If a CNAME target is found in the cache, check if it's equal

to qname and ServFail if so.

Fixes the easy case of #9153. Longer chains with self-refs remain an issue.

(cherry picked from commit 58c526bd0f63d5d424b7a03867b51ace495989a8)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 3a27b2ace3999d099bcb86016f40170a7f0dccca..adbdb72bc01f62dcf19c45b67a4e0c367d673312 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -846,6 +846,7 @@ int SyncRes::doResolveNoQNameMinimization(const DNSName &qname, const QType &qty
 
     if(!d_skipCNAMECheck && doCNAMECacheCheck(qname, qtype, ret, depth, res, state, wasAuthZone, wasForwardRecurse)) { // will reroute us if needed
       d_wasOutOfBand = wasAuthZone;
+      // Do not set *fromCache; res does not reflect the final result in all cases
       return res;
     }
 
@@ -1323,6 +1324,12 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
         newTarget = cnameContent->getTarget();
       }
 
+      if (qname == newTarget) {
+        LOG(prefix<<qname<<": Got a CNAME referral (from cache) to self, returning SERVFAIL"<<endl);
+        res = RCode::ServFail;
+        return true;
+      }
+
       set<GetBestNSAnswer>beenthere;
       vState cnameState = Indeterminate;
       res = doResolve(newTarget, qtype, ret, depth+1, beenthere, cnameState);