From 39105e8e96606e95e6aa18806aad00d470098c17 Mon Sep 17 00:00:00 2001 From: Darren Date: Mon, 9 Dec 2013 23:51:58 +0000 Subject: [PATCH] Verifying reverse DNS lookups --- server/weblistener.js | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/server/weblistener.js b/server/weblistener.js index 3f56682..c5587e7 100644 --- a/server/weblistener.js +++ b/server/weblistener.js @@ -124,7 +124,8 @@ function rangeCheck(addr, range) { */ function initialiseSocket(socket, callback) { var request = socket.request, - address = request.connection.remoteAddress; + address = request.connection.remoteAddress, + revdns; // Key/val data stored to the socket to be read later on // May also be synced to a redis DB to lookup clients @@ -155,15 +156,32 @@ function initialiseSocket(socket, callback) { try { dns.reverse(address, function (err, domains) { - if (err || domains.length === 0) { + if (!err && domains.length > 0) { + revdns = _.first(domains); + } + + if (!revdns) { + // No reverse DNS found, use the IP socket.meta.revdns = address; + callback(null, true); + } else { - socket.meta.revdns = _.first(domains) || address; + // Make sure the reverse DNS matches the A record to use the hostname.. + dns.lookup(revdns, function (err, ip_address, family) { + if (!err && ip_address == address) { + // A record matches PTR, perfectly valid hostname + socket.meta.revdns = revdns; + } else { + // A record does not match the PTR, invalid hostname + socket.meta.revdns = address; + } + + // We have all the info we need, proceed with the connection + callback(null, true); + }); } - - // All is well, authorise the connection - callback(null, true); }); + } catch (err) { socket.meta.revdns = address; callback(null, true); -- 2.25.1