Don't cache DNS data from non-recursive nameservers.

1023dcbc · Simon Kelley · 83e854e3 · 1023dcbc · 1023dcbc
Commit 1023dcbc authored Apr 09, 2012 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 4 deletions

CHANGELOG CHANGELOG +4 -0

src/rfc1035.c src/rfc1035.c +10 -4

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -77,6 +77,10 @@ version 2.61
 	    Tweak logo/favicon.ico to add some transparency. Thanks to
 	    SamLT for work on this.
 	    
+	    Don't cache data from non-recursive nameservers, since it
+	    may erroneously look like a valid CNAME to a non-exitant
+	    name. Thanks to Ben Winslow for finding this.
+	    

 version 2.60
            Fix compilation problem in Mac OS X Lion. Thanks to Olaf

--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1003,10 +1003,16 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	}
    }
  
-  /* Don't put stuff from a truncated packet into the cache,
-     also don't cache replies where DNSSEC validation was turned off, either
-     the upstream server told us so, or the original query specified it. */
-  if (!(header->hb3 & HB3_TC) && !(header->hb4 & HB4_CD) && !checking_disabled)
+  /* Don't put stuff from a truncated packet into the cache.
+     Don't cache replies where DNSSEC validation was turned off, either
+     the upstream server told us so, or the original query specified it. 
+     Don't cache replies from non-recursive nameservers, since we may get a 
+     reply containing a CNAME but not its target, even though the target 
+     does exist. */
+  if (!(header->hb3 & HB3_TC) && 
+      !(header->hb4 & HB4_CD) &&
+      (header->hb4 & HB4_RA) &&
+      !checking_disabled)
    cache_end_insert();

  return 0;