From bba277add4c6e7e2f2b164b63a4e538ad080a955 Mon Sep 17 00:00:00 2001
From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 10 Nov 2020 18:05:15 +0100
Subject: [PATCH] rec-4.3.x: Avoid a CNAME loop detection issue with DNS64

When the requested qname is a CNAME to a second CNAME, the CNAME
loop detection might get incorrectly triggered because the CNAMEs
were already present in the vector of result records.
---
 pdns/lua-recursor4.cc | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc
index 36239b0e14..f5f4351917 100644
--- a/pdns/lua-recursor4.cc
+++ b/pdns/lua-recursor4.cc
@@ -36,7 +36,16 @@ RecursorLua4::RecursorLua4() { prepareContext(); }
 
 static int getFakeAAAARecords(const DNSName& qname, const std::string& prefix, vector<DNSRecord>& ret)
 {
-  int rcode=directResolve(qname, QType(QType::A), 1, ret);
+  /* we pass a separate vector of records because we will be resolving the initial qname
+     again, possibly encountering the same CNAME(s), and we don't want to trigger the CNAME
+     loop detection. */
+  std::vector<DNSRecord> newRecords;
+  int rcode=directResolve(qname, QType(QType::A), 1, newRecords);
+
+  ret.reserve(ret.size() + newRecords.size());
+  for (auto& record : newRecords) {
+    ret.push_back(std::move(record));
+  }
 
   ComboAddress prefixAddress(prefix);
 
-- 
2.47.2