1 package dns 2 3 // MsgAcceptFunc is used early in the server code to accept or reject a message with RcodeFormatError. 4 // It returns a MsgAcceptAction to indicate what should happen with the message. 5 type MsgAcceptFunc func(dh Header) MsgAcceptAction 6 7 // DefaultMsgAcceptFunc checks the request and will reject if: 8 // 9 // * isn't a request (don't respond in that case) 10 // 11 // * opcode isn't OpcodeQuery or OpcodeNotify 12 // 13 // * does not have exactly 1 question in the question section 14 // 15 // * has more than 1 RR in the Answer section 16 // 17 // * has more than 0 RRs in the Authority section 18 // 19 // * has more than 2 RRs in the Additional section 20 var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc 21 22 // MsgAcceptAction represents the action to be taken. 23 type MsgAcceptAction int 24 25 // Allowed returned values from a MsgAcceptFunc. 26 const ( 27 MsgAccept MsgAcceptAction = iota // Accept the message 28 MsgReject // Reject the message with a RcodeFormatError 29 MsgIgnore // Ignore the error and send nothing back. 30 MsgRejectNotImplemented // Reject the message with a RcodeNotImplemented 31 ) 32 33 func defaultMsgAcceptFunc(dh Header) MsgAcceptAction { 34 if isResponse := dh.Bits&_QR != 0; isResponse { 35 return MsgIgnore 36 } 37 38 // Don't allow dynamic updates, because then the sections can contain a whole bunch of RRs. 39 opcode := int(dh.Bits>>11) & 0xF 40 if opcode != OpcodeQuery && opcode != OpcodeNotify { 41 return MsgRejectNotImplemented 42 } 43 44 if dh.Qdcount != 1 { 45 return MsgReject 46 } 47 // NOTIFY requests can have a SOA in the ANSWER section. See RFC 1996 Section 3.7 and 3.11. 48 if dh.Ancount > 1 { 49 return MsgReject 50 } 51 // IXFR request could have one SOA RR in the NS section. See RFC 1995, section 3. 52 if dh.Nscount > 1 { 53 return MsgReject 54 } 55 if dh.Arcount > 2 { 56 return MsgReject 57 } 58 return MsgAccept 59 } 60