From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Wed, 14 Nov 2018 12:11:24 +0000 (+0100)
Subject: auth: add back isPartOf check in additional processing
X-Git-Tag: auth-4.2.0-alpha1~25^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=87c261bcddd25cea34885c4b49bb88641ed24c9e;p=thirdparty%2Fpdns.git

auth: add back isPartOf check in additional processing

Some backends (e.g. the LDAP backend, and the remote backend when the
operator does not provide an id) do not have an id per zone. This would
still add out of zone data to the additional section.
---

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 2ad9f567af..b82abb926a 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -463,6 +463,11 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
       while(B.get(rr)) {
         if(rr.dr.d_type != QType::A && rr.dr.d_type!=QType::AAAA)
           continue;
+        if(!rr.dr.d_name.isPartOf(soadata.qname)) {
+          // FIXME we might still pass on the record if it is occluded and the
+          // backend uses a single id for all zones
+          continue;
+        }
         rr.dr.d_place=DNSResourceRecord::ADDITIONAL;
         toAdd.push_back(rr);
       }