git.ipfire.org Git - thirdparty/pdns.git/commit

author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 13 Dec 2024 14:45:31 +0000 (15:45 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Mon, 16 Dec 2024 15:20:27 +0000 (16:20 +0100)
commit	5092a99689637e106290fd4ae3f5b13fe897ce94
tree	6706e91d0a57171db8398fc467789db9032dd81e	tree
parent	df6510bbc3d2e758be81b26bbb226dfbddafb95b	commit \| diff

dnsdist: Fix ECS zero-scope with incoming DoH queries

The zero-scope feature involves a first cache lookup before the ECS
information has been added to the query, then on a miss a second,
regular lookup is done. When we get a response from the backend that
contains an ECS scope set to 0, we can insert it into the cache in a
way that allows using it for all clients, but we must be careful to
use the key that was computed during the first lookup, and not the
second one.
Incoming DoH queries make that even more interesting because while
they are received over TCP, they are initially forwarded to the
backend over UDP but can be retried over TCP if a TC=1 answer is
received. In that case we must be very careful not to insert the
answer into the cache using the wrong protocol, as we don't want to
serve a TC=1 answer to a client contacting us over TCP, for example.
The computation of the cache key and protocol was unfortunately broken
for the incoming query received over DoH, forwarded over UDP and
response has a zero scope case. This commit fixes it.

(cherry picked from commit 12af2075a86c11ee5441defbfe6695a609cb6eb4)

pdns/dnsdist-idstate.hh		diff \| blob \| blame \| history
pdns/dnsdist.cc		diff \| blob \| blame \| history
regression-tests.dnsdist/test_Caching.py		diff \| blob \| blame \| history