summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/unwind/resolver.c122
1 files changed, 121 insertions, 1 deletions
diff --git a/sbin/unwind/resolver.c b/sbin/unwind/resolver.c
index cec582de1b7..57c32fbfc75 100644
--- a/sbin/unwind/resolver.c
+++ b/sbin/unwind/resolver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: resolver.c,v 1.51 2019/11/03 09:46:11 otto Exp $ */
+/* $OpenBSD: resolver.c,v 1.52 2019/11/03 18:15:26 florian Exp $ */
/*
* Copyright (c) 2018 Florian Obser <florian@openbsd.org>
@@ -167,6 +167,104 @@ struct event_base *ev_base;
enum captive_portal_state captive_portal_state = PORTAL_UNCHECKED;
+static const char * const as112_zones[] = {
+ /* RFC1918 */
+ "10.in-addr.arpa. transparent",
+ "16.172.in-addr.arpa. transparent",
+ "31.172.in-addr.arpa. transparent",
+ "168.192.in-addr.arpa. transparent",
+
+ /* RFC3330 */
+ "0.in-addr.arpa. transparent",
+ "254.169.in-addr.arpa. transparent",
+ "2.0.192.in-addr.arpa. transparent",
+ "100.51.198.in-addr.arpa. transparent",
+ "113.0.203.in-addr.arpa. transparent",
+ "255.255.255.255.in-addr.arpa. transparent",
+
+ /* RFC6598 */
+ "64.100.in-addr.arpa. transparent",
+ "65.100.in-addr.arpa. transparent",
+ "66.100.in-addr.arpa. transparent",
+ "67.100.in-addr.arpa. transparent",
+ "68.100.in-addr.arpa. transparent",
+ "69.100.in-addr.arpa. transparent",
+ "70.100.in-addr.arpa. transparent",
+ "71.100.in-addr.arpa. transparent",
+ "72.100.in-addr.arpa. transparent",
+ "73.100.in-addr.arpa. transparent",
+ "74.100.in-addr.arpa. transparent",
+ "75.100.in-addr.arpa. transparent",
+ "76.100.in-addr.arpa. transparent",
+ "77.100.in-addr.arpa. transparent",
+ "78.100.in-addr.arpa. transparent",
+ "79.100.in-addr.arpa. transparent",
+ "80.100.in-addr.arpa. transparent",
+ "81.100.in-addr.arpa. transparent",
+ "82.100.in-addr.arpa. transparent",
+ "83.100.in-addr.arpa. transparent",
+ "84.100.in-addr.arpa. transparent",
+ "85.100.in-addr.arpa. transparent",
+ "86.100.in-addr.arpa. transparent",
+ "87.100.in-addr.arpa. transparent",
+ "88.100.in-addr.arpa. transparent",
+ "89.100.in-addr.arpa. transparent",
+ "90.100.in-addr.arpa. transparent",
+ "91.100.in-addr.arpa. transparent",
+ "92.100.in-addr.arpa. transparent",
+ "93.100.in-addr.arpa. transparent",
+ "94.100.in-addr.arpa. transparent",
+ "95.100.in-addr.arpa. transparent",
+ "96.100.in-addr.arpa. transparent",
+ "97.100.in-addr.arpa. transparent",
+ "98.100.in-addr.arpa. transparent",
+ "99.100.in-addr.arpa. transparent",
+ "100.100.in-addr.arpa. transparent",
+ "101.100.in-addr.arpa. transparent",
+ "102.100.in-addr.arpa. transparent",
+ "103.100.in-addr.arpa. transparent",
+ "104.100.in-addr.arpa. transparent",
+ "105.100.in-addr.arpa. transparent",
+ "106.100.in-addr.arpa. transparent",
+ "107.100.in-addr.arpa. transparent",
+ "108.100.in-addr.arpa. transparent",
+ "109.100.in-addr.arpa. transparent",
+ "110.100.in-addr.arpa. transparent",
+ "111.100.in-addr.arpa. transparent",
+ "112.100.in-addr.arpa. transparent",
+ "113.100.in-addr.arpa. transparent",
+ "114.100.in-addr.arpa. transparent",
+ "115.100.in-addr.arpa. transparent",
+ "116.100.in-addr.arpa. transparent",
+ "117.100.in-addr.arpa. transparent",
+ "118.100.in-addr.arpa. transparent",
+ "119.100.in-addr.arpa. transparent",
+ "120.100.in-addr.arpa. transparent",
+ "121.100.in-addr.arpa. transparent",
+ "122.100.in-addr.arpa. transparent",
+ "123.100.in-addr.arpa. transparent",
+ "124.100.in-addr.arpa. transparent",
+ "125.100.in-addr.arpa. transparent",
+ "126.100.in-addr.arpa. transparent",
+ "127.100.in-addr.arpa. transparent",
+
+ /* RFC4291 */
+ "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0."
+ "ip6.arpa. transparent",
+
+ /* RFC4193 */
+ "D.F.ip6.arpa. transparent",
+
+ /* RFC4291 */
+ "8.E.F.ip6.arpa. transparent",
+ "9.E.F.ip6.arpa. transparent",
+ "A.E.F.ip6.arpa. transparent",
+ "B.E.F.ip6.arpa. transparent",
+
+ /* RFC3849 */
+ "8.B.D.0.1.0.0.2.ip6.arpa. transparent"
+};
+
void
resolver_sig_handler(int sig, short event, void *arg)
{
@@ -887,6 +985,7 @@ create_resolver(enum uw_resolver_type type, int oppdot)
struct uw_resolver *res;
struct trust_anchor *ta;
struct uw_forwarder *uw_forwarder;
+ size_t i;
int err;
char *resolv_conf = NULL, *tmp = NULL;
@@ -1019,6 +1118,27 @@ create_resolver(enum uw_resolver_type type, int oppdot)
break;
}
+ /* for the forwarder cases allow AS112 zones */
+ switch(res->type) {
+ case UW_RES_DHCP:
+ case UW_RES_FORWARDER:
+ case UW_RES_DOT:
+ for (i = 0; i < nitems(as112_zones); i++) {
+ log_debug("%s", as112_zones[i]);
+ if((err = ub_ctx_set_option(res->ctx, "local-zone:",
+ as112_zones[i])) != 0) {
+ ub_ctx_delete(res->ctx);
+ free(res);
+ log_warnx("error setting local-zone: %s: %s",
+ as112_zones[i], ub_strerror(err));
+ return (NULL);
+ }
+ }
+ break;
+ default:
+ break;
+ }
+
return (res);
}