jcarr
/
dnssecsocket
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Closes the socket if the IPv6 address does not match the hostname 

Signed-off-by: Jeff Carr <jcarr@wit.com>
This commit is contained in:
Jeff Carr 2019-05-04 23:20:34 -07:00
parent 678d005061
commit ed570b08ac
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
server/server.go
View File

@ -5,11 +5,12 @@
package main
import "bufio"
// import "fmt"
// import "os"
import "bufio"
import "math/rand"
import "net"
// import "os"
import "strconv"
import "strings"
import "time"
@ -78,7 +79,9 @@ func random() int {
func getRemoteAddr(c net.Conn) string {
clientAddr := c.RemoteAddr().String()
return clientAddr
parts := strings.Split(clientAddr, "]")
ipv6 := parts[0]
return ipv6[2:]
}
//
@ -103,6 +106,15 @@ func handleConnection(c net.Conn) {
ipaddr := dns.Field(dnsRR, 1)
log.Println("Client claims to be: ", ipaddr)
log.Println("Serving to IPv6 client:", ipv6client)
if (ipaddr != ipv6client) {
log.Println()
log.Println("DNSSEC ERROR: client IPv6 does not work")
log.Println("DNSSEC ERROR: client IPv6 does not work")
log.Println("DNSSEC ERROR: client IPv6 does not work")
log.Println()
c.Close()
return
}
for {
netData, err := bufio.NewReader(c).ReadString('\n')