My feeling is that this is sensible. The patch does have flaws, as you
fear. From inspection:

1) You're not checking the value of header->ancount, but assuming that
it's one. It may be zero in the case of a NODATA reply, or it may be
more than one, if the answer isn't a CNAME, or if the target of the
CNAME is included.

2) So you need to iterate through all the RRs in the answer section,
looking for a CNAME whose name matches the question.

3) This is probably better done in rfc1035.c, which where DNS packet
code tends to exist.

Did you hit a real-world problem which inspired this?



On 07/11/17 04:08, Josh Soref wrote:
> This isn't tested [1], but I wanted to toss it out as an idea...
> The existing codepath says:
>> if we forwarded a query for a locally known name (because it was for
>> an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
>> since we know that the domain exists, even if upstream doesn't
> Just as NXDOMAIN should be mapped to NODATA, the same logic should be
> applied for CNAME, because CNAME is by definition incompatible with
> any other entries. So, the idea is to check if the answer is a CNAME
> and then map it as NODATA.
> I suspect I've made a number of errors in this patch, but the idea
> seems reasonable.
> [1] 
> _______________________________________________
> Dnsmasq-discuss mailing list

Attachment: signature.asc
Description: OpenPGP digital signature

Dnsmasq-discuss mailing list

Reply via email to