rec: Refuse queries for rfc6895 section 3.1 meta types

author Remi Gacogne <remi.gacogne@powerdns.com>

Wed, 12 Sep 2018 14:12:46 +0000 (16:12 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Thu, 11 Oct 2018 09:48:39 +0000 (11:48 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Wed, 12 Sep 2018 14:12:46 +0000 (16:12 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Thu, 11 Oct 2018 09:48:39 +0000 (11:48 +0200)
diff --git a/pdns/syncres.cc b/pdns/syncres.cc

index 3c8bad40533de535c2099245fee42f3aea6e8cd2..f2813b4a82d1a3d2d5d8ee5dea36dd1d6a418b49 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -117,6 +117,8 @@ SyncRes::SyncRes(const struct timeval& now) :  d_authzonequeries(0), d_outquerie
  /** everything begins here - this is the entry point just after receiving a packet */
  int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qclass, vector<DNSRecord>&ret)
  {
+  /* rfc6895 section 3.1 + RRSIG and NSEC3 */
+  static const std::set<uint16_t> metaTypes = { QType::AXFR, QType::IXFR, QType::RRSIG, QType::NSEC3, QType::OPT, QType::TSIG, QType::TKEY, QType::MAILA, QType::MAILB };
    vState state = Indeterminate;
    s_queries++;
    d_wasVariable=false;
@@ -127,8 +129,9 @@ int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qcl
      return 0;                          // so do check before updating counters (we do now)
    }
  
-  if( (qtype.getCode() == QType::AXFR) || (qtype.getCode() == QType::IXFR) || (qtype.getCode() == QType::RRSIG) || (qtype.getCode() == QType::NSEC3))
+  if (metaTypes.count(qtype.getCode())) {
      return -1;
+  }
  
    if(qclass==QClass::ANY)
      qclass=QClass::IN;
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Wed, 12 Sep 2018 14:12:46 +0000 (16:12 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Thu, 11 Oct 2018 09:48:39 +0000 (11:48 +0200)