dns64: improve with policy.FORWARD or .STUB

Clearing the query flags lead to kresd iterating over authoritative
servers.  Related: https://gitlab.labs.nic.cz/knot/resolver/issues/217

Note that validation of synthesised AAAA behind a CNAME doesn't work
when policy.FORWARD + dns64.  Example: www.regiojet.cz.
policy.STUB + dns64 seems not to work at all.

diff --git a/modules/dns64/dns64.lua b/modules/dns64/dns64.lua
index e9c830b262bd88fd2183a7578017d10d44d4af46..9777aeb72db7c584081d0e7e7097b5e7799898ca 100644 (file)
--- a/modules/dns64/dns64.lua
+++ b/modules/dns64/dns64.lua
@@ -53,8 +53,11 @@ mod.layer = {
                else -- Observe AAAA NODATA responses
                        local is_nodata = (pkt:rcode() == kres.rcode.NOERROR) and (#answer == 0)
                        if pkt:qtype() == kres.type.AAAA and is_nodata and pkt:qname() == qry:name() and qry:final() then
-                               local next = req:push(pkt:qname(), kres.type.A, kres.class.IN, 0, qry)
-                               next.flags = bit.band(qry.flags, kres.query.DNSSEC_WANT) + kres.query.AWAIT_CUT + MARK_DNS64
+                               local extraFlags = bit.bor(
+                                       bit.band(qry.flags, kres.query.DNSSEC_WANT),
+                                       bit.bor(MARK_DNS64, kres.query.AWAIT_CUT)
+                                       )
+                               local next = req:push(pkt:qname(), kres.type.A, kres.class.IN, extraFlags, qry)
                        end
                end
                return state