From 0d44343fc40e7710822b11f2e3f4ae9b1755df04 Mon Sep 17 00:00:00 2001 From: Remi Gacogne Date: Wed, 19 Oct 2022 13:30:07 +0200 Subject: [PATCH] dnsdist: Only IXFR queries can contain a SOA MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit So the "single SOA" response is only valid for IXFR, not AXFR. This is the second issue spotted by HÃ¥kan Lindqvist in this pull request, many, many thanks for that :) --- pdns/dnsdistdist/dnsdist-tcp-downstream.cc | 12 ++++++------ pdns/dnsdistdist/dnsdist-tcp.hh | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc index 0242841f7f..efe997f33d 100644 --- a/pdns/dnsdistdist/dnsdist-tcp-downstream.cc +++ b/pdns/dnsdistdist/dnsdist-tcp-downstream.cc @@ -171,7 +171,7 @@ static uint32_t getSerialFromRawSOAContent(const std::vector& raw) return ntohl(serial); } -static bool getSerialFromXFRQuery(TCPQuery& query) +static bool getSerialFromIXFRQuery(TCPQuery& query) { try { size_t proxyPayloadSize = query.d_proxyProtocolPayloadAdded ? query.d_proxyProtocolPayloadAddedSize : 0; @@ -193,12 +193,12 @@ static bool getSerialFromXFRQuery(TCPQuery& query) return false; } auto raw = unknownContent->getRawContent(); - query.d_xfrQuerySerial = getSerialFromRawSOAContent(raw); + query.d_ixfrQuerySerial = getSerialFromRawSOAContent(raw); return true; } } catch (const MOADNSException& e) { - DEBUGLOG("Exception when parsing TCPQuery to DNS: " << e.what()); + DEBUGLOG("Exception when parsing IXFR TCP Query to DNS: " << e.what()); /* ponder what to do here, shall we close the connection? */ } @@ -246,8 +246,8 @@ static void prepareQueryForSending(TCPQuery& query, uint16_t id, QueryState quer query.d_proxyProtocolPayloadAddedSize = 0; } } - if (query.d_idstate.qclass == QClass::IN && (query.d_idstate.qtype == QType::AXFR || query.d_idstate.qtype == QType::IXFR)) { - getSerialFromXFRQuery(query); + if (query.d_idstate.qclass == QClass::IN && query.d_idstate.qtype == QType::IXFR) { + getSerialFromIXFRQuery(query); } editPayloadID(query.d_buffer, id, query.d_proxyProtocolPayloadAdded ? query.d_proxyProtocolPayloadAddedSize : 0, true); @@ -803,7 +803,7 @@ bool TCPConnectionToBackend::isXFRFinished(const TCPResponse& response, TCPQuery if (query.d_xfrMasterSerial == 0) { // store the first SOA in our client's connection metadata query.d_xfrMasterSerial = serial; - if (query.d_xfrMasterSerial <= query.d_xfrQuerySerial) { + if (query.d_idstate.qtype == QType::IXFR && query.d_xfrMasterSerial <= query.d_ixfrQuerySerial) { /* This is the first message with a master SOA: RFC 1995 Section 2: If an IXFR query with the same or newer version number diff --git a/pdns/dnsdistdist/dnsdist-tcp.hh b/pdns/dnsdistdist/dnsdist-tcp.hh index d63a24d3bc..de2841c28a 100644 --- a/pdns/dnsdistdist/dnsdist-tcp.hh +++ b/pdns/dnsdistdist/dnsdist-tcp.hh @@ -98,7 +98,7 @@ struct InternalQuery std::string d_proxyProtocolPayload; PacketBuffer d_buffer; uint32_t d_proxyProtocolPayloadAddedSize{0}; - uint32_t d_xfrQuerySerial{0}; + uint32_t d_ixfrQuerySerial{0}; uint32_t d_xfrMasterSerial{0}; uint32_t d_xfrSerialCount{0}; uint32_t d_downstreamFailures{0}; -- 2.47.2