From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Sat, 23 Jan 2016 10:59:39 +0000 (+0100)
Subject: dnsdist: Drop queries with no question (qdcount == 0)
X-Git-Tag: dnsdist-1.0.0-alpha2~39^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2efd427df50db77740bb9be2bf0bf95efaebd4e9;p=pdns

dnsdist: Drop queries with no question (qdcount == 0)

Added a counter for these dropped queries, `emptyQueries` too.
This might be an issue for DNS cookies some day, as it uses
query with no question [1].
Additionnaly drops queries with QR set over TCP too to be
consistent with UDP.
This might close #3290.

[1]: https://tools.ietf.org/html/draft-ietf-dnsop-cookies-09#section-5.4
---

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 9e458926d..78fa765b5 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -202,6 +202,17 @@ void* tcpClientThread(int pipefd)
           qlen = decryptedQueryLen;
         }
 #endif
+        struct dnsheader* dh = (struct dnsheader*) query;
+
+        if(dh->qr) {   // don't respond to responses
+          g_stats.nonCompliantQueries++;
+          goto drop;
+        }
+
+        if(dh->qdcount == 0) {
+          g_stats.emptyQueries++;
+          goto drop;
+        }
 
 	uint16_t qtype;
 	unsigned int consumed = 0;
diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index b24a99483..378bf82de 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -601,6 +601,11 @@ try
 	continue;
       }
 
+      if(dh->qdcount == 0) {
+        g_stats.emptyQueries++;
+        continue;
+      }
+
       if (dh->rd) {
         g_stats.rdQueries++;
       }
diff --git a/pdns/dnsdist.hh b/pdns/dnsdist.hh
index c92ae9a32..ec0ceb38c 100644
--- a/pdns/dnsdist.hh
+++ b/pdns/dnsdist.hh
@@ -42,6 +42,7 @@ struct DNSDistStats
   stat_t queries{0};
   stat_t nonCompliantQueries{0};
   stat_t rdQueries{0};
+  stat_t emptyQueries{0};
   stat_t aclDrops{0};
   stat_t blockFilter{0};
   stat_t dynBlocked{0};
@@ -73,6 +74,7 @@ struct DNSDistStats
     {"real-memory-usage", getRealMemoryUsage},
     {"noncompliant-queries", &nonCompliantQueries},
     {"rdqueries", &rdQueries},
+    {"empty-queries", &emptyQueries},
     {"cpu-user-msec", getCPUTimeUser},
     {"cpu-sys-msec", getCPUTimeSystem},
     {"fd-usage", getOpenFileDescriptors}, {"dyn-blocked", &dynBlocked},