From: Vladimír Čunát <vladimir.cunat@nic.cz>
Date: Sun, 21 Dec 2025 12:10:20 +0000 (+0100)
Subject: cache packet_ttl(): fix wrong TTL in some cases, typically 32768
X-Git-Tag: v6.1.0~6^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d79953af426625904db366fd3c17cfd0e571d204;p=thirdparty%2Fknot-resolver.git

cache packet_ttl(): fix wrong TTL in some cases, typically 32768

A notable case is when authoritative server incorrectly sends
a reply without any record but with EDNS.

For the OPT, the TTL field contains extended-error, EDNS version,
DO bit and mandatorily zeroed bits.  As extended-error isn't usually
set by authoritative servers outside SERVFAIL, and EDNS version
is just 1 so far, we'd end up with TTL either 32768 (DO=0) or with
a value clamped by maximum TTL (86400 by default).
---

diff --git a/lib/cache/entry_pkt.c b/lib/cache/entry_pkt.c
index 228eabb78..094cb1f4a 100644
--- a/lib/cache/entry_pkt.c
+++ b/lib/cache/entry_pkt.c
@@ -24,6 +24,11 @@ uint32_t packet_ttl(const knot_pkt_t *pkt)
 		const knot_pktsection_t *sec = knot_pkt_section(pkt, i);
 		for (unsigned k = 0; k < sec->count; ++k) {
 			const knot_rrset_t *rr = knot_pkt_rr(sec, k);
+			if (rr->type == KNOT_RRTYPE_OPT) {
+				// Various nonsensical RRs might happen,
+				// but for OPT the TTL means something different.
+				continue;
+			}
 			ttl = MIN(ttl, rr->ttl);
 			has_ttl = true;
 		}