Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix wrong transaction ID when retrying DNSSEC queries.

Browse Source
This commit is contained in:
Simon Kelley
2024-11-21 15:09:14 +00:00
parent 498794ad85
commit b5ac983bf6
3 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/dnsmasq.h
View File

@@ -1419,7 +1419,7 @@ int in_zone(struct auth_zone *zone, char *name, char **cut);
/* dnssec.c */
#ifdef HAVE_DNSSEC
size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class, int type, int edns_pktsz);
size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class, int id, int type, int edns_pktsz);
int dnssec_validate_by_ds(time_t now, struct dns_header *header, size_t plen, char *name,
char *keyname, int class, int *validate_count);
int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char *name,

7
src/dnssec.c
View File

@@ -2203,8 +2203,8 @@ int dnskey_keytag(int alg, int flags, unsigned char *key, int keylen)
}
}
size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name, int class,
int type, int edns_pktsz)
size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char *name,
int class, int id, int type, int edns_pktsz)
{
unsigned char *p;
size_t ret;
@@ -2213,7 +2213,8 @@ size_t dnssec_generate_query(struct dns_header *header, unsigned char *end, char
header->ancount = htons(0);
header->nscount = htons(0);
header->arcount = htons(0);
header->id = htons(id);
header->hb3 = HB3_RD;
SET_OPCODE(header, QUERY);
/* For debugging, set Checking Disabled, otherwise, have the upstream check too,

7
src/forward.c
View File

@@ -1051,7 +1051,7 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
if ((serverind = dnssec_server(forward->sentto, daemon->keyname, NULL, NULL)) != -1 &&
(server = daemon->serverarray[serverind]) &&
(nn = dnssec_generate_query(header, ((unsigned char *) header) + server->edns_pktsz,
daemon->keyname, forward->class,
daemon->keyname, forward->class, get_id(),
STAT_ISEQUAL(status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz)) &&
(fd = allocate_rfd(&rfds, server)) != -1 &&
(newstash = blockdata_alloc((char *)header, nn)) &&
@@ -1081,8 +1081,7 @@ static void dnssec_validate(struct frec *forward, struct dns_header *header,
forward->stash_len = plen;
forward->stash = stash;
new->new_id = get_id();
header->id = htons(new->new_id);
new->new_id = ntohs(header->id);
/* Save query for retransmission and de-dup */
new->stash = newstash;
new->stash_len = nn;
@@ -2225,7 +2224,7 @@ static int tcp_key_recurse(time_t now, int status, struct dns_header *header, si
break;
}
m = dnssec_generate_query(new_header, ((unsigned char *) new_header) + 65536, keyname, class,
m = dnssec_generate_query(new_header, ((unsigned char *) new_header) + 65536, keyname, class, 0,
STAT_ISEQUAL(new_status, STAT_NEED_KEY) ? T_DNSKEY : T_DS, server->edns_pktsz);
if ((start = dnssec_server(server, keyname, &first, &last)) == -1)