From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Thu, 9 Nov 2017 16:16:04 +0000 (+0100)
Subject: rec: Only accept types not matching the query if we asked for ANY
X-Git-Tag: auth-4.1.0-rc3~9^2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=331222c415b06dccfeb45286d56ba856d877dc97;p=pdns

rec: Only accept types not matching the query if we asked for ANY

Even from forward-recurse servers.
---

diff --git a/pdns/syncres.cc b/pdns/syncres.cc
index 474ee41cf..be238b7da 100644
--- a/pdns/syncres.cc
+++ b/pdns/syncres.cc
@@ -1256,13 +1256,6 @@ inline vector<DNSName> SyncRes::shuffleInSpeedOrder(NsSet &tnameservers, const s
   return rnameservers;
 }
 
-static bool magicAddrMatch(const QType& query, const QType& answer)
-{
-  if(query.getCode() != QType::ADDR)
-    return false;
-  return answer.getCode() == QType::A || answer.getCode() == QType::AAAA;
-}
-
 static uint32_t getRRSIGTTL(const time_t now, const std::shared_ptr<RRSIGRecordContent>& rrsig)
 {
   uint32_t res = 0;
@@ -2171,7 +2164,7 @@ bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, co
     // for ANY answers we *must* have an authoritative answer, unless we are forwarding recursively
     else if(rec.d_place==DNSResourceRecord::ANSWER && rec.d_name == qname &&
             (
-              rec.d_type==qtype.getCode() || (lwr.d_aabit && (qtype==QType(QType::ANY) || magicAddrMatch(qtype, QType(rec.d_type)) ) ) || sendRDQuery
+              rec.d_type==qtype.getCode() || ((lwr.d_aabit || sendRDQuery) && qtype == QType(QType::ANY))
               )
       )
     {