From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 1 Dec 2020 09:52:37 +0000 (+0100)
Subject: rec: Do not chase CNAME during qname minization step 4
X-Git-Tag: rec-4.3.7~3^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F9804%2Fhead;p=thirdparty%2Fpdns.git

rec: Do not chase CNAME during qname minization step 4

(cherry picked from commit 7373cea835239f1b18a72000821bb17b516d954b)
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index e2143290b8..de468a4739 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -726,9 +726,12 @@ int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector<DNSRecor
 
       // Step 6
       QLOG("Step4 Resolve A for child");
+      bool oldFollowCNAME = d_followCNAME;
+      d_followCNAME = false;
       retq.resize(0);
       StopAtDelegation stopAtDelegation = Stop;
       res = doResolveNoQNameMinimization(child, QType::A, retq, depth, beenthere, state, NULL, &stopAtDelegation);
+      d_followCNAME = oldFollowCNAME;
       QLOG("Step4 Resolve A result is " << RCode::to_s(res) << "/" << retq.size() << "/" << stopAtDelegation);
       if (stopAtDelegation == Stopped) {
         QLOG("Delegation seen, continue at step 1");
@@ -923,9 +926,11 @@ vector<ComboAddress> SyncRes::getAddrs(const DNSName &qname, unsigned int depth,
   bool oldCacheOnly = setCacheOnly(cacheOnly);
   bool oldRequireAuthData = d_requireAuthData;
   bool oldValidationRequested = d_DNSSECValidationRequested;
+  bool oldFollowCNAME = d_followCNAME;
   const unsigned int startqueries = d_outqueries;
   d_requireAuthData = false;
   d_DNSSECValidationRequested = false;
+  d_followCNAME = true;
 
   try {
     vState newState = Indeterminate;
@@ -981,6 +986,7 @@ vector<ComboAddress> SyncRes::getAddrs(const DNSName &qname, unsigned int depth,
   d_requireAuthData = oldRequireAuthData;
   d_DNSSECValidationRequested = oldValidationRequested;
   setCacheOnly(oldCacheOnly);
+  d_followCNAME = oldFollowCNAME;
 
   /* we need to remove from the nsSpeeds collection the existing IPs
      for this nameserver that are no longer in the set, even if there
@@ -1301,7 +1307,7 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
       DNSName newTarget;
       if (foundQT == QType::DNAME) {
         if (qtype == QType::DNAME && qname == foundName) { // client wanted the DNAME, no need to synthesize a CNAME
-          res = 0;
+          res = RCode::NoError;
           return true;
         }
         // Synthesize a CNAME
@@ -1330,7 +1336,12 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
       }
 
       if(qtype == QType::CNAME) { // perhaps they really wanted a CNAME!
-        res = 0;
+        res = RCode::NoError;
+        return true;
+      }
+
+      if (qtype == QType::DS || qtype == QType::DNSKEY) {
+        res = RCode::NoError;
         return true;
       }
 
@@ -1357,6 +1368,11 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector
         setQNameMinimization(false);
       }
 
+      if (!d_followCNAME) {
+        res = RCode::NoError;
+        return true;
+      }
+
       // Check to see if we already have seen the new target as a previous target
       if (scanForCNAMELoop(newTarget, ret)) {
         string msg = "got a CNAME referral (from cache) that causes a loop";
@@ -3454,6 +3470,11 @@ bool SyncRes::processAnswer(unsigned int depth, LWResult& lwr, const DNSName& qn
       return true;
     }
 
+    if (!d_followCNAME) {
+      *rcode = RCode::NoError;
+      return true;
+    }
+
     // Check to see if we already have seen the new target as a previous target
     if (scanForCNAMELoop(newtarget, ret)) {
       LOG(prefix<<qname<<": status=got a CNAME referral that causes a loop, returning SERVFAIL"<<endl);
diff --git a/pdns/syncres.hh b/pdns/syncres.hh
index 04dfe7eeda..e970753a9b 100644
--- a/pdns/syncres.hh
+++ b/pdns/syncres.hh
@@ -904,6 +904,7 @@ private:
   bool d_wasOutOfBand{false};
   bool d_wasVariable{false};
   bool d_qNameMinimization{false};
+  bool d_followCNAME{true};
 
   LogMode d_lm;
 };