Correctly sanitise DNS header bits in answer when recreating query for retry.

diff --git a/src/dns-protocol.h b/src/dns-protocol.h
index 4b71746f8d2608c888e36d746e8caa8b23cb8267..6cf515881c17b061a59d3179bb259320b2f04b10 100644 (file)
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -84,15 +84,15 @@ struct dns_header {
   u16 qdcount,ancount,nscount,arcount;
 };
 
-#define HB3_QR       0x80
+#define HB3_QR       0x80 /* Query */
 #define HB3_OPCODE   0x78
-#define HB3_AA       0x04
-#define HB3_TC       0x02
-#define HB3_RD       0x01
+#define HB3_AA       0x04 /* Authoritative Answer */
+#define HB3_TC       0x02 /* TrunCated */
+#define HB3_RD       0x01 /* Recursion Desired */
 
-#define HB4_RA       0x80
-#define HB4_AD       0x20
-#define HB4_CD       0x10
+#define HB4_RA       0x80 /* Recursion Available */
+#define HB4_AD       0x20 /* Authenticated Data */
+#define HB4_CD       0x10 /* Checking Disabled */
 #define HB4_RCODE    0x0f
 
 #define OPCODE(x)          (((x)->hb3 & HB3_OPCODE) >> 3)

diff --git a/src/forward.c b/src/forward.c
index 74e5ab66c423a9d09f48c9cab7a82f258de3576a..8c3e71cebe87f667a4b3952537459a10fa28f6df 100644 (file)
--- a/src/forward.c
+++ b/src/forward.c
@@ -769,7 +769,8 @@ void reply_query(int fd, int family, time_t now)
          header->arcount = htons(0);
          if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
            {
-             header->hb3 &= ~(HB3_QR | HB3_TC);
+             header->hb3 &= ~(HB3_QR | HB3_AA | HB3_TC);
+             header->hb4 &= ~(HB4_RA | HB4_RCODE);
              forward_query(-1, NULL, NULL, 0, header, nn, now, forward, 0, 0);
              return;
            }