My feeling is that this is sensible. The patch does have flaws, as you
fear. From inspection:

1) You're not checking the value of header->ancount, but assuming that
it's one. It may be zero in the case of a NODATA reply, or it may be
more than one, if the answer isn't a CNAME, or if the target of the
CNAME is included.

2) So you need to iterate through all the RRs in the answer section,
looking for a CNAME whose name matches the question.

3) This is probably better done in rfc1035.c, which where DNS packet
code tends to exist.


Did you hit a real-world problem which inspired this?


Cheers,

Simon.





On 07/11/17 04:08, Josh Soref wrote:
> This isn't tested [1], but I wanted to toss it out as an idea...
> 
> The existing codepath says:
>> if we forwarded a query for a locally known name (because it was for
>> an unknown type) and the answer is NXDOMAIN, convert that to NODATA,
>> since we know that the domain exists, even if upstream doesn't
> 
> Just as NXDOMAIN should be mapped to NODATA, the same logic should be
> applied for CNAME, because CNAME is by definition incompatible with
> any other entries. So, the idea is to check if the answer is a CNAME
> and then map it as NODATA.
> 
> I suspect I've made a number of errors in this patch, but the idea
> seems reasonable.
> 
> [1] 
> https://github.com/jsoref/dnsmasq/commit/7c55d91ce41255d83501d95ec03a97f82563e180.patch
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss@lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss
> 


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

Reply via email to