From 5adb2dc4cf48cdde78ea1d0ec981086f5896c1d5 Mon Sep 17 00:00:00 2001
From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 5 Jan 2017 08:14:34 +0000
Subject: [PATCH] - Fix to return formerr for queries for meta-types, to avoid 
  packet amplification if this meta-type is sent on to upstream.

git-svn-id: file:///svn/unbound/trunk@3978 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 daemon/worker.c | 17 +++++++++++++++++
 doc/Changelog   |  4 ++++
 2 files changed, 21 insertions(+)

diff --git a/daemon/worker.c b/daemon/worker.c
index 09a146542..357d3e60d 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -860,6 +860,23 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		}
 		goto send_reply;
 	}
+	if(qinfo.qtype == LDNS_RR_TYPE_OPT || 
+		qinfo.qtype == LDNS_RR_TYPE_TSIG ||
+		qinfo.qtype == LDNS_RR_TYPE_TKEY ||
+		qinfo.qtype == LDNS_RR_TYPE_MAILA ||
+		qinfo.qtype == LDNS_RR_TYPE_MAILB) {
+		verbose(VERB_ALGO, "worker request: formerror for meta-type.");
+		log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
+		sldns_buffer_rewind(c->buffer);
+		LDNS_QR_SET(sldns_buffer_begin(c->buffer));
+		LDNS_RCODE_SET(sldns_buffer_begin(c->buffer), 
+			LDNS_RCODE_FORMERR);
+		if(worker->stats.extended) {
+			worker->stats.qtype[qinfo.qtype]++;
+			server_stats_insrcode(&worker->stats, c->buffer);
+		}
+		goto send_reply;
+	}
 	if((ret=parse_edns_from_pkt(c->buffer, &edns, worker->scratchpad)) != 0) {
 		struct edns_data reply_edns;
 		verbose(VERB_ALGO, "worker parse edns: formerror.");
diff --git a/doc/Changelog b/doc/Changelog
index 0a646e561..b04aae73c 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+5 January 2017: Wouter
+	- Fix to return formerr for queries for meta-types, to avoid
+	  packet amplification if this meta-type is sent on to upstream.
+
 3 January 2017: Wouter
 	- configure --enable-systemd and lets unbound use systemd sockets if
 	  you enable use-systemd: yes in unbound.conf.