From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 24 Feb 2023 14:25:01 +0000 (+0100)
Subject: dnsdist: Only fall back origDest, not hopLocal, to the frontend's address
X-Git-Tag: dnsdist-1.8.0-rc2~9^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=285a9220f3e94e8c39b943ed25cda8b32aca476b;p=thirdparty%2Fpdns.git

dnsdist: Only fall back origDest, not hopLocal, to the frontend's address
---

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 1e8ff8b677..aae2fb0eb0 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -1165,10 +1165,6 @@ static bool isUDPQueryAcceptable(ClientState& cs, LocalHolders& holders, const s
     dest.sin4.sin_family = 0;
   }
 
-  if (dest.sin4.sin_family == 0) {
-    dest = cs.local;
-  }
-
   ++cs.queries;
   ++g_stats.queries;
 
@@ -1603,8 +1599,18 @@ static void processUDPQuery(ClientState& cs, LocalHolders& holders, const struct
       return;
     }
     /* dest might have been updated, if we managed to harvest the destination address */
-    ids.origDest = dest;
-    ids.hopLocal = dest;
+    if (dest.sin4.sin_family != 0) {
+      ids.origDest = dest;
+      ids.hopLocal = dest;
+    }
+    else {
+      /* if we have not been able to harvest the destination address,
+         we do NOT want to update dest or hopLocal, to let the kernel
+         pick the less terrible option, but we want to update origDest
+         which is used by rules and actions to at least the correct
+         address family */
+      ids.origDest = cs.local;
+    }
 
     std::vector<ProxyProtocolValue> proxyProtocolValues;
     if (expectProxyProtocol && !handleProxyProtocol(remote, false, *holders.acl, query, ids.origRemote, ids.origDest, proxyProtocolValues)) {