rec: refactor unsuppored qtype code and make sure we ServFail on all unsupported...

This fixes #12251

Also I'd like to know why we ServFail on NSEC3 but not on NSEC: we should either fix that or add a comment explaining this.

(cherry picked from commit e7cc83fd617c877f272b8344d5fb7252acfdc297)

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 986da266ab52bdf5129e469588950e2265160e6a..ee826d784da70d37efe5adc2a3f7d1aac880fba5 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -2203,16 +2203,6 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr
 
   auto dc = std::make_unique<DNSComboWriter>(question, g_now, std::move(policyTags), t_pdl, std::move(data), std::move(records));
 
-  if (SyncRes::isUnsupported(dc->d_mdp.d_qtype)) {
-    g_stats.ignoredCount++;
-    if (!g_quiet) {
-      SLOG(g_log << Logger::Notice << RecThreadInfo::id() << " Unsupported qtype " << dc->d_mdp.d_qtype << " from " << source.toStringWithPort() << (source != fromaddr ? " (via " + fromaddr.toStringWithPort() + ")" : "") << endl,
-           g_slogudpin->info(Logr::Notice, "Unsupported qtype", "qtype", Logging::Loggable(QType(dc->d_mdp.d_qtype)), "source", Logging::Loggable(source), "remote", Logging::Loggable(fromaddr)));
-    }
-
-    return 0;
-  }
-
   dc->setSocket(fd);
   dc->d_tag = ctag;
   dc->d_qhash = qhash;

diff --git a/pdns/qtype.hh b/pdns/qtype.hh
index d712317129fa6ceed46ce74d04d620d4a261ceca..ab9d713c635ad0c5b3116e84b7dfff72e9394314 100644 (file)
--- a/pdns/qtype.hh
+++ b/pdns/qtype.hh
@@ -133,6 +133,10 @@ public:
 #endif
   };
 
+  const static uint16_t rfc6895MetaLowerBound = 128;
+  const static uint16_t rfc6895MetaUpperBound = 254; // Note 255: ANY is not included
+  const static uint16_t rfc6896Reserved = 65535;
+
   const static map<const string, uint16_t> names;
   const static map<uint16_t, const string> numbers;
 

diff --git a/pdns/recursordist/rec-tcp.cc b/pdns/recursordist/rec-tcp.cc
index b6deec10b50fb549409c3e31c71d9e5cf47401aa..e1bc143b6e3d76dc2c70196e82e687e1d3a0e9ce 100644 (file)
--- a/pdns/recursordist/rec-tcp.cc
+++ b/pdns/recursordist/rec-tcp.cc
@@ -355,14 +355,6 @@ static void handleRunningTCPQuestion(int fd, FDMultiplexer::funcparam_t& var)
         }
         return;
       }
-      if (SyncRes::isUnsupported(dc->d_mdp.d_qtype)) {
-        g_stats.ignoredCount++;
-        if (g_logCommonErrors) {
-          SLOG(g_log << Logger::Error << "Unsupported qtype " << dc->d_mdp.d_qtype << " from TCP client " << conn->d_remote.toStringWithPort() << endl,
-               g_slogtcpin->info(Logr::Error, "Unsupported qtype from TCP client", "remote", Logging::Loggable(conn->d_remote), "qtype", Logging::Loggable(dc->d_mdp.d_qtype)));
-        }
-        return;
-      }
 
       dc->d_tcpConnection = conn; // carry the torch
       dc->setSocket(conn->getFD()); // this is the only time a copy is made of the actual fd

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 006095d83de68af6df54f41e3acadfbf62c42c6c..88a55a378934803dca3bb303d3e6f5de5363fa60 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -704,9 +704,7 @@ int SyncRes::beginResolve(const DNSName &qname, const QType qtype, QClass qclass
     return 0;                          // so do check before updating counters (we do now)
   }
 
-  auto qtypeCode = qtype.getCode();
-  /* rfc6895 section 3.1 */
-  if (qtypeCode == 0 || (qtypeCode >= 128 && qtypeCode <= 254) || qtypeCode == QType::RRSIG || qtypeCode == QType::NSEC3 || qtypeCode == QType::OPT || qtypeCode == 65535) {
+  if (isUnsupported(qtype)) {
     return -1;
   }
 

diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index dbd59d6fb3f4155decd015b9d77b4b00a62a6500..2caf8d62ab0bd705a5df077ab0173e7aa303d9d1 100644 (file)
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -436,10 +436,21 @@ public:
 
   static bool isUnsupported(QType qtype)
   {
-    switch (qtype.getCode()) {
+    auto qcode = qtype.getCode();
+    // rfc6895 section 3.1, note ANY is 255 and falls outside the range
+    if (qcode >= QType::rfc6895MetaLowerBound && qcode <= QType::rfc6895MetaUpperBound) {
+      return true;
+    }
+    switch (qcode) {
       // Internal types
-    case QType::ENT:
+    case QType::ENT: // aka TYPE0
     case QType::ADDR:
+      // RFC
+    case QType::rfc6896Reserved:
+      // Other
+    case QType::RRSIG:
+    case QType::NSEC3: // what about NSEC?
+    case QType::OPT:
       return true;
     }
     return false;