Do shuffle TCP responses except *XFRs

Fixes #13003

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index a69d9f1edb2f55390b0c3feec24c34c70e74af13..63a98041ea9fcb0fbd770e709e08cf2790ebc7cf 100644 (file)
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -279,7 +279,7 @@ void DNSPacket::wrapup(bool throwsOnTruncation)
     });
   static bool mustNotShuffle = ::arg().mustDo("no-shuffle");
 
-  if(!d_tcp && !mustNotShuffle) {
+  if(!d_xfr && !mustNotShuffle) {
     pdns::shuffle(d_rrs);
   }
   d_wrapped=true;
@@ -453,6 +453,7 @@ std::unique_ptr<DNSPacket> DNSPacket::replyPacket() const
   r->d_haveednscookie = d_haveednscookie;
   r->d_ednsversion = 0;
   r->d_ednsrcode = 0;
+  r->d_xfr = d_xfr;
 
   if(d_tsigkeyname.countLabels()) {
     r->d_tsigkeyname = d_tsigkeyname;

diff --git a/pdns/dnspacket.hh b/pdns/dnspacket.hh
index 60e3268a9ebf39d315472ec39e34512b654eadf2..446af60f46eb569a04835078f9e5ea896d6841a0 100644 (file)
--- a/pdns/dnspacket.hh
+++ b/pdns/dnspacket.hh
@@ -157,7 +157,8 @@ public:
   uint16_t qclass{QClass::IN};  //!< class of the question - should always be INternet 2
   QType qtype;  //!< type of the question 2
 
-  bool d_tcp{false};
+  bool d_tcp{false}; // whether DNS packet is using TCP (false when UDP)
+  bool d_xfr{false}; // whether DNS packet is a zone transfer, either AXFR or IXFR
   bool d_dnssecOk{false};
   bool d_havetsig{false};
 

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index b84a6b9b4b4f2e8b08af67c74439dec30dc75d35..e290571458f7338fd17a3fc75bb0a360572f9c77 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -367,11 +367,13 @@ void TCPNameserver::doConnection(int fd)
         S.inc("tcp-cookie-queries");
 
       if(packet->qtype.getCode()==QType::AXFR) {
+        packet->d_xfr=true;
         doAXFR(packet->qdomain, packet, fd);
         continue;
       }
 
       if(packet->qtype.getCode()==QType::IXFR) {
+        packet->d_xfr=true;
         doIXFR(packet, fd);
         continue;
       }