rec: do not treat qr=0 responses lenient

Signed-off-by: Otto Moerbeek <otto.moerbeek@open-xchange.com>

diff --git a/pdns/recursordist/lwres.cc b/pdns/recursordist/lwres.cc
index 2e53937a5a92d7c0ed17910decf4af510f52266c..a9a7a39b51fdf245c5a35b78c1a2612b5dfedc86 100644 (file)
--- a/pdns/recursordist/lwres.cc
+++ b/pdns/recursordist/lwres.cc
@@ -794,6 +794,15 @@ static LWResult::Result asyncresolve(const OptLog& log, const ComboAddress& addr
   try {
     lwr->d_tcbit = 0;
     MOADNSParser mdp(false, reinterpret_cast<const char*>(buf.data()), buf.size());
+
+    // RFC 1035 Section 4.1.1: QR must be 1 for responses
+    if (!mdp.d_header.qr) {
+      lwr->d_rcode = RCode::ServFail;
+      lwr->d_validpacket = false;
+      t_Counters.at(rec::Counter::serverParseError)++;
+      return LWResult::Result::PermanentError;
+    }
+
     lwr->d_aabit = mdp.d_header.aa;
     lwr->d_tcbit = mdp.d_header.tc;
     lwr->d_rcode = mdp.d_header.rcode;

diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc
index 0675a5601f56ee653d8054d6c7e7714b2cdebf8f..9582011449d8ccc603dff91e6605303f76d4209e 100644 (file)
--- a/pdns/recursordist/pdns_recursor.cc
+++ b/pdns/recursordist/pdns_recursor.cc
@@ -3020,8 +3020,13 @@ static void handleUDPServerResponse(int fileDesc, FDMultiplexer::funcparam_t& va
   pident->id = dnsheader.id;
   pident->fd = fileDesc;
 
-  if (!dnsheader.qr && g_logCommonErrors) {
-    g_slogout->info(Logr::Error, "Not taking data from question on outgoing socket", "from", Logging::Loggable(fromaddr));
+  if (!dnsheader.qr) {
+    // RFC 1035 Section 4.1.1: QR=0 means query, not response. Discard.
+    if (g_logCommonErrors) {
+      g_slogout->info(Logr::Error, "Not taking data from question on outgoing socket", "from", Logging::Loggable(fromaddr));
+    }
+    t_Counters.at(rec::Counter::unexpectedCount)++;
+    return;
   }
 
   if (dnsheader.qdcount == 0U || // UPC, Nominum, very old BIND on FormErr, NSD