From 1db8d3cb00bec980480d525571cea76c6c49c3e7 Mon Sep 17 00:00:00 2001 From: Frank Schroeder Date: Fri, 20 Oct 2017 20:00:45 +0200 Subject: [PATCH] config: do not allow an ANY address as DNS recursor --- agent/config/builder.go | 5 +++++ agent/config/runtime_test.go | 9 +++++++++ 2 files changed, 14 insertions(+) diff --git a/agent/config/builder.go b/agent/config/builder.go index b59aa94aa4..da5f4fb2b6 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -726,6 +726,11 @@ func (b *Builder) Validate(rt RuntimeConfig) error { return fmt.Errorf("DNS address cannot be a unix socket") } } + for _, a := range rt.DNSRecursors { + if ipaddr.IsAny(a) { + return fmt.Errorf("DNS recursor address cannot be 0.0.0.0, :: or [::]") + } + } if rt.Bootstrap && !rt.ServerMode { return fmt.Errorf("'bootstrap = true' requires 'server = true'") } diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 3324841a6a..0f5d4ca7f9 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -1463,6 +1463,15 @@ func TestConfigFlagsAndEdgecases(t *testing.T) { hcl: []string{`advertise_addr_wan = "::"`}, err: "Advertise WAN address cannot be 0.0.0.0, :: or [::]", }, + { + desc: "recursors any", + flags: []string{ + `-data-dir=` + dataDir, + }, + json: []string{`{ "recursors": ["::"] }`}, + hcl: []string{`recursors = ["::"]`}, + err: "DNS recursor address cannot be 0.0.0.0, :: or [::]", + }, { desc: "dns_config.udp_answer_limit invalid", flags: []string{