From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Fri, 7 Jul 2017 15:13:26 +0000 (+0200)
Subject: dns64: improve with policy.FORWARD or .STUB
X-Git-Tag: v1.3.2~12^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0b748e0e4979a4204076fe057db71cda66cc1202;p=thirdparty%2Fknot-resolver.git

dns64: improve with policy.FORWARD or .STUB

Clearing the query flags lead to kresd iterating over authoritative
servers.  Related: https://gitlab.labs.nic.cz/knot/resolver/issues/217

Note that validation of synthesised AAAA behind a CNAME doesn't work
when policy.FORWARD + dns64.  Example: www.regiojet.cz.
policy.STUB + dns64 seems not to work at all.
---

diff --git a/modules/dns64/dns64.lua b/modules/dns64/dns64.lua
index e9c830b26..9777aeb72 100644
--- a/modules/dns64/dns64.lua
+++ b/modules/dns64/dns64.lua
@@ -53,8 +53,11 @@ mod.layer = {
 		else -- Observe AAAA NODATA responses
 			local is_nodata = (pkt:rcode() == kres.rcode.NOERROR) and (#answer == 0)
 			if pkt:qtype() == kres.type.AAAA and is_nodata and pkt:qname() == qry:name() and qry:final() then
-				local next = req:push(pkt:qname(), kres.type.A, kres.class.IN, 0, qry)
-				next.flags = bit.band(qry.flags, kres.query.DNSSEC_WANT) + kres.query.AWAIT_CUT + MARK_DNS64
+				local extraFlags = bit.bor(
+					bit.band(qry.flags, kres.query.DNSSEC_WANT),
+					bit.bor(MARK_DNS64, kres.query.AWAIT_CUT)
+					)
+				local next = req:push(pkt:qname(), kres.type.A, kres.class.IN, extraFlags, qry)
 			end
 		end
 		return state