ClientDNSRejectInternalAddresses in non-default networks

Once again allow the flag to be set, unless the default network is used.
Thanks to nickm for a suggestion for the workaround to a test failure.

1 files changed, 4 insertions, 0 deletions

diff --git a/src/or/config.c b/src/or/config.c
index bba2532000..d6e1abaa10 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -4216,6 +4216,10 @@ options_validate(or_options_t *old_options, or_options_t *options,
   CHECK_DEFAULT(TestingLinkKeySlop);
 #undef CHECK_DEFAULT
 
+  if (!options->ClientDNSRejectInternalAddresses &&
+      !(options->DirAuthorities ||
+        (options->AlternateDirAuthority && options->AlternateBridgeAuthority)))
+    REJECT("ClientDNSRejectInternalAddresses used for default network.");
   if (options->SigningKeyLifetime < options->TestingSigningKeySlop*2)
     REJECT("SigningKeyLifetime is too short.");
   if (options->TestingLinkCertLifetime < options->TestingAuthKeySlop*2)