189,9 +193,7 @@ namespace DnsServerCore.Dns.ZoneManagers bW.WriteShortString(zone.Name); } - LogManager log = _dnsServer.LogManager; - if (log != null) - log.Write("DNS Server blocked zone file was saved: " + blockedZoneFile); + _dnsServer.LogManager?.Write("DNS Server blocked zone file was saved: " + blockedZoneFile); } public DnsDatagram Query(DnsDatagram request) @@ -199,7 +201,7 @@ namespace DnsServerCore.Dns.ZoneManagers if (_zoneManager.TotalZones < 1) return null; - return _zoneManager.Query(request); + return _zoneManager.Query(request, false); } #endregion From ff54d6a38e7ea78c241e07197c92bf9ef36319c6 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:19:42 +0530 Subject: [PATCH 04/30] WebServiceOtherZonesApi: updated ImportAllowedZones() and ImportBlockedZones() to use new ImportZones() method to allow fast bulk importing. --- DnsServerCore/WebServiceOtherZonesApi.cs | 28 +++++------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/DnsServerCore/WebServiceOtherZonesApi.cs b/DnsServerCore/WebServiceOtherZonesApi.cs index 7ab8b785..6e78a1f8 100644 --- a/DnsServerCore/WebServiceOtherZonesApi.cs +++ b/DnsServerCore/WebServiceOtherZonesApi.cs @@ -237,19 +237,11 @@ namespace DnsServerCore string allowedZones = request.GetQueryOrForm("allowedZones"); string[] allowedZonesList = allowedZones.Split(','); - bool added = false; - foreach (string allowedZone in allowedZonesList) - { - if (_dnsWebService.DnsServer.AllowedZoneManager.AllowZone(allowedZone)) - added = true; - } + _dnsWebService.DnsServer.AllowedZoneManager.ImportZones(allowedZonesList); - if (added) - { - _dnsWebService._log.Write(context.GetRemoteEndPoint(), "[" + session.User.Username + "] Total " + allowedZonesList.Length + " zones were imported into allowed zone successfully."); - _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile(); - } + _dnsWebService._log.Write(context.GetRemoteEndPoint(), "[" + session.User.Username + "] Total " + allowedZonesList.Length + " zones were imported into allowed zone successfully."); + _dnsWebService.DnsServer.AllowedZoneManager.SaveZoneFile(); } public async Task ExportAllowedZonesAsync(HttpContext context) @@ -409,19 +401,11 @@ namespace DnsServerCore string blockedZones = request.GetQueryOrForm("blockedZones"); string[] blockedZonesList = blockedZones.Split(','); - bool added = false; - foreach (string blockedZone in blockedZonesList) - { - if (_dnsWebService.DnsServer.BlockedZoneManager.BlockZone(blockedZone)) - added = true; - } + _dnsWebService.DnsServer.BlockedZoneManager.ImportZones(blockedZonesList); - if (added) - { - _dnsWebService._log.Write(context.GetRemoteEndPoint(), "[" + session.User.Username + "] Total " + blockedZonesList.Length + " zones were imported into blocked zone successfully."); - _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile(); - } + _dnsWebService._log.Write(context.GetRemoteEndPoint(), "[" + session.User.Username + "] Total " + blockedZonesList.Length + " zones were imported into blocked zone successfully."); + _dnsWebService.DnsServer.BlockedZoneManager.SaveZoneFile(); } public async Task ExportBlockedZonesAsync(HttpContext context) From f97738e7e8219fc0cbaf31adca380d227da457b7 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:20:41 +0530 Subject: [PATCH 05/30] LogManager: updated response logging to add [TRUNCATED] log when TC flag is set to distinguish the log entry from empty response. --- DnsServerCore/LogManager.cs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/DnsServerCore/LogManager.cs b/DnsServerCore/LogManager.cs index 4ba1994a..27d04856 100644 --- a/DnsServerCore/LogManager.cs +++ b/DnsServerCore/LogManager.cs @@ -573,7 +573,10 @@ namespace DnsServerCore if (response.Answer.Count == 0) { - answer = "[]"; + if (response.Truncation) + answer = "[TRUNCATED]"; + else + answer = "[]"; } else if ((response.Answer.Count > 2) && response.IsZoneTransfer) { From 003379efa6b666d74984ed1e2e700b8611c34509 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:21:54 +0530 Subject: [PATCH 06/30] webapp: fixed zone table sort issue and other minor blog entry title change done. --- DnsServerCore/www/index.html | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/DnsServerCore/www/index.html b/DnsServerCore/www/index.html index 081342e3..7ded04aa 100644 --- a/DnsServerCore/www/index.html +++ b/DnsServerCore/www/index.html @@ -393,12 +393,12 @@ - - - - - - + + + + + + @@ -505,11 +505,11 @@
#ZoneTypeDNSSECStatusExpiry#ZoneTypeDNSSECStatusExpiry
- - - - - + + + + + @@ -1274,7 +1274,7 @@ 
openssl pkcs12 -export -out "example.com.pfx" -inkey "privkey.pem" -in "cert.pem" -certfile "chain.pem"
- + From 157115b48e76f86a107066a85f0255150315bd79 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:22:31 +0530 Subject: [PATCH 07/30] ResolverDnsCache: minor refactoring change. --- DnsServerCore/Dns/ResolverDnsCache.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DnsServerCore/Dns/ResolverDnsCache.cs b/DnsServerCore/Dns/ResolverDnsCache.cs index 6605e488..c033ebbb 100644 --- a/DnsServerCore/Dns/ResolverDnsCache.cs +++ b/DnsServerCore/Dns/ResolverDnsCache.cs @@ -157,7 +157,7 @@ namespace DnsServerCore.Dns if (authResponse is null) { - authResponse = _authZoneManager.Query(request); + authResponse = _authZoneManager.Query(request, true); if (authResponse is not null) { if ((authResponse.RCODE != DnsResponseCode.NoError) || (authResponse.Answer.Count > 0) || (authResponse.Authority.Count == 0) || authResponse.IsFirstAuthoritySOA()) From bbf4a2e773f7533da43e4dbdb7d61b05a30878ab Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:26:05 +0530 Subject: [PATCH 08/30] DnsServer: updated ProcessUdpRequestAsync() to handle truncation for MX response to allow trying once after removing glue records before sending a TC response due to issues with some old mail servers that do not retry over TCP when TC response is received. Updated ProcessRecursiveQueryAsync() to use EDNS request to allow relaying extended DNS error response from blocked zone to client. --- DnsServerCore/Dns/DnsServer.cs | 38 +++++++++++++++++++++++++++------- 1 file changed, 30 insertions(+), 8 deletions(-) diff --git a/DnsServerCore/Dns/DnsServer.cs b/DnsServerCore/Dns/DnsServer.cs index 8629add2..5a414a7e 100644 --- a/DnsServerCore/Dns/DnsServer.cs +++ b/DnsServerCore/Dns/DnsServer.cs @@ -435,10 +435,32 @@ namespace DnsServerCore.Dns } else { - if (response.Question[0].Type == DnsResourceRecordType.IXFR) - response = new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, false, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, response.RCODE, response.Question, new DnsResourceRecord[] { response.Answer[0] }, null, null, request.EDNS is null ? ushort.MinValue : _udpPayloadSize) { Tag = DnsServerResponseType.Authoritative }; //truncate response - else - response = new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, true, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, response.RCODE, response.Question, null, null, null, request.EDNS is null ? ushort.MinValue : _udpPayloadSize) { Tag = DnsServerResponseType.Authoritative }; + switch (response.Question[0].Type) + { + case DnsResourceRecordType.MX: + //removing glue records and trying again since some mail servers fail to fallback to TCP on truncation + response = response.CloneWithoutGlueRecords(); + sendBufferStream.Position = 0; + + try + { + response.WriteTo(sendBufferStream); + } + catch (NotSupportedException) + { + //send TC since response is still big even after removing glue records + response = new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, true, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, response.RCODE, response.Question, null, null, null, request.EDNS is null ? ushort.MinValue : _udpPayloadSize) { Tag = DnsServerResponseType.Authoritative }; + } + break; + + case DnsResourceRecordType.IXFR: + response = new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, false, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, response.RCODE, response.Question, new DnsResourceRecord[] { response.Answer[0] }, null, null, request.EDNS is null ? ushort.MinValue : _udpPayloadSize) { Tag = DnsServerResponseType.Authoritative }; //truncate response + break; + + default: + response = new DnsDatagram(response.Identifier, true, response.OPCODE, response.AuthoritativeAnswer, true, response.RecursionDesired, response.RecursionAvailable, response.AuthenticData, response.CheckingDisabled, response.RCODE, response.Question, null, null, null, request.EDNS is null ? ushort.MinValue : _udpPayloadSize) { Tag = DnsServerResponseType.Authoritative }; + break; + } } sendBufferStream.Position = 0; @@ -1932,7 +1954,7 @@ namespace DnsServerCore.Dns } } - DnsDatagram response = _authZoneManager.Query(request); + DnsDatagram response = _authZoneManager.Query(request, isRecursionAllowed); if (response is not null) { response.Tag = DnsServerResponseType.Authoritative; @@ -2514,7 +2536,7 @@ namespace DnsServerCore.Dns if (record.Type != DnsResourceRecordType.CNAME) break; //no further CNAME records exists - DnsDatagram newRequest = new DnsDatagram(0, false, DnsOpcode.StandardQuery, false, false, true, false, false, false, DnsResponseCode.NoError, new DnsQuestionRecord[] { new DnsQuestionRecord((record.RDATA as DnsCNAMERecordData).Domain, request.Question[0].Type, request.Question[0].Class) }); + DnsDatagram newRequest = new DnsDatagram(0, false, DnsOpcode.StandardQuery, false, false, true, false, false, false, DnsResponseCode.NoError, new DnsQuestionRecord[] { new DnsQuestionRecord((record.RDATA as DnsCNAMERecordData).Domain, request.Question[0].Type, request.Question[0].Class) }, null, null, null, _udpPayloadSize); //check allowed zone inAllowedZone = _allowedZoneManager.IsAllowed(newRequest) || _blockListZoneManager.IsAllowed(newRequest); @@ -2535,8 +2557,8 @@ namespace DnsServerCore.Dns //copy last response answers answer.AddRange(blockedResponse.Answer); - //cname response cannot be for type NS, MX, SRV so no additional section in response - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, true, true, false, false, DnsResponseCode.NoError, request.Question, answer, blockedResponse.Authority) { Tag = blockedResponse.Tag }; + //include blocked response additional section to pass on Extended DNS Errors + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, true, true, false, false, DnsResponseCode.NoError, request.Question, answer, blockedResponse.Authority, blockedResponse.Additional) { Tag = blockedResponse.Tag }; } } } From 3b314225d3323b011a5d5a72b9c6b14f0afbb177 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:27:30 +0530 Subject: [PATCH 09/30] BlockPage: updated app to support "enableWebServer" config option to stop the web server from starting when not needed without need to uninstall the app. --- Apps/BlockPageApp/App.cs | 14 ++++++++++++++ Apps/BlockPageApp/dnsApp.config | 1 + 2 files changed, 15 insertions(+) diff --git a/Apps/BlockPageApp/App.cs b/Apps/BlockPageApp/App.cs index 1b9a912d..c94d9453 100644 --- a/Apps/BlockPageApp/App.cs +++ b/Apps/BlockPageApp/App.cs @@ -485,6 +485,13 @@ namespace BlockPage using JsonDocument jsonDocument = JsonDocument.Parse(config); JsonElement jsonConfig = jsonDocument.RootElement; + bool enableWebServer = jsonConfig.GetPropertyValue("enableWebServer", true); + if (!enableWebServer) + { + StopWebServer(); + return; + } + _webServerLocalAddresses = jsonConfig.ReadArray("webServerLocalAddresses", IPAddress.Parse); if (jsonConfig.TryGetProperty("webServerUseSelfSignedTlsCertificate", out JsonElement jsonWebServerUseSelfSignedTlsCertificate)) @@ -573,6 +580,13 @@ namespace BlockPage await File.WriteAllTextAsync(Path.Combine(dnsServer.ApplicationFolder, "dnsApp.config"), config); } + + if (!jsonConfig.TryGetProperty("enableWebServer", out _)) + { + config = config.Replace("\"webServerLocalAddresses\"", "\"enableWebServer\": true,\r\n \"webServerLocalAddresses\""); + + await File.WriteAllTextAsync(Path.Combine(dnsServer.ApplicationFolder, "dnsApp.config"), config); + } } #endregion diff --git a/Apps/BlockPageApp/dnsApp.config b/Apps/BlockPageApp/dnsApp.config index 9d9119ad..e095d4bc 100644 --- a/Apps/BlockPageApp/dnsApp.config +++ b/Apps/BlockPageApp/dnsApp.config @@ -1,4 +1,5 @@ { + "enableWebServer": true, "webServerLocalAddresses": [ "0.0.0.0", "::" From 24222d0bf10eff799ca7f1db284a9a876f22cf43 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:28:18 +0530 Subject: [PATCH 10/30] DnsBlockList: setting correct RA flag in response. --- Apps/DnsBlockListApp/App.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Apps/DnsBlockListApp/App.cs b/Apps/DnsBlockListApp/App.cs index d1d13e55..956aeaf6 100644 --- a/Apps/DnsBlockListApp/App.cs +++ b/Apps/DnsBlockListApp/App.cs @@ -242,11 +242,11 @@ namespace DnsBlockList switch (question.Type) { case DnsResourceRecordType.A: - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { new DnsResourceRecord(qname, DnsResourceRecordType.A, question.Class, appRecordTtl, new DnsARecordData(responseA)) }); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { new DnsResourceRecord(qname, DnsResourceRecordType.A, question.Class, appRecordTtl, new DnsARecordData(responseA)) }); case DnsResourceRecordType.TXT: if (!string.IsNullOrEmpty(responseTXT)) - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { new DnsResourceRecord(qname, DnsResourceRecordType.TXT, question.Class, appRecordTtl, new DnsTXTRecordData(responseTXT)) }); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { new DnsResourceRecord(qname, DnsResourceRecordType.TXT, question.Class, appRecordTtl, new DnsTXTRecordData(responseTXT)) }); break; } @@ -254,7 +254,7 @@ namespace DnsBlockList //NODATA response DnsDatagram soaResponse = await _dnsServer.DirectQueryAsync(new DnsQuestionRecord(zoneName, DnsResourceRecordType.SOA, DnsClass.IN)); - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, null, soaResponse.Answer); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, null, soaResponse.Answer); } } From 1b5ccf49a29c33f4a84ac093c09c3d0ff81b36e7 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:29:06 +0530 Subject: [PATCH 11/30] Failover: setting correct RA flag in response. --- Apps/FailoverApp/Address.cs | 4 ++-- Apps/FailoverApp/CNAME.cs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Apps/FailoverApp/Address.cs b/Apps/FailoverApp/Address.cs index 38d873cb..cf60fd9e 100644 --- a/Apps/FailoverApp/Address.cs +++ b/Apps/FailoverApp/Address.cs @@ -218,7 +218,7 @@ namespace Failover if (answers.Count > 1) answers.Shuffle(); - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers)); } case DnsResourceRecordType.TXT: @@ -257,7 +257,7 @@ namespace Failover if (jsonAppRecordData.TryGetProperty("secondary", out JsonElement jsonSecondary)) GetStatusAnswers(jsonSecondary, FailoverType.Secondary, question, 30, healthCheck, healthCheckUrl, answers); - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers)); } default: diff --git a/Apps/FailoverApp/CNAME.cs b/Apps/FailoverApp/CNAME.cs index c00dff30..785b7e43 100644 --- a/Apps/FailoverApp/CNAME.cs +++ b/Apps/FailoverApp/CNAME.cs @@ -195,7 +195,7 @@ namespace Failover } } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers)); } #endregion From 6412f41af1d3fa199cb4686c077ee0e081eb074d Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:29:37 +0530 Subject: [PATCH 12/30] GeoContinent: setting correct RA flag in response. --- Apps/GeoContinentApp/Address.cs | 2 +- Apps/GeoContinentApp/CNAME.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Apps/GeoContinentApp/Address.cs b/Apps/GeoContinentApp/Address.cs index 38ed82d2..63b51f05 100644 --- a/Apps/GeoContinentApp/Address.cs +++ b/Apps/GeoContinentApp/Address.cs @@ -160,7 +160,7 @@ namespace GeoContinent options = EDnsClientSubnetOptionData.GetEDnsClientSubnetOption(requestECS.SourcePrefixLength, 0, requestECS.Address); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); } default: diff --git a/Apps/GeoContinentApp/CNAME.cs b/Apps/GeoContinentApp/CNAME.cs index b0dbfb6a..1433083c 100644 --- a/Apps/GeoContinentApp/CNAME.cs +++ b/Apps/GeoContinentApp/CNAME.cs @@ -133,7 +133,7 @@ namespace GeoContinent options = EDnsClientSubnetOptionData.GetEDnsClientSubnetOption(requestECS.SourcePrefixLength, 0, requestECS.Address); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); } #endregion From c4d56b2120c87f256adeb45982792d72517c3b4c Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:30:13 +0530 Subject: [PATCH 13/30] GeoCountry: setting correct RA flag in response. --- Apps/GeoCountryApp/Address.cs | 2 +- Apps/GeoCountryApp/CNAME.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Apps/GeoCountryApp/Address.cs b/Apps/GeoCountryApp/Address.cs index c1990b95..5d49c9b1 100644 --- a/Apps/GeoCountryApp/Address.cs +++ b/Apps/GeoCountryApp/Address.cs @@ -160,7 +160,7 @@ namespace GeoCountry options = EDnsClientSubnetOptionData.GetEDnsClientSubnetOption(requestECS.SourcePrefixLength, 0, requestECS.Address); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); } default: diff --git a/Apps/GeoCountryApp/CNAME.cs b/Apps/GeoCountryApp/CNAME.cs index 4c2cc371..569d5e57 100644 --- a/Apps/GeoCountryApp/CNAME.cs +++ b/Apps/GeoCountryApp/CNAME.cs @@ -133,7 +133,7 @@ namespace GeoCountry options = EDnsClientSubnetOptionData.GetEDnsClientSubnetOption(requestECS.SourcePrefixLength, 0, requestECS.Address); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); } #endregion From 6a0eef7b394664c69cf861bc612d820e5519c790 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:30:43 +0530 Subject: [PATCH 14/30] GeoDistance: setting correct RA flag in response. --- Apps/GeoDistanceApp/Address.cs | 2 +- Apps/GeoDistanceApp/CNAME.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Apps/GeoDistanceApp/Address.cs b/Apps/GeoDistanceApp/Address.cs index be6ebaca..3e2ddc76 100644 --- a/Apps/GeoDistanceApp/Address.cs +++ b/Apps/GeoDistanceApp/Address.cs @@ -192,7 +192,7 @@ namespace GeoDistance options = EDnsClientSubnetOptionData.GetEDnsClientSubnetOption(requestECS.SourcePrefixLength, 0, requestECS.Address); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); } default: diff --git a/Apps/GeoDistanceApp/CNAME.cs b/Apps/GeoDistanceApp/CNAME.cs index 70b78013..e9edae6b 100644 --- a/Apps/GeoDistanceApp/CNAME.cs +++ b/Apps/GeoDistanceApp/CNAME.cs @@ -165,7 +165,7 @@ namespace GeoDistance options = EDnsClientSubnetOptionData.GetEDnsClientSubnetOption(requestECS.SourcePrefixLength, 0, requestECS.Address); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers, null, null, _dnsServer.UdpPayloadSize, EDnsHeaderFlags.None, options)); } #endregion From 80dae846b442850ce4b93882229d2e0da2a74e19 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:31:06 +0530 Subject: [PATCH 15/30] NoData: setting correct RA flag in response. --- Apps/NoDataApp/App.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Apps/NoDataApp/App.cs b/Apps/NoDataApp/App.cs index 7c907473..f634ec77 100644 --- a/Apps/NoDataApp/App.cs +++ b/Apps/NoDataApp/App.cs @@ -59,7 +59,7 @@ namespace NoData { DnsResourceRecordType blockedType = Enum.Parse(jsonBlockedType.GetString(), true); if ((blockedType == question.Type) || (blockedType == DnsResourceRecordType.ANY)) - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, false, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, false, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question)); } } From e217bf6ef9c8d89819f1d4066c35f238473c12d2 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:31:37 +0530 Subject: [PATCH 16/30] SplitHorizon: setting correct RA flag in response. --- Apps/SplitHorizonApp/SimpleAddress.cs | 2 +- Apps/SplitHorizonApp/SimpleCNAME.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Apps/SplitHorizonApp/SimpleAddress.cs b/Apps/SplitHorizonApp/SimpleAddress.cs index 11c84f44..2117ce2d 100644 --- a/Apps/SplitHorizonApp/SimpleAddress.cs +++ b/Apps/SplitHorizonApp/SimpleAddress.cs @@ -222,7 +222,7 @@ namespace SplitHorizon if (answers.Count > 1) answers.Shuffle(); - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers)); } default: diff --git a/Apps/SplitHorizonApp/SimpleCNAME.cs b/Apps/SplitHorizonApp/SimpleCNAME.cs index 46d1d4fe..c0ed93c2 100644 --- a/Apps/SplitHorizonApp/SimpleCNAME.cs +++ b/Apps/SplitHorizonApp/SimpleCNAME.cs @@ -113,7 +113,7 @@ namespace SplitHorizon else answers = new DnsResourceRecord[] { new DnsResourceRecord(question.Name, DnsResourceRecordType.CNAME, DnsClass.IN, appRecordTtl, new DnsCNAMERecordData(cname)) }; - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, answers)); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, answers)); } #endregion From aeb69b8acfc6ad208db3aea2396729ad818675c6 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:31:59 +0530 Subject: [PATCH 17/30] WhatIsMyDns: setting correct RA flag in response. --- Apps/WhatIsMyDnsApp/App.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Apps/WhatIsMyDnsApp/App.cs b/Apps/WhatIsMyDnsApp/App.cs index 3b0c02aa..a997212d 100644 --- a/Apps/WhatIsMyDnsApp/App.cs +++ b/Apps/WhatIsMyDnsApp/App.cs @@ -73,7 +73,7 @@ namespace WhatIsMyDns return Task.FromResult(null); } - return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { answer })); + return Task.FromResult(new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { answer })); } #endregion From 232146bd1976f727314e5d8c5486c357a601b4c7 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sun, 5 Mar 2023 19:32:28 +0530 Subject: [PATCH 18/30] WildIp: setting correct RA flag in response. --- Apps/WildIpApp/App.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Apps/WildIpApp/App.cs b/Apps/WildIpApp/App.cs index 900c8c1d..2c637fd4 100644 --- a/Apps/WildIpApp/App.cs +++ b/Apps/WildIpApp/App.cs @@ -104,10 +104,10 @@ namespace WildIp //NODATA reponse DnsDatagram soaResponse = await _dnsServer.DirectQueryAsync(new DnsQuestionRecord(zoneName, DnsResourceRecordType.SOA, DnsClass.IN)); - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, null, soaResponse.Answer); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, null, soaResponse.Answer); } - return new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, false, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { answer }); + return new DnsDatagram(request.Identifier, true, request.OPCODE, true, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.NoError, request.Question, new DnsResourceRecord[] { answer }); } #endregion From 6c3168f5d4982b4a5642ec6fb15b1f66881a83de Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:11:09 +0530 Subject: [PATCH 19/30] AdvancedBlocking: updated ProcessRequestAsync() allowed domain resolution handling to log better error log. Updated DownloadListFileAsync() to perform http retries. --- Apps/AdvancedBlockingApp/App.cs | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/Apps/AdvancedBlockingApp/App.cs b/Apps/AdvancedBlockingApp/App.cs index 28a9228a..4ace1247 100644 --- a/Apps/AdvancedBlockingApp/App.cs +++ b/Apps/AdvancedBlockingApp/App.cs @@ -35,6 +35,7 @@ using TechnitiumLibrary.Net; using TechnitiumLibrary.Net.Dns; using TechnitiumLibrary.Net.Dns.EDnsOptions; using TechnitiumLibrary.Net.Dns.ResourceRecords; +using TechnitiumLibrary.Net.Http.Client; namespace AdvancedBlocking { @@ -446,11 +447,18 @@ namespace AdvancedBlocking { if (allowed) { - DnsDatagram internalResponse = await _dnsServer.DirectQueryAsync(request); - if (internalResponse.Tag is null) - internalResponse.Tag = DnsServerResponseType.Recursive; + try + { + DnsDatagram internalResponse = await _dnsServer.DirectQueryAsync(request); + if (internalResponse.Tag is null) + internalResponse.Tag = DnsServerResponseType.Recursive; - return internalResponse; + return internalResponse; + } + catch (Exception ex) + { + _dnsServer.WriteLog("Failed to resolve the request for allowed domain name with QNAME: " + question.Name + "; QTYPE: " + question.Type + "; QCLASS: " + question.Class + "\r\n" + ex.ToString()); + } } return null; @@ -923,7 +931,7 @@ namespace AdvancedBlocking handler.UseProxy = _dnsServer.Proxy is not null; handler.AutomaticDecompression = DecompressionMethods.All; - using (HttpClient http = new HttpClient(handler)) + using (HttpClient http = new HttpClient(new HttpClientRetryHandler(handler))) { if (File.Exists(_listFilePath)) http.DefaultRequestHeaders.IfModifiedSince = File.GetLastWriteTimeUtc(_listFilePath); From 2920c418d70bf9fb8466c68795e2d261ad924199 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:12:34 +0530 Subject: [PATCH 20/30] AdvancedForwarding: Updated ProcessRequestAsync() to check if request has RD flag set before forwarding. --- Apps/AdvancedForwardingApp/App.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Apps/AdvancedForwardingApp/App.cs b/Apps/AdvancedForwardingApp/App.cs index bbed2e56..996a504b 100644 --- a/Apps/AdvancedForwardingApp/App.cs +++ b/Apps/AdvancedForwardingApp/App.cs @@ -164,7 +164,7 @@ namespace AdvancedForwarding public Task ProcessRequestAsync(DnsDatagram request, IPEndPoint remoteEP, DnsTransportProtocol protocol, bool isRecursionAllowed) { - if (!_enableForwarding) + if (!_enableForwarding || !request.RecursionDesired) return Task.FromResult(null); IPAddress remoteIP = remoteEP.Address; From 0ca9232a52176ca6a9767a554be846a9cffdab1d Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:13:21 +0530 Subject: [PATCH 21/30] BlockListZoneManager: updated UpdateBlockListsAsync() to perform http retries. --- DnsServerCore/Dns/ZoneManagers/BlockListZoneManager.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DnsServerCore/Dns/ZoneManagers/BlockListZoneManager.cs b/DnsServerCore/Dns/ZoneManagers/BlockListZoneManager.cs index 9862cca2..63f1b4e2 100644 --- a/DnsServerCore/Dns/ZoneManagers/BlockListZoneManager.cs +++ b/DnsServerCore/Dns/ZoneManagers/BlockListZoneManager.cs @@ -29,6 +29,7 @@ using TechnitiumLibrary.Net; using TechnitiumLibrary.Net.Dns; using TechnitiumLibrary.Net.Dns.EDnsOptions; using TechnitiumLibrary.Net.Dns.ResourceRecords; +using TechnitiumLibrary.Net.Http.Client; namespace DnsServerCore.Dns.ZoneManagers { @@ -392,7 +393,7 @@ namespace DnsServerCore.Dns.ZoneManagers handler.UseProxy = _dnsServer.Proxy is not null; handler.AutomaticDecompression = DecompressionMethods.All; - using (HttpClient http = new HttpClient(handler)) + using (HttpClient http = new HttpClient(new HttpClientRetryHandler(handler))) { if (File.Exists(listFilePath)) http.DefaultRequestHeaders.IfModifiedSince = File.GetLastWriteTimeUtc(listFilePath); From 611641dcedf7f880981d42d6a7576afb23a134a9 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:14:11 +0530 Subject: [PATCH 22/30] code refactoring changes --- DnsServerCore/Dns/Zones/ApexZone.cs | 7 +------ DnsServerCore/Dns/Zones/SecondaryZone.cs | 3 +-- DnsServerCore/Dns/Zones/StubZone.cs | 3 +-- 3 files changed, 3 insertions(+), 10 deletions(-) diff --git a/DnsServerCore/Dns/Zones/ApexZone.cs b/DnsServerCore/Dns/Zones/ApexZone.cs index 3017cfc9..0765ccfd 100644 --- a/DnsServerCore/Dns/Zones/ApexZone.cs +++ b/DnsServerCore/Dns/Zones/ApexZone.cs @@ -378,12 +378,7 @@ namespace DnsServerCore.Dns.Zones _notifyFailed.Add(nameServerHost); } - LogManager log = dnsServer.LogManager; - if (log is not null) - { - log.Write("DNS Server failed to notify name server '" + nameServerHost + "' for zone: " + (_name == "" ? "" : _name)); - log.Write(ex); - } + dnsServer.LogManager?.Write("DNS Server failed to notify name server '" + nameServerHost + "' for zone: " + (_name == "" ? "" : _name) + "\r\n" + ex.ToString()); } finally { diff --git a/DnsServerCore/Dns/Zones/SecondaryZone.cs b/DnsServerCore/Dns/Zones/SecondaryZone.cs index f015a6cc..a20f6585 100644 --- a/DnsServerCore/Dns/Zones/SecondaryZone.cs +++ b/DnsServerCore/Dns/Zones/SecondaryZone.cs @@ -507,8 +507,7 @@ namespace DnsServerCore.Dns.Zones strNameServers += ", " + nameServer.ToString(); } - log.Write("DNS Server failed to refresh '" + (_name == "" ? "" : _name) + "' secondary zone from: " + strNameServers); - log.Write(ex); + log.Write("DNS Server failed to refresh '" + (_name == "" ? "" : _name) + "' secondary zone from: " + strNameServers + "\r\n" + ex.ToString()); } return false; diff --git a/DnsServerCore/Dns/Zones/StubZone.cs b/DnsServerCore/Dns/Zones/StubZone.cs index 5e21f0e1..76a591ef 100644 --- a/DnsServerCore/Dns/Zones/StubZone.cs +++ b/DnsServerCore/Dns/Zones/StubZone.cs @@ -373,8 +373,7 @@ namespace DnsServerCore.Dns.Zones strNameServers += ", " + nameServer.ToString(); } - log.Write("DNS Server failed to refresh '" + (_name == "" ? "" : _name) + "' stub zone from: " + strNameServers); - log.Write(ex); + log.Write("DNS Server failed to refresh '" + (_name == "" ? "" : _name) + "' stub zone from: " + strNameServers + "\r\n" + ex.ToString()); } return false; From 0bcb233e1ca0e5806635fe52262d145cc1f06fb4 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:17:59 +0530 Subject: [PATCH 23/30] DnsServer: Updated ProcessUdpRequestAsync() to limit the response side to the configured udp payload size to limit amplification attack issue reported by Xiang Li. Updated ProcessAuthoritativeQueryAsync() to prevent conditional forwarding when request does not have RD flag set as reported by Xiang Li. --- DnsServerCore/Dns/DnsServer.cs | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/DnsServerCore/Dns/DnsServer.cs b/DnsServerCore/Dns/DnsServer.cs index 5a414a7e..306b52ef 100644 --- a/DnsServerCore/Dns/DnsServer.cs +++ b/DnsServerCore/Dns/DnsServer.cs @@ -88,7 +88,6 @@ namespace DnsServerCore.Dns #region variables - const int UDP_MAX_BUFFER_SIZE = 4096; internal const int MAX_CNAME_HOPS = 16; const int SERVE_STALE_WAIT_TIME = 1800; @@ -298,7 +297,7 @@ namespace DnsServerCore.Dns private async Task ReadUdpRequestAsync(Socket udpListener) { - byte[] recvBuffer = new byte[UDP_MAX_BUFFER_SIZE]; + byte[] recvBuffer = new byte[DnsDatagram.EDNS_MAX_UDP_PAYLOAD_SIZE]; using MemoryStream recvBufferStream = new MemoryStream(recvBuffer); try @@ -323,7 +322,7 @@ namespace DnsServerCore.Dns while (true) { - recvBufferStream.SetLength(UDP_MAX_BUFFER_SIZE); //resetting length before using buffer + recvBufferStream.SetLength(DnsDatagram.EDNS_MAX_UDP_PAYLOAD_SIZE); //resetting length before using buffer try { @@ -415,8 +414,8 @@ namespace DnsServerCore.Dns if (request.EDNS is null) sendBuffer = new byte[512]; - else if (request.EDNS.UdpPayloadSize > UDP_MAX_BUFFER_SIZE) - sendBuffer = new byte[UDP_MAX_BUFFER_SIZE]; + else if (request.EDNS.UdpPayloadSize > _udpPayloadSize) + sendBuffer = new byte[_udpPayloadSize]; else sendBuffer = new byte[request.EDNS.UdpPayloadSize]; @@ -1914,6 +1913,9 @@ namespace DnsServerCore.Dns break; case DnsResourceRecordType.FWD: + if (!request.RecursionDesired || !isRecursionAllowed) + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, request.RecursionDesired, isRecursionAllowed, false, false, DnsResponseCode.Refused, request.Question) { Tag = DnsServerResponseType.Authoritative }; + //do conditional forwarding return await ProcessRecursiveQueryAsync(request, remoteEP, protocol, response.Authority, _dnssecValidation, false, skipDnsAppAuthoritativeRequestHandlers); From caa5e950e02eae024e75fc51a83b53b51a62a0f6 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:20:05 +0530 Subject: [PATCH 24/30] WebServiceAppsApi: Updated StartAutomaticUpdate() to remote timeout that caused auto update to fail when server delays response. Updated GetStoreAppsJsonData() and DownloadAndUpdateAppAsync() to support optional http retries. Updated ListStoreApps() to have 30 sec timeout. --- DnsServerCore/WebServiceAppsApi.cs | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/DnsServerCore/WebServiceAppsApi.cs b/DnsServerCore/WebServiceAppsApi.cs index ed87c093..1a3a37c3 100644 --- a/DnsServerCore/WebServiceAppsApi.cs +++ b/DnsServerCore/WebServiceAppsApi.cs @@ -30,6 +30,7 @@ using System.Text.Json; using System.Threading; using System.Threading.Tasks; using TechnitiumLibrary; +using TechnitiumLibrary.Net.Http.Client; namespace DnsServerCore { @@ -92,7 +93,7 @@ namespace DnsServerCore _dnsWebService._log.Write("DNS Server has started automatic update check for DNS Apps."); - string storeAppsJsonData = await GetStoreAppsJsonData().WithTimeout(5000); + string storeAppsJsonData = await GetStoreAppsJsonData(true); using JsonDocument jsonDocument = JsonDocument.Parse(storeAppsJsonData); JsonElement jsonStoreAppsArray = jsonDocument.RootElement; @@ -129,7 +130,7 @@ namespace DnsServerCore { try { - await DownloadAndUpdateAppAsync(application.Name, url); + await DownloadAndUpdateAppAsync(application.Name, url, true); _dnsWebService._log.Write("DNS application '" + application.Name + "' was automatically updated successfully from: " + url); } @@ -163,7 +164,7 @@ namespace DnsServerCore } } - private async Task GetStoreAppsJsonData() + private async Task GetStoreAppsJsonData(bool doRetry) { if ((_storeAppsJsonData is null) || (DateTime.UtcNow > _storeAppsJsonDataUpdatedOn.AddSeconds(STORE_APPS_JSON_DATA_CACHE_TIME_SECONDS))) { @@ -172,7 +173,7 @@ namespace DnsServerCore handler.UseProxy = _dnsWebService.DnsServer.Proxy is not null; handler.AutomaticDecompression = DecompressionMethods.All; - using (HttpClient http = new HttpClient(handler)) + using (HttpClient http = new HttpClient(doRetry ? new HttpClientRetryHandler(handler) : handler)) { _storeAppsJsonData = await http.GetStringAsync(_appStoreUri); _storeAppsJsonDataUpdatedOn = DateTime.UtcNow; @@ -182,7 +183,7 @@ namespace DnsServerCore return _storeAppsJsonData; } - private async Task DownloadAndUpdateAppAsync(string applicationName, string url) + private async Task DownloadAndUpdateAppAsync(string applicationName, string url, bool doRetry) { string tmpFile = Path.GetTempFileName(); try @@ -195,7 +196,7 @@ namespace DnsServerCore handler.UseProxy = _dnsWebService.DnsServer.Proxy is not null; handler.AutomaticDecompression = DecompressionMethods.All; - using (HttpClient http = new HttpClient(handler)) + using (HttpClient http = new HttpClient(doRetry ? new HttpClientRetryHandler(handler) : handler)) { using (Stream httpStream = await http.GetStreamAsync(url)) { @@ -334,7 +335,7 @@ namespace DnsServerCore { try { - string storeAppsJsonData = await GetStoreAppsJsonData().WithTimeout(5000); + string storeAppsJsonData = await GetStoreAppsJsonData(false).WithTimeout(5000); jsonDocument = JsonDocument.Parse(storeAppsJsonData); jsonStoreAppsArray = jsonDocument.RootElement; } @@ -369,7 +370,7 @@ namespace DnsServerCore if (!_dnsWebService._authManager.IsPermitted(PermissionSection.Apps, session.User, PermissionFlag.View)) throw new DnsWebServiceException("Access was denied."); - string storeAppsJsonData = await GetStoreAppsJsonData(); + string storeAppsJsonData = await GetStoreAppsJsonData(false).WithTimeout(30000); using JsonDocument jsonDocument = JsonDocument.Parse(storeAppsJsonData); JsonElement jsonStoreAppsArray = jsonDocument.RootElement; @@ -508,7 +509,7 @@ namespace DnsServerCore if (!url.StartsWith("https://", StringComparison.OrdinalIgnoreCase)) throw new DnsWebServiceException("Parameter 'url' value must start with 'https://'."); - DnsApplication application = await DownloadAndUpdateAppAsync(name, url); + DnsApplication application = await DownloadAndUpdateAppAsync(name, url, false); _dnsWebService._log.Write(context.GetRemoteEndPoint(), "[" + session.User.Username + "] DNS application '" + name + "' was updated successfully from: " + url); From 9cd47c79b11b2edc0616187f569bf080553876f4 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:21:31 +0530 Subject: [PATCH 25/30] WebServiceSettingsApi: updated SetDnsSettings() to fix issue causing double block list update trigger. Other minor code refactoring changes done. --- DnsServerCore/WebServiceSettingsApi.cs | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/DnsServerCore/WebServiceSettingsApi.cs b/DnsServerCore/WebServiceSettingsApi.cs index cebbc06c..4bade4be 100644 --- a/DnsServerCore/WebServiceSettingsApi.cs +++ b/DnsServerCore/WebServiceSettingsApi.cs @@ -169,8 +169,7 @@ namespace DnsServerCore } catch (Exception ex) { - _dnsWebService._log.Write("Failed to restart DNS service."); - _dnsWebService._log.Write(ex); + _dnsWebService._log.Write("Failed to restart DNS service.\r\n" + ex.ToString()); } }); } @@ -192,8 +191,7 @@ namespace DnsServerCore } catch (Exception ex) { - _dnsWebService._log.Write("Failed to restart web service."); - _dnsWebService._log.Write(ex); + _dnsWebService._log.Write("Failed to restart web service.\r\n" + ex.ToString()); } }); } @@ -1188,10 +1186,10 @@ namespace DnsServerCore //blocklist timers if ((_blockListUpdateIntervalHours > 0) && ((_dnsWebService.DnsServer.BlockListZoneManager.AllowListUrls.Count + _dnsWebService.DnsServer.BlockListZoneManager.BlockListUrls.Count) > 0)) { - if (blockListUrlsUpdated || (_blockListUpdateTimer is null)) + if (_blockListUpdateTimer is null) + StartBlockListUpdateTimer(); + else if (blockListUrlsUpdated) ForceUpdateBlockLists(); - - StartBlockListUpdateTimer(); } else { From b87296309003c1484e23f71f6abe46eea48db981 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 15:22:02 +0530 Subject: [PATCH 26/30] build.md: minor fix. --- build.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.md b/build.md index a10e369a..d2baaee0 100644 --- a/build.md +++ b/build.md @@ -36,7 +36,7 @@ $ sudo apt-add-repository https://packages.microsoft.com/debian/11/prod $ sudo apt update ``` -3. Install ASP.NET Core 7 runtime and `libmsquic` for DNS-over-QUIC support. +3. Install ASP.NET Core 7 SDK and `libmsquic` for DNS-over-QUIC support. ``` $ sudo apt install dotnet-sdk-7.0 libmsquic -y ``` From d2432cb983b6d51981eb88e4f24b9f4fcf4653b9 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 17:02:44 +0530 Subject: [PATCH 27/30] app assembly version updated for release. --- Apps/AdvancedBlockingApp/AdvancedBlockingApp.csproj | 2 +- Apps/AdvancedForwardingApp/AdvancedForwardingApp.csproj | 2 +- Apps/BlockPageApp/BlockPageApp.csproj | 2 +- Apps/DnsBlockListApp/DnsBlockListApp.csproj | 2 +- Apps/FailoverApp/FailoverApp.csproj | 2 +- Apps/GeoContinentApp/GeoContinentApp.csproj | 2 +- Apps/GeoCountryApp/GeoCountryApp.csproj | 2 +- Apps/GeoDistanceApp/GeoDistanceApp.csproj | 2 +- Apps/NoDataApp/NoDataApp.csproj | 2 +- Apps/SplitHorizonApp/SplitHorizonApp.csproj | 2 +- Apps/WhatIsMyDnsApp/WhatIsMyDnsApp.csproj | 2 +- Apps/WildIpApp/WildIpApp.csproj | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/Apps/AdvancedBlockingApp/AdvancedBlockingApp.csproj b/Apps/AdvancedBlockingApp/AdvancedBlockingApp.csproj index 8b246742..185a1045 100644 --- a/Apps/AdvancedBlockingApp/AdvancedBlockingApp.csproj +++ b/Apps/AdvancedBlockingApp/AdvancedBlockingApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 5.0.1 + 5.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/AdvancedForwardingApp/AdvancedForwardingApp.csproj b/Apps/AdvancedForwardingApp/AdvancedForwardingApp.csproj index ffae889c..494012c6 100644 --- a/Apps/AdvancedForwardingApp/AdvancedForwardingApp.csproj +++ b/Apps/AdvancedForwardingApp/AdvancedForwardingApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 1.0.1 + 1.0.2 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/BlockPageApp/BlockPageApp.csproj b/Apps/BlockPageApp/BlockPageApp.csproj index 8992c987..3f2bceca 100644 --- a/Apps/BlockPageApp/BlockPageApp.csproj +++ b/Apps/BlockPageApp/BlockPageApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 4.0 + 4.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/DnsBlockListApp/DnsBlockListApp.csproj b/Apps/DnsBlockListApp/DnsBlockListApp.csproj index 02c9578a..c50a5fad 100644 --- a/Apps/DnsBlockListApp/DnsBlockListApp.csproj +++ b/Apps/DnsBlockListApp/DnsBlockListApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 1.0 + 1.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/FailoverApp/FailoverApp.csproj b/Apps/FailoverApp/FailoverApp.csproj index 63a84a75..704e6963 100644 --- a/Apps/FailoverApp/FailoverApp.csproj +++ b/Apps/FailoverApp/FailoverApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 6.0 + 6.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/GeoContinentApp/GeoContinentApp.csproj b/Apps/GeoContinentApp/GeoContinentApp.csproj index 6b6cf7cf..6af51a5c 100644 --- a/Apps/GeoContinentApp/GeoContinentApp.csproj +++ b/Apps/GeoContinentApp/GeoContinentApp.csproj @@ -4,7 +4,7 @@ net7.0 false true - 6.0 + 6.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/GeoCountryApp/GeoCountryApp.csproj b/Apps/GeoCountryApp/GeoCountryApp.csproj index 1fec56aa..bb3a1117 100644 --- a/Apps/GeoCountryApp/GeoCountryApp.csproj +++ b/Apps/GeoCountryApp/GeoCountryApp.csproj @@ -4,7 +4,7 @@ net7.0 false true - 6.0 + 6.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/GeoDistanceApp/GeoDistanceApp.csproj b/Apps/GeoDistanceApp/GeoDistanceApp.csproj index 65b478e1..e9c59419 100644 --- a/Apps/GeoDistanceApp/GeoDistanceApp.csproj +++ b/Apps/GeoDistanceApp/GeoDistanceApp.csproj @@ -4,7 +4,7 @@ net7.0 false true - 6.0 + 6.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/NoDataApp/NoDataApp.csproj b/Apps/NoDataApp/NoDataApp.csproj index 8f867a97..9a528ac8 100644 --- a/Apps/NoDataApp/NoDataApp.csproj +++ b/Apps/NoDataApp/NoDataApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 2.0 + 2.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/SplitHorizonApp/SplitHorizonApp.csproj b/Apps/SplitHorizonApp/SplitHorizonApp.csproj index 07111f5f..fb9bdf58 100644 --- a/Apps/SplitHorizonApp/SplitHorizonApp.csproj +++ b/Apps/SplitHorizonApp/SplitHorizonApp.csproj @@ -3,7 +3,7 @@ net7.0 false - 6.0 + 6.0.1 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/WhatIsMyDnsApp/WhatIsMyDnsApp.csproj b/Apps/WhatIsMyDnsApp/WhatIsMyDnsApp.csproj index 12682d73..0761f089 100644 --- a/Apps/WhatIsMyDnsApp/WhatIsMyDnsApp.csproj +++ b/Apps/WhatIsMyDnsApp/WhatIsMyDnsApp.csproj @@ -4,7 +4,7 @@ net7.0 false true - 5.0.1 + 5.0.2 Technitium Technitium DNS Server Shreyas Zare diff --git a/Apps/WildIpApp/WildIpApp.csproj b/Apps/WildIpApp/WildIpApp.csproj index 00afeca9..5270c3b7 100644 --- a/Apps/WildIpApp/WildIpApp.csproj +++ b/Apps/WildIpApp/WildIpApp.csproj @@ -4,7 +4,7 @@ net7.0 false true - 2.1 + 2.1.1 Technitium Technitium DNS Server Shreyas Zare From 552e2bef361ca6a97c3c2eb8fd5fe0810d4ee497 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 17:03:15 +0530 Subject: [PATCH 28/30] inno: updated version to 11.0.3 --- DnsServerWindowsSetup/DnsServerSetup.iss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DnsServerWindowsSetup/DnsServerSetup.iss b/DnsServerWindowsSetup/DnsServerSetup.iss index 0757a484..8f61eadd 100644 --- a/DnsServerWindowsSetup/DnsServerSetup.iss +++ b/DnsServerWindowsSetup/DnsServerSetup.iss @@ -2,7 +2,7 @@ ; SEE THE DOCUMENTATION FOR DETAILS ON CREATING INNO SETUP SCRIPT FILES! #define MyAppName "Technitium DNS Server" -#define MyAppVersion "11.0.2" +#define MyAppVersion "11.0.3" #define MyAppPublisher "Technitium" #define MyAppURL "https://technitium.com/dns/" #define MyAppExeName "DnsServerSystemTrayApp.exe" From b3fe4ed302646144eb179b5ef0fdcf2b25e1e1fa Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 17:03:40 +0530 Subject: [PATCH 29/30] assembly version updated to v11.0.3 --- DnsServerApp/DnsServerApp.csproj | 2 +- DnsServerCore/DnsServerCore.csproj | 2 +- DnsServerWindowsService/DnsServerWindowsService.csproj | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/DnsServerApp/DnsServerApp.csproj b/DnsServerApp/DnsServerApp.csproj index 58b95638..64009d38 100644 --- a/DnsServerApp/DnsServerApp.csproj +++ b/DnsServerApp/DnsServerApp.csproj @@ -6,7 +6,7 @@ Exe net7.0 logo2.ico - 11.0.2 + 11.0.3 Technitium Technitium DNS Server Shreyas Zare diff --git a/DnsServerCore/DnsServerCore.csproj b/DnsServerCore/DnsServerCore.csproj index 5ad4690e..1ccbf207 100644 --- a/DnsServerCore/DnsServerCore.csproj +++ b/DnsServerCore/DnsServerCore.csproj @@ -12,7 +12,7 @@ DnsServer - 11.0.2 + 11.0.3 diff --git a/DnsServerWindowsService/DnsServerWindowsService.csproj b/DnsServerWindowsService/DnsServerWindowsService.csproj index e9dd263e..9d945205 100644 --- a/DnsServerWindowsService/DnsServerWindowsService.csproj +++ b/DnsServerWindowsService/DnsServerWindowsService.csproj @@ -8,7 +8,7 @@ DnsServerWindowsService DnsService logo2.ico - 11.0.2 + 11.0.3 Shreyas Zare Technitium Technitium DNS Server From 942b0b4205a7fa08faef27996944d5c411b6599a Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 11 Mar 2023 17:04:51 +0530 Subject: [PATCH 30/30] updated changelog for v11.0.3 release. --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 837a61f7..3caac284 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,16 @@ # Technitium DNS Server Change Log +## Version 11.0.3 +Release Date: 11 March 2023 + +- Fixed DoS vulnerability reported by Xiang Li, [Network and Information Security Lab, Tsinghua University](https://netsec.ccert.edu.cn/) that an attacker can use to send bad-formatted UDP packet to cause the outbound requests to fail to resolve due to insufficient validation. +- Fixed issue reported by Xiang Li, [Network and Information Security Lab, Tsinghua University](https://netsec.ccert.edu.cn/) that caused conditional forwarder to not honoring RD flag in requests. +- Fixed issue reported by Xiang Li, [Network and Information Security Lab, Tsinghua University](https://netsec.ccert.edu.cn/) that made amplification attacks more effective due to max 4096 bytes limit for responses. +- Fixed issue in loading of Allowed and Blocked zones that resulted in loading to take too much time caused due to indexing feature added in last update for authoritative zones. +- Updated DNS server UDP response processing to remove glue records for MX responses and try again to send it instead of sending a truncated response that was causing issue with some old mail servers that did not perform follow up request over TCP. +- Block Page App: Updated the app to support option to disable the web server without requiring to uninstall the app to stop the web server. +- Multiple other minor bug fixes and improvements. + ## Version 11.0.2 Release Date: 26 February 2023
#NameTypeTTLData#NameTypeTTLData