Skip to content

Instantly share code, notes, and snippets.

@phonedph1

phonedph1/gist:461ede8caa39acfee4d3d76afaac6715

Created November 7, 2019 15:37
Show Gist options
  • Save phonedph1/461ede8caa39acfee4d3d76afaac6715 to your computer and use it in GitHub Desktop.
Save phonedph1/461ede8caa39acfee4d3d76afaac6715 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
$ cat no-aa-option.patch
diff -ru pdns-recursor-4.2.0.orig/pdns_recursor.cc pdns-recursor-4.2.0/pdns_recursor.cc
--- pdns-recursor-4.2.0.orig/pdns_recursor.cc 2019-07-15 02:32:59.000000000 -0600
+++ pdns-recursor-4.2.0/pdns_recursor.cc 2019-08-01 07:30:57.003001804 -0600
@@ -3752,6 +3752,7 @@
SyncRes::s_maxtotusec=1000*::arg().asNum("max-total-msec");
SyncRes::s_maxdepth=::arg().asNum("max-recursion-depth");
SyncRes::s_rootNXTrust = ::arg().mustDo( "root-nx-trust");
+ SyncRes::s_relaxAA = ::arg().mustDo("relax-aa");
if(SyncRes::s_serverID.empty()) {
SyncRes::s_serverID = myHostname;
}
@@ -4409,6 +4410,7 @@
::arg().setSwitch( "use-incoming-edns-subnet", "Pass along received EDNS Client Subnet information")="no";
::arg().setSwitch( "pdns-distributes-queries", "If PowerDNS itself should distribute queries over threads")="yes";
::arg().setSwitch( "root-nx-trust", "If set, believe that an NXDOMAIN from the root means the TLD does not exist")="yes";
+ ::arg().setSwitch("relax-aa", "If set, accept aa=0 answers from auths")="yes";
::arg().setSwitch( "any-to-tcp","Answer ANY queries with tc=1, shunting to TCP" )="no";
::arg().setSwitch( "lowercase-outgoing","Force outgoing questions to lowercase")="no";
::arg().setSwitch("gettag-needs-edns-options", "If EDNS Options should be extracted before calling the gettag() hook")="no";
diff -ru pdns-recursor-4.2.0.orig/syncres.cc pdns-recursor-4.2.0/syncres.cc
--- pdns-recursor-4.2.0.orig/syncres.cc 2019-07-15 02:32:59.000000000 -0600
+++ pdns-recursor-4.2.0/syncres.cc 2019-07-31 17:56:55.699271064 -0600
@@ -86,6 +86,7 @@
bool SyncRes::s_doIPv6;
bool SyncRes::s_nopacketcache;
bool SyncRes::s_rootNXTrust;
+bool SyncRes::s_relaxAA;
bool SyncRes::s_noEDNS;
#define LOG(x) if(d_lm == Log) { g_log <<Logger::Warning << x; } else if(d_lm == Store) { d_trace << x; }
@@ -2137,7 +2138,7 @@
}
/* dealing with the records in answer */
- if (!(lwr.d_aabit || wasForwardRecurse) && rec->d_place == DNSResourceRecord::ANSWER) {
+ if (!(lwr.d_aabit || wasForwardRecurse || s_relaxAA) && rec->d_place == DNSResourceRecord::ANSWER) {
/* for now we allow a CNAME for the exact qname in ANSWER with AA=0, because Amazon DNS servers
are sending such responses */
if (!(rec->d_type == QType::CNAME && qname == rec->d_name)) {
@@ -2320,7 +2321,7 @@
continue;
}
- if (!(lwr.d_aabit || wasForwardRecurse) && rec.d_place == DNSResourceRecord::ANSWER) {
+ if (!(lwr.d_aabit || wasForwardRecurse || s_relaxAA) && rec.d_place == DNSResourceRecord::ANSWER) {
/* for now we allow a CNAME for the exact qname in ANSWER with AA=0, because Amazon DNS servers
are sending such responses */
if (!(rec.d_type == QType::CNAME && rec.d_name == qname)) {
@@ -2593,7 +2594,7 @@
if (rec.d_type!=QType::OPT && rec.d_class!=QClass::IN)
continue;
- if (rec.d_place==DNSResourceRecord::ANSWER && !(lwr.d_aabit || sendRDQuery)) {
+ if (rec.d_place==DNSResourceRecord::ANSWER && !(lwr.d_aabit || sendRDQuery || s_relaxAA)) {
/* for now we allow a CNAME for the exact qname in ANSWER with AA=0, because Amazon DNS servers
are sending such responses */
if (!(rec.d_type == QType::CNAME && rec.d_name == qname)) {
diff -ru pdns-recursor-4.2.0.orig/syncres.hh pdns-recursor-4.2.0/syncres.hh
--- pdns-recursor-4.2.0.orig/syncres.hh 2019-07-15 02:32:59.000000000 -0600
+++ pdns-recursor-4.2.0/syncres.hh 2019-07-31 14:55:13.402480310 -0600
@@ -729,6 +729,7 @@
static bool s_noEDNSPing;
static bool s_noEDNS;
static bool s_rootNXTrust;
+ static bool s_relaxAA;
static bool s_nopacketcache;
std::unordered_map<std::string,bool> d_discardedPolicies;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment