host.resolve: properly handle CNAME records

5c80fcb7 · Kaarle Ritvanen · 5d7327a3 · 5c80fcb7 · 5c80fcb7
Commit 5c80fcb7 authored Jan 26, 2019 by Kaarle Ritvanen
Show whitespace changes
Inline Side-by-side

Showing with 15 additions and 12 deletions

awall-cli awall-cli +2 -2

awall/host.lua awall/host.lua +13 -10

No files found.
--- a/awall-cli
+++ b/awall-cli
@@ -2,7 +2,7 @@

 --[[
 Alpine Wall
-Copyright (C) 2012-2018 Kaarle Ritvanen
+Copyright (C) 2012-2019 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--

@@ -20,7 +20,7 @@ if not table.unpack then table.unpack = unpack end
 function help()
   io.stderr:write([[
 Alpine Wall
-Copyright (C) 2012-2018 Kaarle Ritvanen
+Copyright (C) 2012-2019 Kaarle Ritvanen
 This is free software with ABSOLUTELY NO WARRANTY,
 available under the terms of the GNU General Public License, version 2


--- a/awall/host.lua
+++ b/awall/host.lua
 --[[
 Host address resolver for Alpine Wall
-Copyright (C) 2012-2018 Kaarle Ritvanen
+Copyright (C) 2012-2019 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--

@@ -30,16 +30,19 @@ function M.resolve(host, context)
      if not dnscache[host] then
 	 dnscache[host] = {}
 	 for family, rtype in pairs{inet='A', inet6='AAAA'} do
+	    local answer
 	    for rec in io.popen('drill '..host..' '..rtype):lines() do
-	       local name, addr = rec:match(
-		  '^('..familypatterns.domain..')%s+%d+%s+IN%s+'..rtype..
+	       if answer then
+		  if rec == '' then break end
+		  local addr = rec:match(
+		     '^'..familypatterns.domain..'%s+%d+%s+IN%s+'..rtype..
 			'%s+(.+)'
 		  )
-
-	       if name and name:sub(1, host:len() + 1) == host..'.' then
+		  if addr then
 		     assert(getfamily(addr, context) == family)
 		     table.insert(dnscache[host], {family, addr})
 		  end
+	       elseif rec == ';; ANSWER SECTION:' then answer = true end
 	    end
 	 end
 	 if not dnscache[host][1] then