From bd7bfa21c4500fca8b18bc7f68890bf51cd737e3 Mon Sep 17 00:00:00 2001 From: swigger Date: Mon, 1 Jun 2015 20:54:59 +0100 Subject: [PATCH] Correctly sanitise DNS header bits in answer when recreating query for retry. --- src/dns-protocol.h | 14 +++++++------- src/forward.c | 3 ++- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/src/dns-protocol.h b/src/dns-protocol.h index 4b71746..6cf5158 100644 --- a/src/dns-protocol.h +++ b/src/dns-protocol.h @@ -84,15 +84,15 @@ struct dns_header { u16 qdcount,ancount,nscount,arcount; }; -#define HB3_QR 0x80 +#define HB3_QR 0x80 /* Query */ #define HB3_OPCODE 0x78 -#define HB3_AA 0x04 -#define HB3_TC 0x02 -#define HB3_RD 0x01 +#define HB3_AA 0x04 /* Authoritative Answer */ +#define HB3_TC 0x02 /* TrunCated */ +#define HB3_RD 0x01 /* Recursion Desired */ -#define HB4_RA 0x80 -#define HB4_AD 0x20 -#define HB4_CD 0x10 +#define HB4_RA 0x80 /* Recursion Available */ +#define HB4_AD 0x20 /* Authenticated Data */ +#define HB4_CD 0x10 /* Checking Disabled */ #define HB4_RCODE 0x0f #define OPCODE(x) (((x)->hb3 & HB3_OPCODE) >> 3) diff --git a/src/forward.c b/src/forward.c index 74e5ab6..8c3e71c 100644 --- a/src/forward.c +++ b/src/forward.c @@ -769,7 +769,8 @@ void reply_query(int fd, int family, time_t now) header->arcount = htons(0); if ((nn = resize_packet(header, (size_t)n, pheader, plen))) { - header->hb3 &= ~(HB3_QR | HB3_TC); + header->hb3 &= ~(HB3_QR | HB3_AA | HB3_TC); + header->hb4 &= ~(HB4_RA | HB4_RCODE); forward_query(-1, NULL, NULL, 0, header, nn, now, forward, 0, 0); return; } -- 2.47.3