{
int len = Ustrlen(domain);
int asize = size; /* Locally modified */
-uschar *endname;
uschar name[256];
uschar utilname[256];
uschar *aptr = answerptr; /* Locally modified */
if (domain[len - 1] == '.') len--;
Ustrncpy(name, domain, len);
name[len] = 0;
-endname = name + len;
/* Look for the fakens utility, and if it exists, call it. */
asize -= rc; /* may need to be passed on to res_search(). */
}
- /* If we ran out of output buffer before exhasting the return,
+ /* If we ran out of output buffer before exhausting the return,
carry on reading and counting it. */
if (asize == 0)
dnss->aptr += namelen;
GETSHORT(dnss->srr.type, dnss->aptr); /* Record type */
-dnss->aptr += 6; /* Don't want class or TTL */
+dnss->aptr += 2; /* Don't want class */
+GETLONG(dnss->srr.ttl, dnss->aptr); /* TTL */
GETSHORT(dnss->srr.size, dnss->aptr); /* Size of data portion */
dnss->srr.data = dnss->aptr; /* The record's data follows */
dnss->aptr += dnss->srr.size; /* Advance to next RR */
}
-/* Extract the AUTHORITY info from the answer. If the
-answer isn't authoritive (AA) we do not extract anything.
-We've to search for SOA or NS records, since there may be
-other records (e.g. NSEC3) too.
-*/
+/* Extract the AUTHORITY information from the answer. If the
+answer isn't authoritive (AA not set), we do not extract anything.
+
+The AUTHORITIVE section contains NS records if
+the name in question was found, it contains a SOA record
+otherwise. (This is just from experience and some tests, is there
+some spec?)
+
+We've cycle through the AUTHORITY section, since it may contain
+other records (e.g. NSEC3) too. */
static const uschar *
dns_extract_auth_name(const dns_answer * dnsa) /* FIXME: const dns_answer */
for (rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_AUTHORITY);
rr;
rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_NEXT))
- if (rr->type == T_SOA || rr->type == T_NS) return rr->name;
+ if (rr->type == (h->ancount ? T_NS : T_SOA)) return rr->name;
return NULL;
}
if ( !h->aa
|| !dns_trust_aa
- || !*(trusted = expand_string(dns_trust_aa))
+ || !(trusted = expand_string(dns_trust_aa))
+ || !*trusted
|| !(auth_name = dns_extract_auth_name(dnsa))
|| OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL,
- MCL_DOMAIN, TRUE, NULL)
+ MCL_DOMAIN, TRUE, NULL)
)
return FALSE;
* Get address(es) from DNS record *
*************************************************/
-/* The record type is either T_A for an IPv4 address or T_AAAA (or T_A6 when
-supported) for an IPv6 address.
+/* The record type is either T_A for an IPv4 address or T_AAAA for an IPv6 address.
Argument:
dnsa the DNS answer block
{
if (rr->data + 16 <= dnsa_lim)
{
+ struct in6_addr in6;
+ int i;
+ for (i = 0; i < 16; i++) in6.__in6_u.__u6_addr8[i] = rr->data[i];
yield = store_get(sizeof(dns_address) + 50);
- inet_ntop(AF_INET6, US rr->data, CS yield->address, 50);
+ inet_ntop(AF_INET6, &in6, CS yield->address, 50);
yield->next = NULL;
}
}