dnsdist deletes edns OPT record from truncated response

[RobinGeuze]

• Program: dnsdist
• Issue type: Bug report

Short description

When a truncated response passes through dnsdist the edns OPT record is removed. This is incorrect behaviour as per RFC 6891 chapter 7 last paragraph:

The minimal response MUST be the DNS header, question section, and an
OPT record.  This MUST also occur when a truncated response (using
the DNS header's TC bit) is returned.

Environment

• Operating system: FreeBSD
• Software version: 1.1.0beta2
• Software source: ports

Steps to reproduce

1. Hang some random authoritative nameserver behind dnsdist
2. Make sure you have a query that will always get truncated over UDP
3. Execute query both directly on the auth and through dnsdist

Expected behaviour

Both results have the OPT record included

Actual behaviour

the reply from dnsdist is missing the OPT record.

[RobinGeuze]

Apparently caused by the truncateTC option which is enabled by default. Also this causes dnsviz to give off warnings.

[rgacogne]

The minimal response MUST be the DNS header, question section, and an
OPT record. This MUST also occur when a truncated response (using
the DNS header's TC bit) is returned.

Since nothing limits the size of an OPT record, I'm guessing this will lead to interesting situations.. But yes, you can disable this behavior by using truncateTC(false). Now, do we care to try harder to preserve the OPT record?

[RobinGeuze]

You could always provide a minimal OPT record instead of preserving the original OPT record. And yes disabling truncateTC(false) is my current solution. Another option is maybe to disable truncateTC by default, since its not needed in most cases?

[Habbie]

Reopening this as #4859 is a terrible fix for this issue.

[zeha]

NB: truncateTC is not actually documented.

[rgacogne]

Fixed by #6847.