dnsdist: Drop responses with the QR bit set to 0

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index a902f3988530d533fd7fb0abee6b59644618ebb7..8a9d479f21d43cf99637266800729792adfc0c05 100644 (file)
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -240,6 +240,11 @@ bool responseContentMatches(const char* response, const uint16_t responseLen, co
   }
 
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(response);
+  if (dh->qr == 0) {
+    ++g_stats.nonCompliantResponses;
+    return false;
+  }
+
   if (dh->qdcount == 0) {
     if ((dh->rcode != RCode::NoError && dh->rcode != RCode::NXDomain) || g_allowEmptyResponse) {
       return true;