auth: backport to 4.3.x: Do not send out of zone lookups to the backends

author Kees Monshouwer <mind04@monshouwer.org>

Fri, 18 Sep 2020 08:02:11 +0000 (10:02 +0200)

committer mind04 <mind04@monshouwer.org>

Mon, 21 Sep 2020 09:24:17 +0000 (11:24 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Fri, 18 Sep 2020 08:02:11 +0000 (10:02 +0200)
committer mind04 <mind04@monshouwer.org>
Mon, 21 Sep 2020 09:24:17 +0000 (11:24 +0200)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index d3c3be8885051ad9cf7fc156644c654acf934637..96d9d8688f59b93d21d7405940262a09e2c772cd 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -472,16 +472,17 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket& p, std::unique_ptr
        else
          continue;
  
+      if(!lookup.isPartOf(soadata.qname)) {
+        continue;
+      }
+
        B.lookup(QType(d_doIPv6AdditionalProcessing ? QType::ANY : QType::A), lookup, soadata.domain_id, &p);
  
        while(B.get(rr)) {
          if(rr.dr.d_type != QType::A && rr.dr.d_type!=QType::AAAA)
            continue;
-        if(!rr.dr.d_name.isPartOf(soadata.qname)) {
-          // FIXME we might still pass on the record if it is occluded and the
-          // backend uses a single id for all zones
-          continue;
-        }
+        // FIXME we might still pass on the record if it is occluded and the
+        // backend uses a single id for all zones
          rr.dr.d_place=DNSResourceRecord::ADDITIONAL;
          toAdd.push_back(rr);
        }
author	Kees Monshouwer <mind04@monshouwer.org>
	Fri, 18 Sep 2020 08:02:11 +0000 (10:02 +0200)
committer	mind04 <mind04@monshouwer.org>
	Mon, 21 Sep 2020 09:24:17 +0000 (11:24 +0200)