From: Ondřej Surý <ondrej@isc.org>
Date: Mon, 17 Mar 2025 15:31:14 +0000 (+0100)
Subject: Remove a kludge to process non-authoritative CNAME response
X-Git-Tag: v9.21.7~48^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d9f58b7457213bac3508fcb41f528c26c5d53b4;p=thirdparty%2Fbind9.git

Remove a kludge to process non-authoritative CNAME response

A BIND 8 server could return a non-authoritative answer when a CNAME is
followed.  This is no longer handled as a valid answer.
---

diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
index 25e7b3baadc..d3c860e9113 100644
--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -7411,15 +7411,6 @@ log_nsid(isc_buffer_t *opt, size_t nsid_len, resquery_t *query, int level,
 	isc_mem_put(mctx, buf, buflen);
 }
 
-static bool
-iscname(dns_message_t *message, dns_name_t *name) {
-	isc_result_t result;
-
-	result = dns_message_findname(message, DNS_SECTION_ANSWER, name,
-				      dns_rdatatype_cname, 0, NULL, NULL);
-	return result == ISC_R_SUCCESS ? true : false;
-}
-
 static bool
 betterreferral(respctx_t *rctx) {
 	isc_result_t result;
@@ -8341,20 +8332,6 @@ rctx_answer(respctx_t *rctx) {
 		if (result != ISC_R_SUCCESS) {
 			FCTXTRACE3("rctx_answer_positive (AA/fwd)", result);
 		}
-	} else if (iscname(query->rmessage, fctx->name) &&
-		   fctx->type != dns_rdatatype_any &&
-		   fctx->type != dns_rdatatype_cname)
-	{
-		/*
-		 * A BIND8 server could return a non-authoritative
-		 * answer when a CNAME is followed.  We should treat
-		 * it as a valid answer.
-		 */
-		result = rctx_answer_positive(rctx);
-		if (result != ISC_R_SUCCESS) {
-			FCTXTRACE3("rctx_answer_positive (!ANY/!CNAME)",
-				   result);
-		}
 	} else if (fctx->type != dns_rdatatype_ns && !betterreferral(rctx)) {
 		result = rctx_answer_positive(rctx);
 		if (result != ISC_R_SUCCESS) {