Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix wrong transaction ID when retrying DNSSEC queries.

Browse Source
This commit is contained in:
Simon Kelley
2024-11-21 15:09:14 +00:00
parent 498794ad85
commit b5ac983bf6
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dnsmasq.h
View File

@@ -1419,7 +1419,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut);
/* dnssec.c */ /* dnssec.c */
#ifdef HAVE_DNSSEC #ifdef HAVE_DNSSEC
size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class, int type, int edns_pktsz); size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class, int id, int type, int edns_pktsz);
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name, int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name,
char *keyname, int class, int *validate_count); char *keyname, int class, int *validate_count);
int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name, int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name,

7
src/dnssec.c
View File

@@ -2203,8 +2203,8 @@ int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
} }
} }
size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class, size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name,
int type, int edns_pktsz) int class, int id, int type, int edns_pktsz)
{ {
unsigned char *p; unsigned char *p;
size_t ret; size_t ret;
@@ -2213,7 +2213,8 @@ size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char
header->ancount = htons(0); header->ancount = htons(0);
header->nscount = htons(0); header->nscount = htons(0);
header->arcount = htons(0); header->arcount = htons(0);
header->id = htons(id);
header->hb3 = HB3_RD; header->hb3 = HB3_RD;
SET_OPCODE(header, QUERY); SET_OPCODE(header, QUERY);
/* For debugging, set Checking Disabled, otherwise, have the upstream check too, /* For debugging, set Checking Disabled, otherwise, have the upstream check too,

7
src/forward.c
View File

@@ -1051,7 +1051,7 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
if ((serverind = dnssec_server(forward->sentto, daemon->keyname, NULL, NULL)) != -1 && if ((serverind = dnssec_server(forward->sentto, daemon->keyname, NULL, NULL)) != -1 &&
(server = daemon->serverarray[serverind]) && (server = daemon->serverarray[serverind]) &&
(nn = dnssec_generate_query(header, ((unsigned char *) header) + server->edns_pktsz, (nn = dnssec_generate_query(header, ((unsigned char *) header) + server->edns_pktsz,
daemon->keyname, forward->class, daemon->keyname, forward->class, get_id(),
STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz)) && STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz)) &&
(fd = allocate_rfd(&rfds, server)) != -1 && (fd = allocate_rfd(&rfds, server)) != -1 &&
(newstash = blockdata_alloc((char *)header, nn)) && (newstash = blockdata_alloc((char *)header, nn)) &&
@@ -1081,8 +1081,7 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
forward->stash_len = plen; forward->stash_len = plen;
forward->stash = stash; forward->stash = stash;
new->new_id = get_id(); new->new_id = ntohs(header->id);
header->id = htons(new->new_id);
/* Save query for retransmission and de-dup */ /* Save query for retransmission and de-dup */
new->stash = newstash; new->stash = newstash;
new->stash_len = nn; new->stash_len = nn;
@@ -2225,7 +2224,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
break; break;
} }
m = dnssec_generate_query(new_header, ((unsigned char *) new_header) + 65536, keyname, class, m = dnssec_generate_query(new_header, ((unsigned char *) new_header) + 65536, keyname, class, 0,
STAT_ISEQUAL(new_status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz); STAT_ISEQUAL(new_status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz);
if ((start = dnssec_server(server, keyname, &first, &last)) == -1) if ((start = dnssec_server(server, keyname, &first, &last)) == -1)