rec: Refuse queries for all meta-types

author Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 9 Nov 2018 10:18:35 +0000 (11:18 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 9 Nov 2018 10:18:35 +0000 (11:18 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 9 Nov 2018 10:18:35 +0000 (11:18 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 9 Nov 2018 10:18:35 +0000 (11:18 +0100)
diff --git a/pdns/recursordist/test-syncres_cc.cc b/pdns/recursordist/test-syncres_cc.cc

index c6c8782b8e3ef2f93290a2f612ef2710d194e859..48cf7abd4f4afb94ab008c7b45b885914aa53e5f 100644 (file)
--- a/pdns/recursordist/test-syncres_cc.cc
+++ b/pdns/recursordist/test-syncres_cc.cc
@@ -665,6 +665,31 @@ BOOST_AUTO_TEST_CASE(test_edns_formerr_but_edns_enabled) {
    }
  }
  
+BOOST_AUTO_TEST_CASE(test_meta_types) {
+  std::unique_ptr<SyncRes> sr;
+  initSR(sr);
+
+  static const std::set<uint16_t> invalidTypes = { 128, QType::AXFR, QType::IXFR, QType::RRSIG, QType::NSEC3, QType::OPT, QType::TSIG, QType::TKEY, QType::MAILA, QType::MAILB, 65535 };
+
+  for (const auto qtype : invalidTypes) {
+    size_t queriesCount = 0;
+
+    sr->setAsyncCallback([&queriesCount](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcmask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chained) {
+
+      queriesCount++;
+      return 0;
+    });
+
+    primeHints();
+
+    vector<DNSRecord> ret;
+    int res = sr->beginResolve(DNSName("powerdns.com."), QType(qtype), QClass::IN, ret);
+    BOOST_CHECK_EQUAL(res, -1);
+    BOOST_CHECK_EQUAL(ret.size(), 0);
+    BOOST_CHECK_EQUAL(queriesCount, 0);
+  }
+}
+
  BOOST_AUTO_TEST_CASE(test_tc_fallback_to_tcp) {
    std::unique_ptr<SyncRes> sr;
    initSR(sr);
diff --git a/pdns/syncres.cc b/pdns/syncres.cc

index 84ae05c70296b24df4649b30e35c020d59fd2184..6c9fcbccf80b12b1b1cea583d369809bba8d8b9c 100644 (file)
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -119,8 +119,6 @@ SyncRes::SyncRes(const struct timeval& now) :  d_authzonequeries(0), d_outquerie
  /** everything begins here - this is the entry point just after receiving a packet */
  int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qclass, vector<DNSRecord>&ret)
  {
-  /* rfc6895 section 3.1 + RRSIG and NSEC3 */
-  static const std::set<uint16_t> metaTypes = { QType::AXFR, QType::IXFR, QType::RRSIG, QType::NSEC3, QType::OPT, QType::TSIG, QType::TKEY, QType::MAILA, QType::MAILB };
    vState state = Indeterminate;
    s_queries++;
    d_wasVariable=false;
@@ -131,7 +129,9 @@ int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qcl
      return 0;                          // so do check before updating counters (we do now)
    }
  
-  if (metaTypes.count(qtype.getCode())) {
+  auto qtypeCode = qtype.getCode();
+  /* rfc6895 section 3.1 */
+  if ((qtypeCode >= 128 && qtypeCode <= 254) || qtypeCode == QType::RRSIG || qtypeCode == QType::NSEC3 || qtypeCode == QType::OPT || qtypeCode == 65535) {
      return -1;
    }
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 9 Nov 2018 10:18:35 +0000 (11:18 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 9 Nov 2018 10:18:35 +0000 (11:18 +0100)
pdns/recursordist/test-syncres_cc.cc		patch \| blob \| history
pdns/syncres.cc		patch \| blob \| history