host.resolve: properly handle CNAME recordsv1.6.9

2 files changed, 15 insertions, 12 deletions

diff --git a/awall-cli b/awall-cli
index dd920cc..0786709 100755
--- a/awall-cli
+++ b/awall-cli
@@ -2,7 +2,7 @@
 
 --[[
 Alpine Wall
-Copyright (C) 2012-2018 Kaarle Ritvanen
+Copyright (C) 2012-2019 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--
 
@@ -20,7 +20,7 @@ if not table.unpack then table.unpack = unpack end
 function help()
    io.stderr:write([[
 Alpine Wall
-Copyright (C) 2012-2018 Kaarle Ritvanen
+Copyright (C) 2012-2019 Kaarle Ritvanen
 This is free software with ABSOLUTELY NO WARRANTY,
 available under the terms of the GNU General Public License, version 2
 
diff --git a/awall/host.lua b/awall/host.lua
index bd44bd8..6959a6b 100644
--- a/awall/host.lua
+++ b/awall/host.lua
@@ -1,6 +1,6 @@
 --[[
 Host address resolver for Alpine Wall
-Copyright (C) 2012-2018 Kaarle Ritvanen
+Copyright (C) 2012-2019 Kaarle Ritvanen
 See LICENSE file for license details
 ]]--
 
@@ -30,16 +30,19 @@ function M.resolve(host, context)
       if not dnscache[host] then
 	 dnscache[host] = {}
 	 for family, rtype in pairs{inet='A', inet6='AAAA'} do
+	    local answer
 	    for rec in io.popen('drill '..host..' '..rtype):lines() do
-	       local name, addr = rec:match(
-		  '^('..familypatterns.domain..')%s+%d+%s+IN%s+'..rtype..
-		     '%s+(.+)'
-	       )
-
-	       if name and name:sub(1, host:len() + 1) == host..'.' then
-		  assert(getfamily(addr, context) == family)
-		  table.insert(dnscache[host], {family, addr})
-	       end
+	       if answer then
+		  if rec == '' then break end
+		  local addr = rec:match(
+		     '^'..familypatterns.domain..'%s+%d+%s+IN%s+'..rtype..
+			'%s+(.+)'
+		  )
+		  if addr then
+		     assert(getfamily(addr, context) == family)
+		     table.insert(dnscache[host], {family, addr})
+		  end
+	       elseif rec == ';; ANSWER SECTION:' then answer = true end
 	    end
 	 end
 	 if not dnscache[host][1] then