From fc01e0b193f6603e4a98efcd8c5595762b8c63eb Mon Sep 17 00:00:00 2001
From: Remi Gacogne <rgacogne-github@coredump.fr>
Date: Tue, 3 Nov 2015 11:53:38 +0100
Subject: [PATCH] Add some sanity checks to the dnsdist health check

---
 pdns/dnsdist.cc | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index 38d266936..b9a2e1c5d 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -561,7 +561,8 @@ try
 {
   vector<uint8_t> packet;
   DNSPacketWriter dpw(packet, DNSName("a.root-servers.net."), QType::A);
-  dpw.getHeader()->rd=true;
+  dnsheader * requestHeader = dpw.getHeader();
+  requestHeader->rd=true;
 
   Socket sock(remote.sin4.sin_family, SOCK_DGRAM);
   sock.setNonBlocking();
@@ -574,6 +575,23 @@ try
   ComboAddress dest=remote;
   sock.recvFrom(reply, dest);
 
+  // dnsparser.cc is not included in dnsdist right now
+  // MOADNSParser mdp(reply);
+  // dnsheader const * responseHeader = &mdp.d_header;
+  struct dnsheader responseHeader;
+
+  if (reply.size() < sizeof(responseHeader))
+    return false;
+
+  memcpy(&responseHeader, reply.c_str(), sizeof(responseHeader));
+
+  if (responseHeader.id != requestHeader->id)
+    return false;
+  if (!responseHeader.qr)
+    return false;
+  if (responseHeader.rcode == RCode::ServFail)
+    return false;
+
   // XXX fixme do bunch of checking here etc 
   return true;
 }
-- 
2.40.0