@@ -538,7 +538,8 @@ public static function ipV6Reduce($ip)
538538 public static function ipResolve ($ ip
539539 {
540540 // Validate IP first
541- if (!self ::ipValidate ($ ip
541+ $ ip_versionself ::ipValidate ($ ip
542+ if (!$ ip_version
542543 return false ;
543544 }
544545
@@ -550,20 +551,42 @@ public static function ipResolve($ip)
550551 return false ;
551552 }
552553
553- // Forward DNS lookup (A/AAAA records) - verify the hostname points back to the IP
554- $ forward_ipsgethostbynamel ($ hostname
554+ // Forward DNS lookup - use dns_get_record() to support both IPv4 (A) and IPv6 (AAAA) records
555+ $ record_type$ ip_version'v6 ' ) ? DNS_AAAA : DNS_A ;
556+ $ ip_field$ ip_version'v6 ' ) ? 'ipv6 ' : 'ip ' ;
557+
558+ $ recordsdns_get_record ($ hostname$ record_type
555559
556560 // If forward lookup fails, we can't verify
557- if (!$ forward_ips
561+ if (!$ recordsis_array ($ records
562+ return false ;
563+ }
564+
565+ // Extract IPs from DNS records
566+ $ forward_ipsarray ();
567+ foreach ($ recordsas $ record
568+ if (isset ($ record$ ip_field
569+ $ forward_ips$ record$ ip_field
570+ }
571+ }
572+
573+ if (empty ($ forward_ips
558574 return false ;
559575 }
560576
561577 // Check if the original IP is in the list of IPs the hostname resolves to
562- if (in_array ($ ip$ forward_ipstrue )) {
578+ // For IPv6, normalize both for comparison
579+ if ($ ip_version'v6 ' ) {
580+ $ normalized_ipself ::ipV6Normalize ($ ip
581+ foreach ($ forward_ipsas $ forward_ip
582+ if (self ::ipV6Normalize ($ forward_ip$ normalized_ip
583+ return $ hostname
584+ }
585+ }
586+ } elseif (in_array ($ ip$ forward_ipstrue )) {
563587 return $ hostname
564588 }
565589
566- // FCrDNS verification failed - possible PTR spoofing attempt
567590 return false ;
568591 }
569592
0 commit comments