From: Remi Gacogne Date: Tue, 10 Nov 2020 17:05:15 +0000 (+0100) Subject: rec-4.3.x: Avoid a CNAME loop detection issue with DNS64 X-Git-Tag: rec-4.3.6~3^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F9702%2Fhead;p=thirdparty%2Fpdns.git rec-4.3.x: Avoid a CNAME loop detection issue with DNS64 When the requested qname is a CNAME to a second CNAME, the CNAME loop detection might get incorrectly triggered because the CNAMEs were already present in the vector of result records. --- diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc index 36239b0e14..f5f4351917 100644 --- a/pdns/lua-recursor4.cc +++ b/pdns/lua-recursor4.cc @@ -36,7 +36,16 @@ RecursorLua4::RecursorLua4() { prepareContext(); } static int getFakeAAAARecords(const DNSName& qname, const std::string& prefix, vector& ret) { - int rcode=directResolve(qname, QType(QType::A), 1, ret); + /* we pass a separate vector of records because we will be resolving the initial qname + again, possibly encountering the same CNAME(s), and we don't want to trigger the CNAME + loop detection. */ + std::vector newRecords; + int rcode=directResolve(qname, QType(QType::A), 1, newRecords); + + ret.reserve(ret.size() + newRecords.size()); + for (auto& record : newRecords) { + ret.push_back(std::move(record)); + } ComboAddress prefixAddress(prefix);