git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 13 Dec 2024 14:45:31 +0000 (15:45 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 13 Dec 2024 14:45:31 +0000 (15:45 +0100)
commit	12af2075a86c11ee5441defbfe6695a609cb6eb4
tree	1db4dafec4042010a95cea9e7eebec99fafd4bc6	tree
parent	bd6d1ffa93a79490d29d962f2e9a0808db2e69e1	commit \| diff

dnsdist: Fix ECS zero-scope with incoming DoH queries

The zero-scope feature involves a first cache lookup before the ECS
information has been added to the query, then on a miss a second,
regular lookup is done. When we get a response from the backend that
contains an ECS scope set to 0, we can insert it into the cache in a
way that allows using it for all clients, but we must be careful to
use the key that was computed during the first lookup, and not the
second one.
Incoming DoH queries make that even more interesting because while
they are received over TCP, they are initially forwarded to the
backend over UDP but can be retried over TCP if a TC=1 answer is
received. In that case we must be very careful not to insert the
answer into the cache using the wrong protocol, as we don't want to
serve a TC=1 answer to a client contacting us over TCP, for example.
The computation of the cache key and protocol was unfortunately broken
for the incoming query received over DoH, forwarded over UDP and
response has a zero scope case. This commit fixes it.

pdns/dnsdistdist/dnsdist-idstate.hh		diff \| blob \| blame \| history
pdns/dnsdistdist/dnsdist.cc		diff \| blob \| blame \| history
regression-tests.dnsdist/test_Caching.py		diff \| blob \| blame \| history