From 431b9be3e523b74de63fccfd2eb4aba1690f76e8 Mon Sep 17 00:00:00 2001
From: Dimitri Herzog <dimitri.herzog@gmail.com>
Date: Wed, 20 Sep 2023 22:36:45 +0200
Subject: [PATCH] fix: don't cache DNS responses with CD flag

---
 resolver/caching_resolver.go      |  7 ++++++-
 resolver/caching_resolver_test.go | 34 +++++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/resolver/caching_resolver.go b/resolver/caching_resolver.go
index ce467f430..571535d15 100644
--- a/resolver/caching_resolver.go
+++ b/resolver/caching_resolver.go
@@ -229,6 +229,11 @@ func removeEdns0Extra(msg *dns.Msg) {
 	}
 }
 
+func shouldBeCached(msg *dns.Msg) bool {
+	// we don't cache truncated responses and responses with CD flag
+	return !msg.Truncated && !msg.CheckingDisabled
+}
+
 func (r *CachingResolver) putInCache(cacheKey string, response *model.Response, ttl time.Duration,
 	prefetch, publish bool,
 ) {
@@ -237,7 +242,7 @@ func (r *CachingResolver) putInCache(cacheKey string, response *model.Response,
 	// don't cache any EDNS OPT records
 	removeEdns0Extra(respCopy)
 
-	if response.Res.Rcode == dns.RcodeSuccess && !response.Res.Truncated {
+	if response.Res.Rcode == dns.RcodeSuccess && shouldBeCached(response.Res) {
 		// put value into cache
 		r.resultCache.Put(cacheKey, &cacheValue{respCopy, prefetch}, ttl)
 	} else if response.Res.Rcode == dns.RcodeNameError {
diff --git a/resolver/caching_resolver_test.go b/resolver/caching_resolver_test.go
index 3efcd3700..d458e2b9d 100644
--- a/resolver/caching_resolver_test.go
+++ b/resolver/caching_resolver_test.go
@@ -565,6 +565,40 @@ var _ = Describe("CachingResolver", func() {
 		})
 	})
 
+	Describe("Responses with CD flag should not be cached", func() {
+		When("Some query returns response with CD flag", func() {
+			BeforeEach(func() {
+				mockAnswer, _ = util.NewMsgWithAnswer("google.de.", 180, A, "1.1.1.1")
+				mockAnswer.CheckingDisabled = true
+			})
+			It("Should not be cached", func() {
+				By("first request", func() {
+					Expect(sut.Resolve(newRequest("google.de.", A))).
+						Should(SatisfyAll(
+							HaveResponseType(ResponseTypeRESOLVED),
+							HaveReturnCode(dns.RcodeSuccess),
+							BeDNSRecord("google.de.", A, "1.1.1.1"),
+							HaveTTL(BeNumerically("==", 180)),
+						))
+
+					Expect(m.Calls).Should(HaveLen(1))
+				})
+
+				By("second request", func() {
+					Expect(sut.Resolve(newRequest("google.de.", A))).
+						Should(SatisfyAll(
+							HaveResponseType(ResponseTypeRESOLVED),
+							HaveReturnCode(dns.RcodeSuccess),
+							BeDNSRecord("google.de.", A, "1.1.1.1"),
+							HaveTTL(BeNumerically("==", 180)),
+						))
+
+					Expect(m.Calls).Should(HaveLen(2))
+				})
+			})
+		})
+	})
+
 	Describe("EDNS pseudo records should not be cached", func() {
 		When("Some query returns EDNS OPT RRs", func() {
 			BeforeEach(func() {