From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 3 Apr 2020 14:52:57 +0000 (+0200)
Subject: dnsdist: Drop responses with the QR bit set to 0
X-Git-Tag: dnsdist-1.5.0-rc1~15^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F8996%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Drop responses with the QR bit set to 0
---

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index a902f39885..8a9d479f21 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -240,6 +240,11 @@ bool responseContentMatches(const char* response, const uint16_t responseLen, co
   }
 
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(response);
+  if (dh->qr == 0) {
+    ++g_stats.nonCompliantResponses;
+    return false;
+  }
+
   if (dh->qdcount == 0) {
     if ((dh->rcode != RCode::NoError && dh->rcode != RCode::NXDomain) || g_allowEmptyResponse) {
       return true;