From e5f5fc6a4df67f39381ef6fbffd4db7eaa7c6a67 Mon Sep 17 00:00:00 2001
From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Thu, 21 Jan 2021 11:10:19 +0100
Subject: [PATCH] rec: treat the .localhost domain as special

This satisfies the SHOULD in RFC6761 section 6.3 point 4.
---
 pdns/syncres.cc                                    | 2 +-
 regression-tests.recursor-dnssec/test_Simple.py    | 9 +++++++++
 regression-tests.recursor-dnssec/test_SimpleTCP.py | 9 +++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index eb9d010458..a327f789d5 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -202,7 +202,7 @@ bool SyncRes::doSpecialNamesResolve(const DNSName &qname, const QType &qtype, co
       answers.push_back({QType::PTR, "localhost."});
   }
 
-  if (qname == localhost &&
+  if (qname.isPartOf(localhost) &&
       qclass == QClass::IN) {
     handled = true;
     if (qtype == QType::A || qtype == QType::ANY)
diff --git a/regression-tests.recursor-dnssec/test_Simple.py b/regression-tests.recursor-dnssec/test_Simple.py
index 300710dbd3..e6c4e97455 100644
--- a/regression-tests.recursor-dnssec/test_Simple.py
+++ b/regression-tests.recursor-dnssec/test_Simple.py
@@ -85,6 +85,15 @@ auth-zones=authzone.example=configs/%s/authzone.zone""" % _confdir
         self.assertRcodeEqual(resPTR, dns.rcode.NOERROR)
         self.assertRRsetInAnswer(resPTR, expectedPTR)
 
+    def testLocalhostSubdomain(self):
+        queryA = dns.message.make_query('foo.localhost', 'A', want_dnssec=True)
+        expectedA = dns.rrset.from_text('foo.localhost.', 0, 'IN', 'A', '127.0.0.1')
+
+        resA = self.sendUDPQuery(queryA)
+
+        self.assertRcodeEqual(resA, dns.rcode.NOERROR)
+        self.assertRRsetInAnswer(resA, expectedA)
+
     def testIslandOfSecurity(self):
         query = dns.message.make_query('cname-to-islandofsecurity.secure.example.', 'A', want_dnssec=True)
 
diff --git a/regression-tests.recursor-dnssec/test_SimpleTCP.py b/regression-tests.recursor-dnssec/test_SimpleTCP.py
index 60a38f6f16..b70900f759 100644
--- a/regression-tests.recursor-dnssec/test_SimpleTCP.py
+++ b/regression-tests.recursor-dnssec/test_SimpleTCP.py
@@ -85,6 +85,15 @@ auth-zones=authzone.example=configs/%s/authzone.zone""" % _confdir
         self.assertRcodeEqual(resPTR, dns.rcode.NOERROR)
         self.assertRRsetInAnswer(resPTR, expectedPTR)
 
+    def testLocalhostSubdomain(self):
+        queryA = dns.message.make_query('foo.localhost', 'A', want_dnssec=True)
+        expectedA = dns.rrset.from_text('foo.localhost.', 0, 'IN', 'A', '127.0.0.1')
+
+        resA = self.sendTCPQuery(queryA)
+
+        self.assertRcodeEqual(resA, dns.rcode.NOERROR)
+        self.assertRRsetInAnswer(resA, expectedA)
+
     def testIslandOfSecurity(self):
         query = dns.message.make_query('cname-to-islandofsecurity.secure.example.', 'A', want_dnssec=True)
 
-- 
2.39.5