This cleans up the API a bit by removing the requirement of placing #run
inside a Thread.new {EventMachine.next_tick {}} block. That should not
be the caller's responsibility.
Previously, upstream nameservers were configured by default even if the
config file did not specify them. Now upstream nameservers are only
used if they are specified. If none are given, then NXDOMAIN is
returned for unresolvable requests.
Even though it is unlikely that a user would remove these options from
the DNS config file, it is still good practice to have these safeguards
in place.
This is primarily intended to add clarity by reducing clutter. Moreover,
it also has the side effect of improving performance very slightly by
removing the overhead of calling #instance numerous times.
Many filter checks were removed because the new DNS extension performs
validation before performing any database operation.
Modified message for InvalidParamError to be more modular.
Uses BeEF::Filters to ensure that empty, null, and non-printable
patterns are tossed out. Added new InvalidDnsPatternError exception
class to handle these cases.
Renamed #validate_response to #format_callback since the name is more
appropriate.
Using parameterized methods is better structured coding style rather
than defining multiple similarly-behaved methods.
annex_region('crimea') # good
vs.
annex_crimea # bad
Perhaps the ugliest part of the DNS extension, it is also the most
crucial. This method ensures that a given resource and response are
appropriate for each other. It must also prevent RCE vulns since the
input is eval'd later on.
However, HINFO, MINFO, and especially TXT validation is not strict
enough. These three need to be reviewed scrupulously since a 100%
anti-RCE solution may prove to be difficult.
The DNS server now searches for matching rules and sends its response
when handling incoming requests. However, all rules are still assigned
the same callback for the moment.
Changed Logger overrides to disable logging instead of using BeEF's
print_* methods. RubyDNS logging is too verbose. The DNS extension will
perform debug logging on its own.
Due to strange behavior in Sourcify, the /.../ literal syntax cannot
be used as a parameter; only %r{} or Regexp::new. There is a note
for this in the documentation for #add_rule.
403 Forbidden is more appropriate since 401 Unauthorized only
indicates that authentication is needed. In the case of a bad IP,
authentication will make no difference which is exactly what 403 is
meant for.
