From 7f5f13a8325a01980360e862dbc1fe0d8660e73f Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 3 Apr 2020 16:52:57 +0200
Subject: [PATCH] dnsdist: Drop responses with the QR bit set to 0

---
 pdns/dnsdist.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index a902f39885..8a9d479f21 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -240,6 +240,11 @@ bool responseContentMatches(const char* response, const uint16_t responseLen, co
   }
 
   const struct dnsheader* dh = reinterpret_cast<const struct dnsheader*>(response);
+  if (dh->qr == 0) {
+    ++g_stats.nonCompliantResponses;
+    return false;
+  }
+
   if (dh->qdcount == 0) {
     if ((dh->rcode != RCode::NoError && dh->rcode != RCode::NXDomain) || g_allowEmptyResponse) {
       return true;
-- 
2.47.2