From e0386c2225c730191dab7f971eb3a46828ed8e7b Mon Sep 17 00:00:00 2001
From: Otto Moerbeek <otto.moerbeek@open-xchange.com>
Date: Mon, 12 Oct 2020 10:11:21 +0200
Subject: [PATCH] Backport of CVE-2020-25829 (any-cache-update) to 4.2.x

---
 pdns/syncres.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 50e0dc9620..59e21e2763 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -952,6 +952,11 @@ DNSName SyncRes::getBestNSNamesFromCache(const DNSName &qname, const QType& qtyp
 
 void SyncRes::updateValidationStatusInCache(const DNSName &qname, const QType& qt, bool aa, vState newState) const
 {
+  if (qt == QType::ANY || qt == QType::ADDR) {
+    // not doing that
+    return;
+  }
+
   if (newState == Bogus) {
     t_RC->updateValidationStatus(d_now.tv_sec, qname, qt, d_cacheRemote, aa, newState, s_maxbogusttl + d_now.tv_sec);
   }
-- 
2.47.2