- Fix #759: 0x20 capsforid no longer checks type PTR, for

  compatibility with cisco dns guard.  This lowers false positives.

git-svn-id: file:///svn/unbound/trunk@3715 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 72fbf1afff90e2bf06afd10c65659d5949f0e2dc..cb29d1c17d2c8d1bf47076b16c70fe0d11d8d798 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+28 April 2016: Wouter
+       - Fix #759: 0x20 capsforid no longer checks type PTR, for
+         compatibility with cisco dns guard.  This lowers false positives.
+
 18 April 2016: Wouter
        - Fix some malformed reponses to edns queries get fallback to nonedns.
 

diff --git a/services/outside_network.c b/services/outside_network.c
index 20289835300e3220a90abe0e2664f0b80a9294a5..8e6a9a5d1c0257b7dee35540d6d7a3a0d208352e 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -1527,7 +1527,10 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
        sq->to_be_deleted = 1; 
        verbose(VERB_ALGO, "svcd callbacks start");
        if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c &&
-               !sq->nocaps) {
+               !sq->nocaps && sq->qtype != LDNS_RR_TYPE_PTR) {
+               /* for type PTR do not check perturbed name in answer,
+                * compatibility with cisco dns guard boxes that mess up
+                * reverse queries 0x20 contents */
                /* noerror and nxdomain must have a qname in reply */
                if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 &&
                        (LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))