Re: [ovs-dev] [PATCH ovn v3] controller: Ignore DNS queries with RRs

Thu, 25 May 2023 23:41:48 -0700 

On Thu, May 25, 2023 at 8:29 PM Brian Haley <[email protected]> wrote:

> DNS queries with optional records (RRs), for example, with
> cookies for EDNS, are not supported by the OVN resolver.
> Trying to reply will result in mangled responses that
> clients do not understand - the ANSWER section will
> contain an incorrect option.
>
> Instead, just return early when one is present, which
> will trigger a negative response and cause clients to
> go to the upstream forwarder, hopefully resulting in a
> successful query.
>
> In our testing, the resolver only retries if the
> response is correctly formatted, which now happens
> with this change.
>

Hi,
thank you for the patch, there is one minor issue. Other than that it looks
good.


>
> Closes issue #192
>

This should be replaced with:

Reported-at: https://github.com/ovn-org/ovn/issues/192
Reported-by: Nicolas Bock <[email protected]>


> Signed-off-by: Brian Haley <[email protected]>
>
---
> Changes since v2:
> - Updated commit message to be more clear
> ---
> Changes since v1:
> - Added issue #192 to commit message
> ---
>  controller/pinctrl.c | 7 +++++++
>  1 file changed, 7 insertions(+)
>
> diff --git a/controller/pinctrl.c b/controller/pinctrl.c
> index b5df8b1eb..b45b4c747 100644
> --- a/controller/pinctrl.c
> +++ b/controller/pinctrl.c
> @@ -2864,6 +2864,13 @@ pinctrl_handle_dns_lookup(
>          goto exit;
>      }
>
> +    /* Check if there is an additional record present, which is
> unsupported */
> +    if (in_dns_header->arcount) {
> +        VLOG_DBG_RL(&rl, "Received DNS query with additional records,
> which"
> +                    " is unsupported");
> +        goto exit;
> +    }
> +
>      struct udp_header *in_udp = dp_packet_l4(pkt_in);
>      size_t udp_len = ntohs(in_udp->udp_len);
>      size_t l4_len = dp_packet_l4_size(pkt_in);
> --
> 2.34.1
>
> _______________________________________________
> dev mailing list
> [email protected]
> https://mail.openvswitch.org/mailman/listinfo/ovs-dev
>
>
Thanks,
Ales

-- 

Ales Musil

Senior Software Engineer - OVN Core

Red Hat EMEA <https://www.redhat.com>

[email protected]    IM: amusil
<https://red.ht/sig>
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev

Reply via email to