Slightly better handling of invalid domain names

2025-07-17 06:23:29 +02:00 · 2023-08-07 20:05:25 +02:00
parent 1fe59d24d5
commit 2e1f6a77ac
2 changed files with 38 additions and 35 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -22,6 +22,7 @@ use serde::{Deserialize,Serialize};
 use tera::Tera;
 use tower::ServiceBuilder;
 use tower_http::services::ServeDir;
+use trust_dns_resolver::Name;
 use trust_dns_resolver::TokioAsyncResolver;

 use tokio::signal::unix::{
@ -679,32 +680,33 @@ async fn get_dig_result(
 	let name = &dig_query.trim().trim_end_matches(".").to_string();
 	let idna_name = IdnaName::from_string(&name);
 	if let Some(dns_resolver) = &state.dns_resolvers.get(dns_resolver_name) {
-		if match_domain_hidden_list(&name, &state.config.dns.hidden_suffixes) {
-			// Try to hide the fact that we didn't do dns resolution at all
-			// We resolve example.org as basic avoidance of timing sidechannels.
-			// WARNING: this timing sidechannel avoidance is very crude.
-			simple_dns::lookup(
+		if let Ok(domain_name) = Name::from_str_relaxed(name) {
+			if match_domain_hidden_list(&name, &state.config.dns.hidden_suffixes) {
+				// Try to hide the fact that we didn't do dns resolution at all
+				// We resolve example.org as basic avoidance of timing sidechannels.
+				// WARNING: this timing sidechannel avoidance is very crude.
+				simple_dns::lookup(
+							&dns_resolver,
+							&Name::from_ascii("example.org.").expect("Static Dummy Name"),
+							do_full_lookup).await;
+				return DigResult {
+					records: DnsLookupResult{ nxdomain: true , ..Default::default() },
+					idn: idna_name,
+					partial_lookup: !do_full_lookup,
+					used_dns_resolver: dns_resolver_name.clone(),
+				}
+			} else {
+				return DigResult {
+					records: simple_dns::lookup(
 						&dns_resolver,
-						&("example.org.".to_string()),
-						do_full_lookup).await;
-			DigResult {
-				records: DnsLookupResult{ nxdomain: true , ..Default::default() },
-				idn: idna_name,
-				partial_lookup: !do_full_lookup,
-				used_dns_resolver: dns_resolver_name.clone(),
-			}
-		} else {
-			DigResult {
-				records: simple_dns::lookup(
-					&dns_resolver,
-					&(idna_name.idn.clone().unwrap_or(name.to_owned())+"."),
-					do_full_lookup).await,
-				idn: idna_name,
-				partial_lookup: !do_full_lookup,
-				used_dns_resolver: dns_resolver_name.clone(),
+						&domain_name,
+						do_full_lookup).await,
+					idn: idna_name,
+					partial_lookup: !do_full_lookup,
+					used_dns_resolver: dns_resolver_name.clone(),
+				}
 			}
 		}
-	} else {
-		return Default::default();
 	}
+	return Default::default();
 }