auth: do not use the remote port for SOA and NS queries in trySuperMaster()

and some cleanup

diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh
index e09e993068edae7ed0fc395af7a045e728c2bb3d..2ff9d146242f0526e7589c97e808109cdf204e2d 100644 (file)
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -90,8 +90,7 @@ struct DomainInfo
   const bool isMaster(const ComboAddress& ip)
   {
     for( const auto& master: masters) {
-      const ComboAddress caMaster(master);
-      if(ComboAddress::addressOnlyEqual()(ip, caMaster))
+      if(ComboAddress::addressOnlyEqual()(ip, master))
         return true;
     }
     return false;

diff --git a/pdns/iputils.hh b/pdns/iputils.hh
index 6b265aca02174075bb279c8d1739138beddb740a..aae4902a1062734b69880c6c53a95d19a165a4e0 100644 (file)
--- a/pdns/iputils.hh
+++ b/pdns/iputils.hh
@@ -302,6 +302,13 @@ union ComboAddress {
     return ntohs(sin4.sin_port);
   }
 
+  ComboAddress setPort(uint16_t port) const
+  {
+    ComboAddress ret(*this);
+    ret.sin4.sin_port=htons(port);
+    return ret;
+  }
+
 };
 
 /** This exception is thrown by the Netmask class and by extension by the NetmaskGroup class */

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index d82744983c0bee6c32118eb58fd919257ddc6a06..b63f32c77db6d0ac10ef472453ca007054bffa27 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -731,7 +731,7 @@ int PacketHandler::trySuperMaster(DNSPacket *p, const DNSName& tsigkeyname)
 
 int PacketHandler::trySuperMasterSynchronous(const DNSPacket *p, const DNSName& tsigkeyname)
 {
-  ComboAddress remote = p->getRemote();
+  ComboAddress remote = p->getRemote().setPort(53);
   if(p->hasEDNSSubnet() && ::arg().contains("trusted-notification-proxy", remote.toString())) {
     remote = p->getRealRemote().getNetwork();
   }