From d4c479686c5c0b2bdba552c3731556ff7e150a36 Mon Sep 17 00:00:00 2001
From: Ben Davies <kaiepi@outlook.com>
Date: Mon, 8 Jul 2019 21:39:44 -0300
Subject: [PATCH] Use dns.lookup over dns.resolve4 in IPTools.dnsblQuery

This helps prevent DNS poisoning attacks if the platform supports DNSSEC
since dns.resolve4 uses c-ares, which doesn't support DNSSEC.
---
 server/ip-tools.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/ip-tools.ts b/server/ip-tools.ts
index 29869859396e..ed4101609106 100644
--- a/server/ip-tools.ts
+++ b/server/ip-tools.ts
@@ -190,7 +190,7 @@ export const IPTools = new class {
 			return;
 		}
 		const blocklist = BLOCKLISTS[index];
-		dns.resolve4(reversedIpDot + blocklist, (err, addresses) => {
+		dns.lookup(reversedIpDot + blocklist, 4, (err, res) => {
 			if (!err) {
 				// blocked
 				IPTools.dnsblCache.set(ip, blocklist);