Tweak logging and special handling of T_ANY in rr-filter code.

2025-12-19 10:18:25 +00:00 · 2024-02-12 13:42:07 +00:00
parent 762a3f2430
commit febeea9d01
2 changed files with 20 additions and 26 deletions
--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -593,7 +593,7 @@ static int find_soa(struct dns_header *header, size_t qlen, char *name, int *sub
 }

 /* Print TXT reply to log */
-static int log_txt(char *name, unsigned char *p, const int ardlen, int secflag)
+static int log_txt(char *name, unsigned char *p, const int ardlen, int flag)
 {
  unsigned char *p1 = p;
 
@@ -615,7 +615,7 @@ static int log_txt(char *name, unsigned char *p, const int ardlen, int secflag)
 	}

      *p3 = 0;
-      log_query(secflag | F_FORWARD, name, NULL, (char*)p1, 0);
+      log_query(flag, name, NULL, (char*)p1, 0);
      /* restore */
      memmove(p1 + 1, p1, i);
      *p1 = len;
@@ -786,7 +786,8 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	  addrlen = IN6ADDRSZ;
 	  flags |= F_IPV6;
 	}
-      else if (qtype != T_CNAME && (qtype == T_SRV || rr_on_list(daemon->cache_rr, qtype)))
+      else if (qtype != T_CNAME &&
+	       (qtype == T_SRV || rr_on_list(daemon->cache_rr, qtype) || rr_on_list(daemon->cache_rr, T_ANY)))
 	flags |= F_RR;
      else
 	insert = 0; /* NOTE: do not cache data from CNAME queries. */
@@ -813,12 +814,13 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 	  GETSHORT(ardlen, p1);
 	  endrr = p1+ardlen;

+	  if (!CHECK_LEN(header, endrr, qlen, 0))
+	    return 2; /* bad packet */
+	  
 	  /* Not what we're looking for? */
 	  if (aqclass != C_IN || res == 2)
 	    {
 	      p1 = endrr;
-	      if (!CHECK_LEN(header, p1, qlen, 0))
-		return 2; /* bad packet */
 	      continue;
 	    }
 	  
@@ -868,12 +870,13 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t

 	      found = 1;
 	    }
-	  else if (aqtype != qtype)
+	  else if (qtype == T_ANY || aqtype != qtype)
 	    {
 #ifdef HAVE_DNSSEC
 	      if (!option_bool(OPT_DNSSEC_VALID) || aqtype != T_RRSIG)
 #endif
-		log_query(secflag | F_FORWARD | F_UPSTREAM | F_RRNAME, name, NULL, NULL, aqtype);
+		if (qtype != T_ANY)
+		  log_query(secflag | F_FORWARD | F_UPSTREAM | F_RRNAME, name, NULL, NULL, aqtype);
 	    }
 	  else if (!(flags & F_NXDOMAIN))
 	    {
@@ -1019,26 +1022,17 @@ int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t
 		    blockdata_free(addr.rrblock.rrdata);  
 		}
 	      
+	      /* We're filtering this RRtype. It will be removed from the 
+		 returned packet in process_reply() but gets cached here anyway
+		 and will be filtered again on the way out of the cache. Here,
+		 we just need to alter the logging. */
+	      if (rr_on_list(daemon->filter_rr, qtype))
+		secflag = F_NEG | F_CONFIG;
+	      
 	      if (aqtype == T_TXT)
-		{
-		   if (!CHECK_LEN(header, p1, qlen, ardlen))
-		     return 2;
-		   
-		   log_txt(name, p1, ardlen, secflag | F_UPSTREAM);
-		}
+		log_txt(name, p1, ardlen, flags | F_FORWARD | F_UPSTREAM | secflag);
 	      else
-		{
-		  int negflag = F_UPSTREAM;
-
-		  /* We're filtering this RRtype. It will be removed from the 
-		     returned packet in process_reply() but gets cached here anyway
-		     and will be filtered again on the way out of the cache. Here,
-		     we just need to alter the logging. */
-		  if (rr_on_list(daemon->filter_rr, qtype))
-		    negflag = F_NEG | F_CONFIG;
-		  
-		  log_query(negflag | flags | F_FORWARD | secflag, name, &addr, NULL, aqtype);
-		}
+		log_query(flags | F_FORWARD | F_UPSTREAM | secflag, name, &addr, NULL, aqtype);
 	    }
 	  
 	  p1 = endrr;
--- a/src/util.c
+++ b/src/util.c
@@ -119,7 +119,7 @@ int rr_on_list(struct rrlist *list, unsigned short rr)
 {
  while (list)
    {
-      if (list->rr == rr || list->rr == T_ANY)
+      if (list->rr == rr)
 	return 1;

      list = list->next;