Under some circumstances, PowerDNS would cache an empty response

to a recursive request from an IP address not allowed to benefit
from this service. This cached response could then be displayed, for a
few seconds, to clients that ARE alowed recursion.

Thanks to Wilco Baan Hofman for noticing this problem, which could
black out a domain for a short time, but not deny its existence.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@322 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/pdns/dnsproxy.cc b/pdns/dnsproxy.cc
index a18ee1543071aa2d684ae378e606f4504431ca51..2c9a622845e3b9477670686968be41d281a5b345 100644 (file)
--- a/pdns/dnsproxy.cc
+++ b/pdns/dnsproxy.cc
@@ -189,11 +189,11 @@ void DNSProxy::mainloop(void)
        memcpy(buffer,&d,sizeof(d));  // commit spoofed id
 
        sendto(i->second.outsock,buffer,len,0,(struct sockaddr*)&i->second.remote,i->second.addrlen);
-
+       
        DNSPacket p,q;
        p.parse(buffer,len);
        q.parse(buffer,len);
-
+       
        PC.insert(&q, &p);
        i->second.created=0;
       }

diff --git a/pdns/packetcache.cc b/pdns/packetcache.cc
index 22b39a49340a8001c756a4b8ef464c01cf24f216..e912d89f2ba5726c75df0fca00937b0306e77cf2 100644 (file)
--- a/pdns/packetcache.cc
+++ b/pdns/packetcache.cc
@@ -1,11 +1,10 @@
 /*
     PowerDNS Versatile Database Driven Nameserver
-    Copyright (C) 2002  PowerDNS.COM BV
+    Copyright (C) 2005  PowerDNS.COM BV
 
     This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
+    it under the terms of the GNU General Public License version 2 as 
+    published by the Free Software Foundation
 
     This program is distributed in the hope that it will be useful,
     but WITHOUT ANY WARRANTY; without even the implied warranty of
@@ -16,7 +15,7 @@
     along with this program; if not, write to the Free Software
     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
-#include "utility.hh"\r
+#include "utility.hh"
 #include "packetcache.hh"
 #include "logger.hh"
 #include "arguments.hh"

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index ad9bb2598fe4c3392d800d6e4a855fb5a5d07e4d..c315080cafe5466a4879671de17de1a8932f4841 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -154,7 +154,7 @@ int PacketHandler::doDNSCheckRequest(DNSPacket *p, DNSPacket *r, string &target)
   DNSResourceRecord rr;
 
   if (p->qclass == 3 && p->qtype.getName() == "HINFO") {
-    rr.content = "PowerDNS $Id: packethandler.cc,v 1.27 2005/01/11 19:41:11 ahu Exp $";
+    rr.content = "PowerDNS $Id$";
     rr.ttl = 5;
     rr.qname=target;
     rr.qtype=13; // hinfo
@@ -174,7 +174,7 @@ int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target)
   const string mode=arg()["version-string"];
   if(p->qtype.getCode()==QType::TXT && target=="version.bind") {// TXT
     if(mode.empty() || mode=="full") 
-      rr.content="Served by POWERDNS "VERSION" $Id: packethandler.cc,v 1.27 2005/01/11 19:41:11 ahu Exp $";
+      rr.content="Served by POWERDNS "VERSION" $Id$";
     else if(mode=="anonymous") {
       r->setRcode(RCode::ServFail);
       return 1;
@@ -558,7 +558,8 @@ DNSPacket *PacketHandler::question(DNSPacket *p)
     bool found=false;
     
     string target=p->qdomain;
-    
+    bool noCache=false;
+
     if (doDNSCheckRequest(p, r, target))
       goto sendit;
     
@@ -667,11 +668,15 @@ DNSPacket *PacketHandler::question(DNSPacket *p)
     else
       weAuth=false;
 
-    if(p->d.rd && d_doRecursion && !weAuth && DP->sendPacket(p)) {
-      delete r;
-      return 0;
-    }
 
+    if(p->d.rd && d_doRecursion && !weAuth) {
+      if(DP->sendPacket(p)) {
+       delete r;
+       return 0;
+      }
+      else noCache=true;
+    }
+    
     string::size_type pos;
     
     DLOG(L<<"Nothing found so far for '"<<target<<"', do we even have authority over this domain?"<<endl);
@@ -779,16 +784,12 @@ DNSPacket *PacketHandler::question(DNSPacket *p)
     // whatever we've built so far, do additional processing
     
   sendit:;
-
     if(doAdditionalProcessingAndDropAA(p,r)<0)
       return 0;
     
-
-    
-    
-
     r->wrapup(); // needed for inserting in cache
-    PC.insert(p,r); // in the packet cache
+    if(!noCache)
+      PC.insert(p,r); // in the packet cache
   }
   catch(DBException &e) {
     L<<Logger::Error<<"Database module reported condition which prevented lookup - sending out servfail"<<endl;