Don't add OPT RR to non-EDNS0 queries (#5368)

* Don't add OPT RR to non-EDNS0 queries
Signed-off-by: Patrick W. Healy <phealy@phealy.com>
Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com>

* Update plugin/bufsize/README.md
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>
Signed-off-by: Patrick W. Healy <patrick.healy@microsoft.com>
Co-authored-by: Chris O'Haver <cohaver@infoblox.com>

plugin/bufsize/README.md

@@ -5,6 +5,7 @@
 ## Description
 *bufsize* limits a requester's UDP payload size.
 It prevents IP fragmentation, mitigating certain DNS vulnerabilities.
+This will only affect queries that have an OPT RR.
 
 ## Syntax
 ```txt
@@ -36,4 +37,3 @@ Enable limiting the buffer size as an authoritative nameserver:
 
 ## Considerations
 - Setting 1232 bytes to bufsize may avoid fragmentation on the majority of networks in use today, but it depends on the MTU of the physical network links.
-- For now, if a client does not use EDNS, this plugin adds OPT RR.

plugin/bufsize/bufsize.go

@@ -19,9 +19,6 @@ type Bufsize struct {
 func (buf Bufsize) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (int, error) {
 	if option := r.IsEdns0(); option != nil {
 		option.SetUDPSize(uint16(buf.Size))
-	} else {
-		// If a client does not use EDNS, add it
-		r.SetEdns0(uint16(buf.Size), false)
 	}
 
 	return plugin.NextOrFailure(buf.Name(), buf.Next, ctx, w, r)

plugin/bufsize/bufsize_test.go

@@ -31,7 +31,7 @@ func TestBufsize(t *testing.T) {
 			outgoingBufsize: 512,
 			expectedErr:     nil,
 		},
-		// If EDNS is not enabled, this plugin adds it
+		// If EDNS is not enabled, this plugin should not add it
 		{
 			next:            whoami.Whoami{},
 			qname:           ".",
@@ -68,5 +68,13 @@ func TestBufsize(t *testing.T) {
 				}
 			}
 		}
+
+		if tc.inputBufsize == 0 {
+			for _, extra := range req.Extra {
+				if _, ok := extra.(*dns.OPT); ok {
+					t.Errorf("Test %d: Found OPT RR on reply to query with no OPT RR.", i)
+				}
+			}
+		}
 	}
 }