diff options
Diffstat (limited to 'iterator')
| -rw-r--r-- | iterator/iter_utils.c | 13 | ||||
| -rw-r--r-- | iterator/iter_utils.h | 7 | ||||
| -rw-r--r-- | iterator/iterator.c | 11 |
3 files changed, 29 insertions, 2 deletions
diff --git a/iterator/iter_utils.c b/iterator/iter_utils.c index be7965a60e39..2ab55ceb4977 100644 --- a/iterator/iter_utils.c +++ b/iterator/iter_utils.c @@ -1211,6 +1211,19 @@ iter_scrub_ds(struct dns_msg* msg, struct ub_packed_rrset_key* ns, uint8_t* z) } } +void +iter_scrub_nxdomain(struct dns_msg* msg) +{ + if(msg->rep->an_numrrsets == 0) + return; + + memmove(msg->rep->rrsets, msg->rep->rrsets+msg->rep->an_numrrsets, + sizeof(struct ub_packed_rrset_key*) * + (msg->rep->rrset_count-msg->rep->an_numrrsets)); + msg->rep->rrset_count -= msg->rep->an_numrrsets; + msg->rep->an_numrrsets = 0; +} + void iter_dec_attempts(struct delegpt* dp, int d) { struct delegpt_addr* a; diff --git a/iterator/iter_utils.h b/iterator/iter_utils.h index ccfb280224b3..f771930bba2b 100644 --- a/iterator/iter_utils.h +++ b/iterator/iter_utils.h @@ -335,6 +335,13 @@ void iter_scrub_ds(struct dns_msg* msg, struct ub_packed_rrset_key* ns, uint8_t* z); /** + * Prepare an NXDOMAIN message to be used for a subdomain answer by removing all + * RRs from the ANSWER section. + * @param msg: the response to scrub. + */ +void iter_scrub_nxdomain(struct dns_msg* msg); + +/** * Remove query attempts from all available ips. For 0x20. * @param dp: delegpt. * @param d: decrease. diff --git a/iterator/iterator.c b/iterator/iterator.c index c73fb5177489..c906c2714483 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -2718,8 +2718,15 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, && !(iq->chase_flags & BIT_RD)) { if(FLAGS_GET_RCODE(iq->response->rep->flags) != LDNS_RCODE_NOERROR) { - if(qstate->env->cfg->qname_minimisation_strict) - return final_state(iq); + if(qstate->env->cfg->qname_minimisation_strict) { + if(FLAGS_GET_RCODE(iq->response->rep->flags) == + LDNS_RCODE_NXDOMAIN) { + iter_scrub_nxdomain(iq->response); + return final_state(iq); + } + return error_response(qstate, id, + LDNS_RCODE_SERVFAIL); + } /* Best effort qname-minimisation. * Stop minimising and send full query when * RCODE is not NOERROR. */ |