From: Remi Gacogne Date: Tue, 27 May 2025 14:23:39 +0000 (+0200) Subject: dnsdist: Do not replace EDNS in answers self-generated from a packet X-Git-Tag: dnsdist-2.0.0-beta1~23^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07b66aead5dda1accd299941d3ab233db0750924;p=thirdparty%2Fpdns.git dnsdist: Do not replace EDNS in answers self-generated from a packet While it makes sense to add/remove EDNS when the answer was generated from the query itself, we should not be doing that when it has been generated from a whole DNS packet, as it probably contains exactly what the user intended it to. Signed-off-by: Remi Gacogne --- diff --git a/pdns/dnsdistdist/dnsdist-self-answers.cc b/pdns/dnsdistdist/dnsdist-self-answers.cc index dd0ff0b119..4e0b66084e 100644 --- a/pdns/dnsdistdist/dnsdist-self-answers.cc +++ b/pdns/dnsdistdist/dnsdist-self-answers.cc @@ -233,6 +233,7 @@ bool generateAnswerFromRawPacket(DNSQuestion& dnsQuestion, const PacketBuffer& p { auto questionId = dnsQuestion.getHeader()->id; dnsQuestion.getMutableData() = packet; + dnsQuestion.d_selfGeneratedFromPacket = true; dnsdist::PacketMangling::editDNSHeaderFromPacket(dnsQuestion.getMutableData(), [questionId](dnsheader& header) { header.id = questionId; return true; diff --git a/pdns/dnsdistdist/dnsdist.cc b/pdns/dnsdistdist/dnsdist.cc index 4c9d596724..b96617e0a5 100644 --- a/pdns/dnsdistdist/dnsdist.cc +++ b/pdns/dnsdistdist/dnsdist.cc @@ -326,6 +326,9 @@ static bool fixUpQueryTurnedResponse(DNSQuestion& dnsQuestion, const uint16_t or return true; }); + if (dnsQuestion.d_selfGeneratedFromPacket) { + return true; + } return addEDNSToQueryTurnedResponse(dnsQuestion); } diff --git a/pdns/dnsdistdist/dnsdist.hh b/pdns/dnsdistdist/dnsdist.hh index 6624e86a45..06b32ade6f 100644 --- a/pdns/dnsdistdist/dnsdist.hh +++ b/pdns/dnsdistdist/dnsdist.hh @@ -184,6 +184,7 @@ public: bool ecsOverride; bool useECS{true}; bool asynchronous{false}; + bool d_selfGeneratedFromPacket{false}; }; struct DownstreamState;