]> git.ipfire.org Git - thirdparty/knot-resolver.git/commitdiff
projects / thirdparty / knot-resolver.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a6689fc)
layer/iterate: work around broken auths that rewrite QNAME
authorMarek Vavruša <marek.vavrusa@nic.cz>
Sat, 27 Jun 2015 18:44:52 +0000 (20:44 +0200)
committerMarek Vavruša <marek.vavrusa@nic.cz>
Sat, 27 Jun 2015 18:44:52 +0000 (20:44 +0200)
lib/layer/iterate.c patch | blob | blame | history

diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index d7cdb289c4232264423ec6c1765d3bfa2add9c87..e9e7d14a9a62224b395657394075c3180c85340d 100644 (file)
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -448,7 +448,10 @@ static int resolve(knot_layer_t *ctx, knot_pkt_t *pkt)
                return resolve_badmsg(pkt, req, query);
        } else if (!is_paired_to_query(pkt, query)) {
                DEBUG_MSG("<= ignoring mismatching response\n");
-               return KNOT_STATE_CONSUME;
+               /* Force TCP, to work around authoritatives messing up question
+                * without yielding to spoofed responses. */
+               query->flags |= QUERY_TCP;
+               return resolve_badmsg(pkt, req, query);
        } else if (knot_wire_get_tc(pkt->wire)) {
                DEBUG_MSG("<= truncated response, failover to TCP\n");
                if (query) {
Mirror of https://gitlab.nic.cz/knot/knot-resolver.git