From e9e5c700f095385ca18d8a654517785ff570acad Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Sat, 7 Dec 2019 23:25:32 +0100
Subject: [PATCH] Add ignore_unqualified_hostnames

---
 example-encrypted-dns.toml |  4 ++++
 src/config.rs              |  1 +
 src/globals.rs             |  1 +
 src/main.rs                |  5 +++++
 src/resolver.rs            | 10 ++--------
 5 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/example-encrypted-dns.toml b/example-encrypted-dns.toml
index f0edcae..10d068d 100644
--- a/example-encrypted-dns.toml
+++ b/example-encrypted-dns.toml
@@ -178,6 +178,10 @@ key_cache_capacity = 10000
 # undelegated_list = "/etc/undelegated.txt"
 
 
+## Ignore A and AAAA queries for unqualified host names.
+
+# ignore_unqualified_hostnames = true
+
 
 #########################
 #        Metrics        #
diff --git a/src/config.rs b/src/config.rs
index 680fed0..33ff323 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -49,6 +49,7 @@ pub struct ListenAddrConfig {
 pub struct FilteringConfig {
     pub domain_blacklist: Option<PathBuf>,
     pub undelegated_list: Option<PathBuf>,
+    pub ignore_unqualified_hostnames: Option<bool>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Clone)]
diff --git a/src/globals.rs b/src/globals.rs
index 48ae930..761728c 100644
--- a/src/globals.rs
+++ b/src/globals.rs
@@ -42,6 +42,7 @@ pub struct Globals {
     pub cert_cache: Cache,
     pub blacklist: Option<BlackList>,
     pub undelegated_list: Option<BlackList>,
+    pub ignore_unqualified_hostnames: bool,
     pub anonymized_dns_enabled: bool,
     pub anonymized_dns_allowed_ports: Vec<u16>,
     pub anonymized_dns_allow_non_reserved_ports: bool,
diff --git a/src/main.rs b/src/main.rs
index 70b0652..a293803 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -628,6 +628,10 @@ fn main() -> Result<(), Error> {
             )
         })?),
     };
+    let ignore_unqualified_hostnames = config
+        .filtering
+        .ignore_unqualified_hostnames
+        .unwrap_or(true);
     let (
         anonymized_dns_enabled,
         anonymized_dns_allowed_ports,
@@ -673,6 +677,7 @@ fn main() -> Result<(), Error> {
         cert_cache,
         blacklist,
         undelegated_list,
+        ignore_unqualified_hostnames,
         anonymized_dns_enabled,
         anonymized_dns_allowed_ports,
         anonymized_dns_allow_non_reserved_ports,
diff --git a/src/resolver.rs b/src/resolver.rs
index 0d41676..3f20cc5 100644
--- a/src/resolver.rs
+++ b/src/resolver.rs
@@ -172,16 +172,10 @@ pub async fn get_cached_response_or_resolve(
     }
     let tld = dns::qname_tld(&packet_qname);
     let synthesize_nxdomain = {
-        if tld.len() == packet_qname.len() {
+        if globals.ignore_unqualified_hostnames && tld.len() == packet_qname.len() {
             let (qtype, qclass) = dns::qtype_qclass(&packet)?;
-            if qtype == dns::DNS_CLASS_INET
+            qtype == dns::DNS_CLASS_INET
                 && (qclass == dns::DNS_TYPE_A || qclass == dns::DNS_TYPE_AAAA)
-            {
-                dbg!(String::from_utf8_lossy(&packet_qname));
-                true
-            } else {
-                false
-            }
         } else if let Some(undelegated_list) = &globals.undelegated_list {
             undelegated_list.find(tld)
         } else {