dnsdist: store clear flag in EDNS EDE

author Ensar Sarajčić <dev@ensarsarajcic.com>

Mon, 29 Dec 2025 10:45:36 +0000 (11:45 +0100)

committer Ensar Sarajčić <dev@ensarsarajcic.com>

Mon, 29 Dec 2025 10:47:54 +0000 (11:47 +0100)
author Ensar Sarajčić <dev@ensarsarajcic.com>
Mon, 29 Dec 2025 10:45:36 +0000 (11:45 +0100)
committer Ensar Sarajčić <dev@ensarsarajcic.com>
Mon, 29 Dec 2025 10:47:54 +0000 (11:47 +0100)
diff --git a/pdns/dnsdistdist/dnsdist-actions-factory.cc b/pdns/dnsdistdist/dnsdist-actions-factory.cc

index 47f5d1729f11a57e616bb32c344173f8c0b3b9ca..4a7b02f99ff92862a131bfde79a1d9c132a4ab5e 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-actions-factory.cc
+++ b/pdns/dnsdistdist/dnsdist-actions-factory.cc
@@ -2393,17 +2393,17 @@ class SetExtendedDNSErrorAction : public DNSAction
  {
  public:
    // this action does not stop the processing
-  SetExtendedDNSErrorAction(uint16_t infoCode, const std::string& extraText, bool clearExistingEntries) :
-    d_clearExistingEntries(clearExistingEntries)
+  SetExtendedDNSErrorAction(uint16_t infoCode, const std::string& extraText, bool clearExistingEntries)
    {
      d_ede.infoCode = infoCode;
      d_ede.extraText = extraText;
+    d_ede.clearExisting = clearExistingEntries;
    }
  
    DNSAction::Action operator()(DNSQuestion* dnsQuestion, std::string* ruleresult) const override
    {
      (void)ruleresult;
-    if (d_clearExistingEntries) {
+    if (d_ede.clearExisting) {
        dnsQuestion->ids.d_extendedErrors = std::make_unique<std::vector<EDNSExtendedError>>(std::initializer_list<EDNSExtendedError>({d_ede}));
      }
      else {
@@ -2425,24 +2425,23 @@ public:
  
  private:
    EDNSExtendedError d_ede;
-  bool d_clearExistingEntries;
  };
  
  class SetExtendedDNSErrorResponseAction : public DNSResponseAction
  {
  public:
    // this action does not stop the processing
-  SetExtendedDNSErrorResponseAction(uint16_t infoCode, const std::string& extraText, bool clearExistingEntries) :
-    d_clearExistingEntries(clearExistingEntries)
+  SetExtendedDNSErrorResponseAction(uint16_t infoCode, const std::string& extraText, bool clearExistingEntries)
    {
      d_ede.infoCode = infoCode;
      d_ede.extraText = extraText;
+    d_ede.clearExisting = clearExistingEntries;
    }
  
    DNSResponseAction::Action operator()(DNSResponse* dnsResponse, std::string* ruleresult) const override
    {
      (void)ruleresult;
-    if (d_clearExistingEntries) {
+    if (d_ede.clearExisting) {
        dnsResponse->ids.d_extendedErrors = std::make_unique<std::vector<EDNSExtendedError>>(std::initializer_list<EDNSExtendedError>({d_ede}));
      }
      else {
@@ -2464,7 +2463,6 @@ public:
  
  private:
    EDNSExtendedError d_ede;
-  bool d_clearExistingEntries;
  };
  
  class LimitTTLResponseAction : public DNSResponseAction, public boost::noncopyable
diff --git a/pdns/dnsdistdist/dnsdist-edns.cc b/pdns/dnsdistdist/dnsdist-edns.cc

index 953b934857afdcc1d695a756990b1f01893772f6..807c08468b7bf3525ef3b2bb3c37ef1df22f4987 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-edns.cc
+++ b/pdns/dnsdistdist/dnsdist-edns.cc
@@ -57,7 +57,7 @@ std::pair<std::optional<uint16_t>, std::optional<std::string>> getExtendedDNSErr
    return {infoCode, std::move(extraText)};
  }
  
-bool addExtendedDNSError(PacketBuffer& packet, size_t maximumPacketSize, uint16_t code, const std::string& extraStatus)
+bool addExtendedDNSError(PacketBuffer& packet, size_t maximumPacketSize, uint16_t code, const std::string& extraStatus, bool clearExisting)
  {
    uint16_t optStart = 0;
    size_t optLen = 0;
@@ -80,7 +80,7 @@ bool addExtendedDNSError(PacketBuffer& packet, size_t maximumPacketSize, uint16_
    PacketBuffer newContent;
    bool ednsAdded = false;
    bool edeAdded = false;
-  if (!slowRewriteEDNSOptionInQueryWithRecords(packet, newContent, ednsAdded, EDNSOptionCode::EXTENDEDERROR, edeAdded, false, true, edeOption)) {
+  if (!slowRewriteEDNSOptionInQueryWithRecords(packet, newContent, ednsAdded, EDNSOptionCode::EXTENDEDERROR, edeAdded, clearExisting, !clearExisting, edeOption)) {
      return false;
    }
  
diff --git a/pdns/dnsdistdist/dnsdist-edns.hh b/pdns/dnsdistdist/dnsdist-edns.hh

index 8e60e5b049dc1162465fbe1e20e355628ec74045..1fdb9b5adc772cc4fb01b5a3ff11270e3afabbdb 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-edns.hh
+++ b/pdns/dnsdistdist/dnsdist-edns.hh
@@ -30,5 +30,5 @@
  namespace dnsdist::edns
  {
  std::pair<std::optional<uint16_t>, std::optional<std::string>> getExtendedDNSError(const PacketBuffer& packet);
-bool addExtendedDNSError(PacketBuffer& packet, size_t maximumPacketSize, uint16_t code, const std::string& extraStatus);
+bool addExtendedDNSError(PacketBuffer& packet, size_t maximumPacketSize, uint16_t code, const std::string& extraStatus, bool clearExisting);
  }
diff --git a/pdns/dnsdistdist/dnsdist-tcp.cc b/pdns/dnsdistdist/dnsdist-tcp.cc

index 383f5570fb209c47e9ea1c47a34db42d6bd3365e..b65fe109abf5351083722455617c82e391d721be 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-tcp.cc
+++ b/pdns/dnsdistdist/dnsdist-tcp.cc
@@ -1396,7 +1396,7 @@ static bool processXFRResponse(DNSResponse& dnsResponse)
  
    if (dnsResponse.ids.d_extendedErrors) {
      for (auto ede : *dnsResponse.ids.d_extendedErrors) {
-      dnsdist::edns::addExtendedDNSError(dnsResponse.getMutableData(), dnsResponse.getMaximumSize(), ede.infoCode, ede.extraText);
+      dnsdist::edns::addExtendedDNSError(dnsResponse.getMutableData(), dnsResponse.getMaximumSize(), ede.infoCode, ede.extraText, ede.clearExisting);
      }
    }
  
diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc

index e04cf69ad5feb33562148d0c966f6073a18ba41c..602bcaf4ce77b732fb6ee15d20fb6b117bce3d38 100644 (file)
--- a/pdns/dnsdistdist/dnsdist.cc
+++ b/pdns/dnsdistdist/dnsdist.cc
@@ -567,7 +567,7 @@ bool processResponseAfterRules(PacketBuffer& response, DNSResponse& dnsResponse,
  
    if (dnsResponse.ids.d_extendedErrors) {
      for (auto ede : *dnsResponse.ids.d_extendedErrors) {
-      dnsdist::edns::addExtendedDNSError(dnsResponse.getMutableData(), dnsResponse.getMaximumSize(), ede.infoCode, ede.extraText);
+      dnsdist::edns::addExtendedDNSError(dnsResponse.getMutableData(), dnsResponse.getMaximumSize(), ede.infoCode, ede.extraText, ede.clearExisting);
      }
    }
  
@@ -1407,7 +1407,7 @@ static bool prepareOutgoingResponse([[maybe_unused]] const ClientState& clientSt
  
    if (dnsResponse.ids.d_extendedErrors) {
      for (auto ede : *dnsResponse.ids.d_extendedErrors) {
-      dnsdist::edns::addExtendedDNSError(dnsResponse.getMutableData(), dnsResponse.getMaximumSize(), ede.infoCode, ede.extraText);
+      dnsdist::edns::addExtendedDNSError(dnsResponse.getMutableData(), dnsResponse.getMaximumSize(), ede.infoCode, ede.extraText, ede.clearExisting);
      }
    }
  
diff --git a/pdns/ednsextendederror.hh b/pdns/ednsextendederror.hh

index 7c067a0f52100dbca0dde1716ba308982c258ee5..216c9733e789e0a789d91f9672f760b897be6339 100644 (file)
--- a/pdns/ednsextendederror.hh
+++ b/pdns/ednsextendederror.hh
@@ -61,6 +61,7 @@ struct EDNSExtendedError
    };
    uint16_t infoCode;
    std::string extraText;
+  bool clearExisting = true;
  };
  
  bool getEDNSExtendedErrorOptFromString(const char* option, unsigned int len, EDNSExtendedError& eee);
author	Ensar Sarajčić <dev@ensarsarajcic.com>
	Mon, 29 Dec 2025 10:45:36 +0000 (11:45 +0100)
committer	Ensar Sarajčić <dev@ensarsarajcic.com>
	Mon, 29 Dec 2025 10:47:54 +0000 (11:47 +0100)
pdns/dnsdistdist/dnsdist-actions-factory.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-edns.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-edns.hh		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist-tcp.cc		patch \| blob \| blame \| history
pdns/dnsdistdist/dnsdist.cc		patch \| blob \| blame \| history
pdns/ednsextendederror.hh		patch \| blob \| blame \| history