[rbldnsd] AAAA Queries?

Fri Jul 28 21:49:05 MSD 2006

On Fri, Jul 28, 2006 at 12:41:33PM -0500, Steven F Siirila wrote:

> We are currently using this snippet to query DNSbls.
> We do not yet run IPv6 though, so it shouldn't be an issue anyways.
> 
> #define UC(b)   (((int)b) & 0xff)       /* converts char to int (0-255) */
> 
> /*
>  * dnsbl - read DNS block list data
>  */
> struct hostent *
> dnsbl(char *domain, in_addr_t ipaddr)
> {
>     char *cp;                           /* general purpose */
>     char hbuf[MAXHOSTNAMELEN];          /* temporary host name buffer */
>     struct hostent *hp;                 /* host node pointer */
> 
>     cp = (char *)&ipaddr;
>     sprintf(hbuf, "%d.%d.%d.%d.%s",
>             UC(cp[3]), UC(cp[2]), UC(cp[1]), UC(cp[0]), domain);
>     if (debug) {
>         errmsg("Querying %s", hbuf);
>     }
>     if ((hp = gethostbyname(hbuf)) == NULL && h_errno == TRY_AGAIN) {
>         errmsg("Temporary error querying %s", domain);
>     }
>     return(hp);
> }

This code is wrong, it will make queries for "IP.RBL.<parent_domain>" for
each domain on your search list. It will on IPv6 capable systems make
"AAAA" queries, ... It is not capable of reading the corresponding TXT
record. Rewrite using res_init(3), res_search(3), ...

-- 

 /"\ ASCII RIBBON                  NOTICE: If received in error,
 \ / CAMPAIGN     Victor Duchovni  please destroy and notify
  X AGAINST       IT Security,     sender. Sender does not waive
 / \ HTML MAIL    Morgan Stanley   confidentiality or privilege,
                                   and use is prohibited.