Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Treat replies with CD flag set the same for UDP and TCP code paths.

Browse Source
This commit is contained in:
Simon Kelley
2025-01-12 16:25:07 +00:00
parent b58276a73c
commit 51343bd9a2
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/forward.c
View File

@@ -782,7 +782,7 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
header->arcount = htons(0); header->arcount = htons(0);
} }
} }
else if (!(header->hb4 & HB4_CD) && ad_reqd && cache_secure) else if (ad_reqd && cache_secure)
header->hb4 |= HB4_AD; header->hb4 |= HB4_AD;
/* If the requestor didn't set the DO bit, don't return DNSSEC info. */ /* If the requestor didn't set the DO bit, don't return DNSSEC info. */
@@ -2400,8 +2400,7 @@ unsigned char *tcp_request(int confd, time_t now,
size = saved_size; size = saved_size;
/* save state of "cd" flag in query */ /* save state of "cd" flag in query */
if ((checking_disabled = header->hb4 & HB4_CD)) checking_disabled = header->hb4 & HB4_CD;
no_cache_dnssec = 1;
if (lookup_domain(daemon->namebuff, gotname, &first, &last)) if (lookup_domain(daemon->namebuff, gotname, &first, &last))
flags = is_local_answer(now, first, daemon->namebuff); flags = is_local_answer(now, first, daemon->namebuff);
@@ -2453,7 +2452,9 @@ unsigned char *tcp_request(int confd, time_t now,
/* Clear this in case we don't call tcp_key_recurse() below */ /* Clear this in case we don't call tcp_key_recurse() below */
memset(daemon->rr_status, 0, sizeof(*daemon->rr_status) * daemon->rr_status_sz); memset(daemon->rr_status, 0, sizeof(*daemon->rr_status) * daemon->rr_status_sz);
if (!checking_disabled && (master->flags & SERV_DO_DNSSEC)) if (checking_disabled || (header->hb4 & HB4_CD))
no_cache_dnssec = 1;
else if (master->flags & SERV_DO_DNSSEC)
{ {
int keycount = daemon->limit[LIMIT_WORK]; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */ int keycount = daemon->limit[LIMIT_WORK]; /* Limit to number of DNSSEC questions, to catch loops and avoid filling cache. */
int validatecount = daemon->limit[LIMIT_CRYPTO]; int validatecount = daemon->limit[LIMIT_CRYPTO];