From: Christian Hofstaedtler <christian@hofstaedtler.name>
Date: Mon, 12 Oct 2015 10:14:21 +0000 (+0200)
Subject: Don't reply to truncated queries
X-Git-Tag: auth-3.4.7~7
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8044a5d265fe78ba5b27efe92277a0f0ced2ad16;p=pdns

Don't reply to truncated queries
---

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index e92eb0521..6d2383cfa 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -996,6 +996,14 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     return 0;
   }
 
+  if(p->d.tc) { // truncated query. MOADNSParser would silently parse this packet in an incomplete way.
+    if(d_logDNSDetails)
+      L<<Logger::Error<<"Received truncated query packet from "<<p->getRemote()<<", dropping"<<endl;
+    S.inc("corrupt-packets");
+    S.ringAccount("remotes-corrupt", p->getRemote());
+    return 0;
+  }
+
   if (p->hasEDNS() && p->getEDNSVersion() > 0) {
     r = p->replyPacket();
     r->setRcode(16 & 0xF);