From 3bb130d055acec672c7976550c282bd7843a6d6b Mon Sep 17 00:00:00 2001
From: Joona Hoikkala <joohoi@users.noreply.github.com>
Date: Wed, 31 Oct 2018 15:01:42 +0200
Subject: [PATCH] Refuse dynamic updates properly (#124)

---
 README.md | 1 +
 dns.go    | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1084e42..64fc20c 100644
--- a/README.md
+++ b/README.md
@@ -303,6 +303,7 @@ logformat = "text"
 - unreleased
    - New
       - Command line flag `-c` to specify location of config file.
+      - Proper refusal of dynamic update requests.
 - v0.5
    - New
       - Configurable certificate cache directory
diff --git a/dns.go b/dns.go
index 86c883c..3531820 100644
--- a/dns.go
+++ b/dns.go
@@ -56,7 +56,6 @@ func answer(q dns.Question) ([]dns.RR, int, error) {
 		if !ok {
 			rcode = dns.RcodeNameError
 		}
-			
 	}
 	log.WithFields(log.Fields{"qtype": dns.TypeToString[rtype], "domain": domain, "rcode": dns.RcodeToString[rcode]}).Debug("Answering question for domain")
 	return r, rcode, nil
@@ -68,6 +67,9 @@ func handleRequest(w dns.ResponseWriter, r *dns.Msg) {
 
 	if r.Opcode == dns.OpcodeQuery {
 		readQuery(m)
+	} else if r.Opcode == dns.OpcodeUpdate {
+		log.Debug("Refusing DNS Dynamic update request")
+		m.MsgHdr.Rcode = dns.RcodeRefused
 	}
 
 	w.WriteMsg(m)