From ed570b08ac7293e8d9795ac6059615919ff0fd83 Mon Sep 17 00:00:00 2001
From: Jeff Carr <jcarr@wit.com>
Date: Sat, 4 May 2019 23:20:34 -0700
Subject: [PATCH] Closes the socket if the IPv6 address does not match the
 hostname

Signed-off-by: Jeff Carr <jcarr@wit.com>
---
 server/server.go | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/server/server.go b/server/server.go
index 7ab7005..422cd32 100644
--- a/server/server.go
+++ b/server/server.go
@@ -5,11 +5,12 @@
 
 package main
 
-import "bufio"
 // import "fmt"
+// import "os"
+
+import "bufio"
 import "math/rand"
 import "net"
-// import "os"
 import "strconv"
 import "strings"
 import "time"
@@ -78,7 +79,9 @@ func random() int {
 
 func getRemoteAddr(c net.Conn) string {
 	clientAddr := c.RemoteAddr().String()
-	return clientAddr
+	parts := strings.Split(clientAddr, "]")
+	ipv6 := parts[0]
+	return ipv6[2:]
 }
 
 //
@@ -103,6 +106,15 @@ func handleConnection(c net.Conn) {
 	ipaddr := dns.Field(dnsRR, 1)
 	log.Println("Client claims to be:   ", ipaddr)
 	log.Println("Serving to IPv6 client:", ipv6client)
+	if (ipaddr != ipv6client) {
+		log.Println()
+		log.Println("DNSSEC ERROR: client IPv6 does not work")
+		log.Println("DNSSEC ERROR: client IPv6 does not work")
+		log.Println("DNSSEC ERROR: client IPv6 does not work")
+		log.Println()
+		c.Close()
+		return
+	}
 
 	for {
 		netData, err := bufio.NewReader(c).ReadString('\n')