From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Wed, 3 Jun 2020 10:15:46 +0000 (+0200)
Subject: If a CNAME target is found in the cache, check if it's equal
X-Git-Tag: dnsdist-1.5.0-rc3~30^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58c526bd0f63d5d424b7a03867b51ace495989a8;p=thirdparty%2Fpdns.git

If a CNAME target is found in the cache, check if it's equal
to qname and ServFail if so.

Fixes the easy case of #9153. Longer chains with self-refs remain an issue.
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 3fde0ef257..347afa6ab1 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -852,6 +852,7 @@ int SyncRes::doResolveNoQNameMinimization(const DNSName &qname, const QType &qty
 
     if(!d_skipCNAMECheck && doCNAMECacheCheck(qname, qtype, ret, depth, res, state, wasAuthZone, wasForwardRecurse)) { // will reroute us if needed
       d_wasOutOfBand = wasAuthZone;
+      // Do not set *fromCache; res does not reflect the final result in all cases
       return res;
     }
 
@@ -1329,6 +1330,12 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
         newTarget = cnameContent->getTarget();
       }
 
+      if (qname == newTarget) {
+        LOG(prefix<<qname<<": Got a CNAME referral (from cache) to self, returning SERVFAIL"<<endl);
+        res = RCode::ServFail;
+        return true;
+      }
+
       set<GetBestNSAnswer>beenthere;
       vState cnameState = Indeterminate;
       res = doResolve(newTarget, qtype, ret, depth+1, beenthere, cnameState);