From: bert hubert Date: Sun, 14 Jan 2018 19:17:48 +0000 (+0100) Subject: dnsdist had problems with large AXFR as it checked first record of second envelope... X-Git-Tag: dnsdist-1.3.0~148^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=5af7506d106b85773d0b157e025fe5ac31d983b6;p=pdns dnsdist had problems with large AXFR as it checked first record of second envelope against the original qname. With this commit, the check against spoofing is only performed against the first message, and not against subsequent ones. Thanks to Janne for help debugging this issue. --- diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc index 74d03b06c..f23b4c158 100644 --- a/pdns/dnsdist-tcp.cc +++ b/pdns/dnsdist-tcp.cc @@ -484,7 +484,7 @@ void* tcpClientThread(int pipefd) sendSizeAndMsgWithTimeout(dsock, dq.len, query, ds->tcpSendTimeout, &ds->remote, &ds->sourceAddr, ds->sourceItf, 0, socketFlags); } catch(const runtime_error& e) { - vinfolog("Downstream connection to %s died on us, getting a new one!", ds->getName()); + vinfolog("Downstream connection to %s died on us (%s), getting a new one!", ds->getName(), e.what()); close(dsock); dsock=-1; sockets.erase(ds->remote); @@ -502,7 +502,7 @@ void* tcpClientThread(int pipefd) if (isXFR) { dq.skipCache = true; } - + bool firstPacket=true; getpacket:; if(!getNonBlockingMsgLen(dsock, &rlen, ds->tcpRecvTimeout)) { @@ -544,10 +544,10 @@ void* tcpClientThread(int pipefd) break; } - if (!responseContentMatches(response, responseLen, qname, qtype, qclass, ds->remote)) { + if (firstPacket && !responseContentMatches(response, responseLen, qname, qtype, qclass, ds->remote)) { break; } - + firstPacket=false; if (!fixUpResponse(&response, &responseLen, &responseSize, qname, origFlags, ednsAdded, ecsAdded, rewrittenResponse, addRoom)) { break; }