From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 10 Nov 2020 10:15:02 +0000 (+0100)
Subject: rec: Avoid a CNAME loop detection issue with DNS64
X-Git-Tag: dnsdist-1.6.0-alpha0~8^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=acc9751140f91020c2917831b70c7d51f744e91e;p=thirdparty%2Fpdns.git

rec: Avoid a CNAME loop detection issue with DNS64

When the requested qname is a CNAME to a second CNAME, the CNAME
loop detection might get incorrectly triggered because the CNAMEs
were already present in the vector of result records.
---

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index f552d569ad..d21620ae3a 100644
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1272,7 +1272,16 @@ int followCNAMERecords(vector<DNSRecord>& ret, const QType& qtype)
 
 int getFakeAAAARecords(const DNSName& qname, ComboAddress prefix, vector<DNSRecord>& ret)
 {
-  int rcode = directResolve(qname, QType(QType::A), QClass::IN, ret);
+  /* we pass a separate vector of records because we will be resolving the initial qname
+     again, possibly encountering the same CNAME(s), and we don't want to trigger the CNAME
+     loop detection. */
+  vector<DNSRecord> newRecords;
+  int rcode = directResolve(qname, QType(QType::A), QClass::IN, newRecords);
+
+  ret.reserve(ret.size() + newRecords.size());
+  for (auto& record : newRecords) {
+    ret.push_back(std::move(record));
+  }
 
   // Remove double CNAME records
   std::set<DNSName> seenCNAMEs;