- Fix EDNS extended RCODE reflection. This fixes that

  the server does not echo extended rcode values after class
  chaos queries. Thanks to Qifan Zhang, Palo Alto Networks
  for the report.

diff --git a/daemon/worker.c b/daemon/worker.c
index 0f762e34ab744015a8af9d0cc2ceb1e63eb715ae..a5dd9bc028e8290636ebdbd57ce11b47dd054429 100644 (file)
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -1009,6 +1009,7 @@ chaos_replystr(sldns_buffer* pkt, char** str, int num, struct edns_data* edns,
        size_t udpsize = edns->udp_size;
        edns->edns_version = EDNS_ADVERTISED_VERSION;
        edns->udp_size = EDNS_ADVERTISED_SIZE;
+       edns->ext_rcode = 0;
        edns->bits &= EDNS_DO;
        if(!inplace_cb_reply_local_call(&worker->env, NULL, NULL, NULL,
                LDNS_RCODE_NOERROR, edns, repinfo, worker->scratchpad,

diff --git a/doc/Changelog b/doc/Changelog
index 224ed79b899409a7de5a4d356d68a4c123c2ce45..430ccd9a6cf0b7030a24fb4163024864d707fcf1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -10,6 +10,10 @@
          In addition, thanks to Qifan Zhang, Palo Alto Networks, for
          noting the fingerprinting possibility, that is also fixed
          with this.
+       - Fix EDNS extended RCODE reflection. This fixes that
+         the server does not echo extended rcode values after class
+         chaos queries. Thanks to Qifan Zhang, Palo Alto Networks
+         for the report.
 
 20 April 2026: Wouter
        - Fix compile warnings for thread setname routine, and test compile.