If a CNAME target is found in the cache, check if it's equal

to qname and ServFail if so.

Fixes the easy case of #9153. Longer chains with self-refs remain an issue.

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 3fde0ef257060ea7116080ff1eba002e39bd482f..347afa6ab1a123327a9ee7b8edd91584d0d16b9e 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -852,6 +852,7 @@ int SyncRes::doResolveNoQNameMinimization(const DNSName &qname, const QType &qty
 
     if(!d_skipCNAMECheck && doCNAMECacheCheck(qname, qtype, ret, depth, res, state, wasAuthZone, wasForwardRecurse)) { // will reroute us if needed
       d_wasOutOfBand = wasAuthZone;
+      // Do not set *fromCache; res does not reflect the final result in all cases
       return res;
     }
 
@@ -1329,6 +1330,12 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
         newTarget = cnameContent->getTarget();
       }
 
+      if (qname == newTarget) {
+        LOG(prefix<<qname<<": Got a CNAME referral (from cache) to self, returning SERVFAIL"<<endl);
+        res = RCode::ServFail;
+        return true;
+      }
+
       set<GetBestNSAnswer>beenthere;
       vState cnameState = Indeterminate;
       res = doResolve(newTarget, qtype, ret, depth+1, beenthere, cnameState);