From f43e6a403e23e5be4eec5322aec023da8130b2b8 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Fri, 1 Dec 2017 11:36:30 +0100
Subject: [PATCH] auth: do not use the remote port for SOA and NS queries in
 trySuperMaster() and some cleanup

---
 pdns/dnsbackend.hh    | 3 +--
 pdns/iputils.hh       | 7 +++++++
 pdns/packethandler.cc | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/pdns/dnsbackend.hh b/pdns/dnsbackend.hh
index e09e99306..2ff9d1462 100644
--- a/pdns/dnsbackend.hh
+++ b/pdns/dnsbackend.hh
@@ -90,8 +90,7 @@ struct DomainInfo
   const bool isMaster(const ComboAddress& ip)
   {
     for( const auto& master: masters) {
-      const ComboAddress caMaster(master);
-      if(ComboAddress::addressOnlyEqual()(ip, caMaster))
+      if(ComboAddress::addressOnlyEqual()(ip, master))
         return true;
     }
     return false;
diff --git a/pdns/iputils.hh b/pdns/iputils.hh
index 6b265aca0..aae4902a1 100644
--- a/pdns/iputils.hh
+++ b/pdns/iputils.hh
@@ -302,6 +302,13 @@ union ComboAddress {
     return ntohs(sin4.sin_port);
   }
 
+  ComboAddress setPort(uint16_t port) const
+  {
+    ComboAddress ret(*this);
+    ret.sin4.sin_port=htons(port);
+    return ret;
+  }
+
 };
 
 /** This exception is thrown by the Netmask class and by extension by the NetmaskGroup class */
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index d82744983..b63f32c77 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -731,7 +731,7 @@ int PacketHandler::trySuperMaster(DNSPacket *p, const DNSName& tsigkeyname)
 
 int PacketHandler::trySuperMasterSynchronous(const DNSPacket *p, const DNSName& tsigkeyname)
 {
-  ComboAddress remote = p->getRemote();
+  ComboAddress remote = p->getRemote().setPort(53);
   if(p->hasEDNSSubnet() && ::arg().contains("trusted-notification-proxy", remote.toString())) {
     remote = p->getRealRemote().getNetwork();
   }
-- 
2.40.0