From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 29 Sep 2020 10:40:31 +0000 (+0200)
Subject: dnsdist: Only add EDNS on negative answers if the query had EDNS
X-Git-Tag: auth-4.4.0-alpha2~64^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2f67e0d445a55e675278f02a68e5f453f9a1f015;p=thirdparty%2Fpdns.git

dnsdist: Only add EDNS on negative answers if the query had EDNS
---

diff --git a/pdns/dnsdist-ecs.cc b/pdns/dnsdist-ecs.cc
index 30659cd708..76f0129c20 100644
--- a/pdns/dnsdist-ecs.cc
+++ b/pdns/dnsdist-ecs.cc
@@ -947,7 +947,7 @@ bool setNegativeAndAdditionalSOA(DNSQuestion& dq, bool nxd, const DNSName& zone,
 
   dq.dh->arcount = htons(1);
 
-  if (g_addEDNSToSelfGeneratedResponses) {
+  if (hadEDNS) {
     /* now we need to add a new OPT record */
     return addEDNS(dq.dh, dq.len, dq.size, dnssecOK, g_PayloadSizeSelfGenAnswers, dq.ednsRCode);
   }
diff --git a/pdns/test-dnsdist_cc.cc b/pdns/test-dnsdist_cc.cc
index e32522433d..e24d35bc7d 100644
--- a/pdns/test-dnsdist_cc.cc
+++ b/pdns/test-dnsdist_cc.cc
@@ -1922,12 +1922,19 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) {
   DNSName name("www.powerdns.com.");
 
   vector<uint8_t> query;
+  vector<uint8_t> queryWithEDNS;
   DNSPacketWriter pw(query, name, QType::A, QClass::IN, 0);
   pw.getHeader()->rd = 1;
   const uint16_t len = query.size();
+  DNSPacketWriter pwEDNS(queryWithEDNS, name, QType::A, QClass::IN, 0);
+  pwEDNS.getHeader()->rd = 1;
+  pwEDNS.addOpt(1232, 0, 0);
+  pwEDNS.commit();
+  const uint16_t ednsLen = queryWithEDNS.size();
 
   /* test NXD */
   {
+    /* no incoming EDNS */
     char packet[1500];
     memcpy(packet, query.data(), query.size());
 
@@ -1941,6 +1948,32 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) {
     BOOST_CHECK(static_cast<size_t>(dq.len) > query.size());
     MOADNSParser mdp(true, packet, dq.len);
 
+    BOOST_CHECK_EQUAL(mdp.d_qname.toString(), "www.powerdns.com.");
+    BOOST_CHECK_EQUAL(mdp.d_header.rcode, RCode::NXDomain);
+    BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U);
+    BOOST_CHECK_EQUAL(mdp.d_header.ancount, 0U);
+    BOOST_CHECK_EQUAL(mdp.d_header.nscount, 0U);
+    BOOST_CHECK_EQUAL(mdp.d_header.arcount, 1U);
+    BOOST_REQUIRE_EQUAL(mdp.d_answers.size(), 1U);
+    BOOST_CHECK_EQUAL(mdp.d_answers.at(0).first.d_type, static_cast<uint16_t>(QType::SOA));
+    BOOST_CHECK_EQUAL(mdp.d_answers.at(0).first.d_class, QClass::IN);
+    BOOST_CHECK_EQUAL(mdp.d_answers.at(0).first.d_name, DNSName("zone."));
+  }
+  {
+    /* now with incoming EDNS */
+    char packet[1500];
+    memcpy(packet, queryWithEDNS.data(), queryWithEDNS.size());
+
+    unsigned int consumed = 0;
+    uint16_t qtype;
+    DNSName qname(packet, ednsLen, sizeof(dnsheader), false, &qtype, nullptr, &consumed);
+    auto dh = reinterpret_cast<dnsheader*>(packet);
+    DNSQuestion dq(&qname, qtype, QClass::IN, qname.wirelength(), &remote, &remote, dh, sizeof(packet), queryWithEDNS.size(), false, &queryTime);
+
+    BOOST_CHECK(setNegativeAndAdditionalSOA(dq, true, DNSName("zone."), 42, DNSName("mname."), DNSName("rname."), 1, 2, 3, 4 , 5));
+    BOOST_CHECK(static_cast<size_t>(dq.len) > queryWithEDNS.size());
+    MOADNSParser mdp(true, packet, dq.len);
+
     BOOST_CHECK_EQUAL(mdp.d_qname.toString(), "www.powerdns.com.");
     BOOST_CHECK_EQUAL(mdp.d_header.rcode, RCode::NXDomain);
     BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U);
@@ -1957,6 +1990,7 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) {
 
   /* test No Data */
   {
+    /* no incoming EDNS */
     char packet[1500];
     memcpy(packet, query.data(), query.size());
 
@@ -1970,6 +2004,32 @@ BOOST_AUTO_TEST_CASE(test_setNegativeAndAdditionalSOA) {
     BOOST_CHECK(static_cast<size_t>(dq.len) > query.size());
     MOADNSParser mdp(true, packet, dq.len);
 
+    BOOST_CHECK_EQUAL(mdp.d_qname.toString(), "www.powerdns.com.");
+    BOOST_CHECK_EQUAL(mdp.d_header.rcode, RCode::NoError);
+    BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U);
+    BOOST_CHECK_EQUAL(mdp.d_header.ancount, 0U);
+    BOOST_CHECK_EQUAL(mdp.d_header.nscount, 0U);
+    BOOST_CHECK_EQUAL(mdp.d_header.arcount, 1U);
+    BOOST_REQUIRE_EQUAL(mdp.d_answers.size(), 1U);
+    BOOST_CHECK_EQUAL(mdp.d_answers.at(0).first.d_type, static_cast<uint16_t>(QType::SOA));
+    BOOST_CHECK_EQUAL(mdp.d_answers.at(0).first.d_class, QClass::IN);
+    BOOST_CHECK_EQUAL(mdp.d_answers.at(0).first.d_name, DNSName("zone."));
+  }
+  {
+    /* now with incoming EDNS */
+    char packet[1500];
+    memcpy(packet, queryWithEDNS.data(), queryWithEDNS.size());
+
+    unsigned int consumed = 0;
+    uint16_t qtype;
+    DNSName qname(packet, ednsLen, sizeof(dnsheader), false, &qtype, nullptr, &consumed);
+    auto dh = reinterpret_cast<dnsheader*>(packet);
+    DNSQuestion dq(&qname, qtype, QClass::IN, qname.wirelength(), &remote, &remote, dh, sizeof(packet), queryWithEDNS.size(), false, &queryTime);
+
+    BOOST_CHECK(setNegativeAndAdditionalSOA(dq, false, DNSName("zone."), 42, DNSName("mname."), DNSName("rname."), 1, 2, 3, 4 , 5));
+    BOOST_CHECK(static_cast<size_t>(dq.len) > queryWithEDNS.size());
+    MOADNSParser mdp(true, packet, dq.len);
+
     BOOST_CHECK_EQUAL(mdp.d_qname.toString(), "www.powerdns.com.");
     BOOST_CHECK_EQUAL(mdp.d_header.rcode, RCode::NoError);
     BOOST_CHECK_EQUAL(mdp.d_header.qdcount, 1U);