From 7de8f3f322c1a1c13022a0243267624930dac5c9 Mon Sep 17 00:00:00 2001 From: Gert Doering Date: Sun, 17 Nov 2013 15:30:20 +0100 Subject: Make code and documentation for --remote-random-hostname consistent. Documentation examples, description and code were disagreeing on what this option actually does. Now they will all agree that it will *prepend* a random-byte string to the hostname name before resolving to work around DNS caching (needs a "*" wildcard record in the zone). Fix trac #143 Signed-off-by: Gert Doering Acked-by: Arne Schwabe Message-Id: <1384698620-27946-1-git-send-email-gert@greenie.muc.de> URL: http://article.gmane.org/gmane.network.openvpn.devel/7999 --- doc/openvpn.8 | 2 +- src/openvpn/misc.c | 27 +++++++++------------------ 2 files changed, 10 insertions(+), 19 deletions(-) diff --git a/doc/openvpn.8 b/doc/openvpn.8 index 3df7a6f..7736c63 100644 --- a/doc/openvpn.8 +++ b/doc/openvpn.8 @@ -274,7 +274,7 @@ failover capability. .\"********************************************************* .TP .B \-\-remote-random-hostname -Add a random string (6 characters) to first DNS label of hostname to prevent +Prepend a random string (6 bytes, 12 hex characters) to hostname to prevent DNS caching. For example, "foo.bar.gov" would be modified to ".foo.bar.gov". .\"********************************************************* diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 4688444..7483184 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -926,32 +926,23 @@ create_temp_file (const char *directory, const char *prefix, struct gc_arena *gc } /* - * Add a random string to first DNS label of hostname to prevent DNS caching. + * Prepend a random string to hostname to prevent DNS caching. * For example, foo.bar.gov would be modified to .foo.bar.gov. - * Of course, this requires explicit support in the DNS server. + * Of course, this requires explicit support in the DNS server (wildcard). */ const char * hostname_randomize(const char *hostname, struct gc_arena *gc) { # define n_rnd_bytes 6 - char *hst = string_alloc(hostname, gc); - char *dot = strchr(hst, '.'); + uint8_t rnd_bytes[n_rnd_bytes]; + const char *rnd_str; + struct buffer hname = alloc_buf_gc (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc); - if (dot) - { - uint8_t rnd_bytes[n_rnd_bytes]; - const char *rnd_str; - struct buffer hname = alloc_buf_gc (strlen(hostname)+sizeof(rnd_bytes)*2+4, gc); - - *dot++ = '\0'; - prng_bytes (rnd_bytes, sizeof (rnd_bytes)); - rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc); - buf_printf(&hname, "%s-0x%s.%s", hst, rnd_str, dot); - return BSTR(&hname); - } - else - return hostname; + prng_bytes (rnd_bytes, sizeof (rnd_bytes)); + rnd_str = format_hex_ex (rnd_bytes, sizeof (rnd_bytes), 40, 0, NULL, gc); + buf_printf(&hname, "%s.%s", rnd_str, hostname); + return BSTR(&hname); # undef n_rnd_bytes } -- cgit