1*0eefd307SCy Schubertdiff --git a/daemon/worker.c b/daemon/worker.c 2*0eefd307SCy Schubertindex 263fcdd..f787b70 100644 3*0eefd307SCy Schubert--- a/daemon/worker.c 4*0eefd307SCy Schubert+++ b/daemon/worker.c 5*0eefd307SCy Schubert@@ -1213,6 +1213,15 @@ worker_handle_request(struct comm_point* c, void* arg, int error, 6*0eefd307SCy Schubert addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip)); 7*0eefd307SCy Schubert log_query_in(ip, qinfo.qname, qinfo.qtype, qinfo.qclass); 8*0eefd307SCy Schubert } 9*0eefd307SCy Schubert+ 10*0eefd307SCy Schubert+ if(worker->env.cfg->drop_tld) { 11*0eefd307SCy Schubert+ int lab = dname_count_labels(qinfo.qname); 12*0eefd307SCy Schubert+ if (lab == 2) { 13*0eefd307SCy Schubert+ comm_point_drop_reply(repinfo); 14*0eefd307SCy Schubert+ verbose(VERB_ALGO, "Dropping one label query."); 15*0eefd307SCy Schubert+ return 0; 16*0eefd307SCy Schubert+ } 17*0eefd307SCy Schubert+ } 18*0eefd307SCy Schubert if(qinfo.qtype == LDNS_RR_TYPE_AXFR || 19*0eefd307SCy Schubert qinfo.qtype == LDNS_RR_TYPE_IXFR) { 20*0eefd307SCy Schubert verbose(VERB_ALGO, "worker request: refused zone transfer."); 21*0eefd307SCy Schubertdiff --git a/util/config_file.h b/util/config_file.h 22*0eefd307SCy Schubertindex b3ef930..2791541 100644 23*0eefd307SCy Schubert--- a/util/config_file.h 24*0eefd307SCy Schubert+++ b/util/config_file.h 25*0eefd307SCy Schubert@@ -274,6 +274,8 @@ struct config_file { 26*0eefd307SCy Schubert int prefetch_key; 27*0eefd307SCy Schubert /** deny queries of type ANY with an empty answer */ 28*0eefd307SCy Schubert int deny_any; 29*0eefd307SCy Schubert+ /** Drop TLD queries from clients **/ 30*0eefd307SCy Schubert+ int drop_tld; 31*0eefd307SCy Schubert 32*0eefd307SCy Schubert /** chrootdir, if not "" or chroot will be done */ 33*0eefd307SCy Schubert char* chrootdir; 34*0eefd307SCy Schubertdiff --git a/util/configlexer.lex b/util/configlexer.lex 35*0eefd307SCy Schubertindex a86ddf5..9bbedbb 100644 36*0eefd307SCy Schubert--- a/util/configlexer.lex 37*0eefd307SCy Schubert+++ b/util/configlexer.lex 38*0eefd307SCy Schubert@@ -299,6 +299,7 @@ private-domain{COLON} { YDVAR(1, VAR_PRIVATE_DOMAIN) } 39*0eefd307SCy Schubert prefetch-key{COLON} { YDVAR(1, VAR_PREFETCH_KEY) } 40*0eefd307SCy Schubert prefetch{COLON} { YDVAR(1, VAR_PREFETCH) } 41*0eefd307SCy Schubert deny-any{COLON} { YDVAR(1, VAR_DENY_ANY) } 42*0eefd307SCy Schubert+drop-tld{COLON} { YDVAR(1, VAR_DROP_TLD) } 43*0eefd307SCy Schubert stub-zone{COLON} { YDVAR(0, VAR_STUB_ZONE) } 44*0eefd307SCy Schubert name{COLON} { YDVAR(1, VAR_NAME) } 45*0eefd307SCy Schubert stub-addr{COLON} { YDVAR(1, VAR_STUB_ADDR) } 46*0eefd307SCy Schubertdiff --git a/util/configparser.y b/util/configparser.y 47*0eefd307SCy Schubertindex 10227a2..567d68e 100644 48*0eefd307SCy Schubert--- a/util/configparser.y 49*0eefd307SCy Schubert+++ b/util/configparser.y 50*0eefd307SCy Schubert@@ -164,6 +164,7 @@ extern struct config_parser_state* cfg_parser; 51*0eefd307SCy Schubert %token VAR_FAST_SERVER_PERMIL VAR_FAST_SERVER_NUM 52*0eefd307SCy Schubert %token VAR_ALLOW_NOTIFY VAR_TLS_WIN_CERT VAR_TCP_CONNECTION_LIMIT 53*0eefd307SCy Schubert %token VAR_FORWARD_NO_CACHE VAR_STUB_NO_CACHE VAR_LOG_SERVFAIL VAR_DENY_ANY 54*0eefd307SCy Schubert+%token VAR_DROP_TLD 55*0eefd307SCy Schubert %token VAR_UNKNOWN_SERVER_TIME_LIMIT VAR_LOG_TAG_QUERYREPLY 56*0eefd307SCy Schubert %token VAR_STREAM_WAIT_SIZE VAR_TLS_CIPHERS VAR_TLS_CIPHERSUITES 57*0eefd307SCy Schubert %token VAR_TLS_SESSION_TICKET_KEYS 58*0eefd307SCy Schubert@@ -266,6 +267,7 @@ content_server: server_num_threads | server_verbosity | server_port | 59*0eefd307SCy Schubert server_tls_cert_bundle | server_tls_additional_port | server_low_rtt | 60*0eefd307SCy Schubert server_fast_server_permil | server_fast_server_num | server_tls_win_cert | 61*0eefd307SCy Schubert server_tcp_connection_limit | server_log_servfail | server_deny_any | 62*0eefd307SCy Schubert+ server_drop_tld | 63*0eefd307SCy Schubert server_unknown_server_time_limit | server_log_tag_queryreply | 64*0eefd307SCy Schubert server_stream_wait_size | server_tls_ciphers | 65*0eefd307SCy Schubert server_tls_ciphersuites | server_tls_session_ticket_keys 66*0eefd307SCy Schubert@@ -1466,6 +1468,16 @@ server_deny_any: VAR_DENY_ANY STRING_ARG 67*0eefd307SCy Schubert free($2); 68*0eefd307SCy Schubert } 69*0eefd307SCy Schubert ; 70*0eefd307SCy Schubert+ 71*0eefd307SCy Schubert+server_drop_tld: VAR_DROP_TLD STRING_ARG 72*0eefd307SCy Schubert+ { 73*0eefd307SCy Schubert+ OUTYY(("P(server_drop_tld:%s)\n", $2)); 74*0eefd307SCy Schubert+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0) 75*0eefd307SCy Schubert+ yyerror("expected yes or no."); 76*0eefd307SCy Schubert+ else cfg_parser->cfg->drop_tld = (strcmp($2, "yes")==0); 77*0eefd307SCy Schubert+ free($2); 78*0eefd307SCy Schubert+ } 79*0eefd307SCy Schubert+ ; 80*0eefd307SCy Schubert server_unwanted_reply_threshold: VAR_UNWANTED_REPLY_THRESHOLD STRING_ARG 81*0eefd307SCy Schubert { 82*0eefd307SCy Schubert OUTYY(("P(server_unwanted_reply_threshold:%s)\n", $2)); 83