Correctly sanitise DNS header bits in answer when recreating query for retry.

bd7bfa21 · swigger · Simon Kelley · 403de059 · bd7bfa21 · bd7bfa21
Commit bd7bfa21 authored Jun 01, 2015 by swigger Committed by Simon Kelley Jun 01, 2015
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 8 deletions

src/dns-protocol.h src/dns-protocol.h +7 -7

src/forward.c src/forward.c +2 -1

No files found.
--- a/src/dns-protocol.h
+++ b/src/dns-protocol.h
@@ -84,15 +84,15 @@ struct dns_header {
  u16 qdcount,ancount,nscount,arcount;
 };

-#define HB3_QR       0x80
+#define HB3_QR       0x80 /* Query */
 #define HB3_OPCODE   0x78
-#define HB3_AA       0x04
-#define HB3_TC       0x02
-#define HB3_RD       0x01
+#define HB3_AA       0x04 /* Authoritative Answer */
+#define HB3_TC       0x02 /* TrunCated */
+#define HB3_RD       0x01 /* Recursion Desired */

-#define HB4_RA       0x80
-#define HB4_AD       0x20
-#define HB4_CD       0x10
+#define HB4_RA       0x80 /* Recursion Available */
+#define HB4_AD       0x20 /* Authenticated Data */
+#define HB4_CD       0x10 /* Checking Disabled */
 #define HB4_RCODE    0x0f

 #define OPCODE(x)          (((x)->hb3 & HB3_OPCODE) >> 3)

--- a/src/forward.c
+++ b/src/forward.c
@@ -769,7 +769,8 @@ void reply_query(int fd, int family, time_t now)
 	  header->arcount = htons(0);
 	  if ((nn = resize_packet(header, (size_t)n, pheader, plen)))
 	    {
-	      header->hb3 &= ~(HB3_QR | HB3_TC);
+	      header->hb3 &= ~(HB3_QR | HB3_AA | HB3_TC);
+	      header->hb4 &= ~(HB4_RA | HB4_RCODE);
 	      forward_query(-1, NULL, NULL, 0, header, nn, now, forward, 0, 0);
 	      return;
 	    }