From 83139f2a21b1064bc0ff6ec83cb48109140f5bd0 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 13 Dec 2016 16:27:18 +1100 Subject: [PATCH] 4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] (cherry picked from commit def6b33badb2ef286ece376c57db84250be163b2) --- CHANGES | 2 ++ bin/named/client.c | 3 ++- bin/tests/system/resolver/tests.sh | 9 ++++++++- lib/dns/message.c | 5 ++++- 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 1a79f38579..4183027c9e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +4534. [bug] Only set RD, RA and CD in QUERY responses. [RT #43879] + 4533. [bug] dns_client_update should terminate on prerequisite failures (NXDOMAIN, YXDOMAIN, NXRRSET, YXRRSET) and also on BADZONE. [RT #43865] diff --git a/bin/named/client.c b/bin/named/client.c index 065ec65d78..a0341cfab6 100644 --- a/bin/named/client.c +++ b/bin/named/client.c @@ -997,7 +997,8 @@ client_send(ns_client_t *client) { CTRACE("send"); - if ((client->attributes & NS_CLIENTATTR_RA) != 0) + if (client->message->opcode == dns_opcode_query && + (client->attributes & NS_CLIENTATTR_RA) != 0) client->message->flags |= DNS_MESSAGEFLAG_RA; if ((client->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0) diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index b6644f9e82..64d5701db5 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -558,8 +558,15 @@ status=`expr $status + $ret` n=`expr $n + 1` echo "I:check that unexpected opcodes are handled correctly (${n})" ret=0 -$DIG soa all-cnames @10.53.0.5 -p 5300 +opcode=status > dig.out.ns5.test${n} || ret=1 +$DIG soa all-cnames @10.53.0.5 -p 5300 +opcode=15 +cd +rec +ad > dig.out.ns5.test${n} || ret=1 grep "status: NOTIMP" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "flags:[^;]* qr[; ]" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "flags:[^;]* ra[; ]" dig.out.ns5.test${n} > /dev/null && ret=1 +grep "flags:[^;]* rd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1 +grep "flags:[^;]* cd[; ]" dig.out.ns5.test${n} > /dev/null && ret=1 +grep "flags:[^;]* ad[; ]" dig.out.ns5.test${n} > /dev/null && ret=1 +grep "flags:[^;]*; MBZ: " dig.out.ns5.test${n} > /dev/null && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` n=`expr $n + 1` diff --git a/lib/dns/message.c b/lib/dns/message.c index 37f633edd8..24abc488be 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -2599,7 +2599,10 @@ dns_message_reply(dns_message_t *msg, isc_boolean_t want_question_section) { * We now clear most flags and then set QR, ensuring that the * reply's flags will be in a reasonable state. */ - msg->flags &= DNS_MESSAGE_REPLYPRESERVE; + if (msg->opcode == dns_opcode_query) + msg->flags &= DNS_MESSAGE_REPLYPRESERVE; + else + msg->flags = 0; msg->flags |= DNS_MESSAGEFLAG_QR; /*