Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dnsdist] RecordsTypeCountRule is broken #5365

gryphius opened this issue Jun 2, 2017 · 1 comment · Fixed by #5369

[dnsdist] RecordsTypeCountRule is broken #5365

gryphius opened this issue Jun 2, 2017 · 1 comment · Fixed by #5369


Copy link

gryphius commented Jun 2, 2017

  • Program: dnsdist
  • Issue type: Bug report

Short description

RecordsTypeCountRule() does not work as expected.
RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,1 )
Should hit if the answer section has exactly one CNAME record in it, however, the rule does not currently hit if there is a CNAME and an A record in the answer section.


  • Operating system: Centos 7
  • Software version: dnsdist 0.0.1582gc4083e2 (Lua 5.1.4 [LuaJIT 2.0.4])
    Enabled features: dnscrypt libsodium protobuf re2 systemd
  • Software source: powerdns repository

Steps to reproduce

  1. create a response rule which expects exactly one CNAME record:
    addResponseAction(RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,1 ) , RemoteLogResponseAction( newRemoteLogger(''), nil, true))
  2. for good measurement, create another one that expects one or two CNAME records:
    addResponseAction(RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,2 ) , RemoteLogResponseAction( newRemoteLogger(''), nil, true))
  3. perform a query which returns a CNAME and A reord in the answer section:
  4. show the rule stats

Expected behaviour

The first rule should have a match, the second one shouldn't

Actual behaviour

The second rule has a match, the first one doesn't

> showResponseRules()
#     Matches Rule                                               Action
0           0 1 <= CNAME records in AN <= 1                      remote log response to
1           1 1 <= CNAME records in AN <= 2                      remote log response to

Other information

I may be wrong , but it looks like there is some copy-pasted code from RecordsCountRule which prevents the logic from RecordsTypeCountRule of being evaluated:

Copy link

rgacogne commented Jun 2, 2017

Thank you for reporting this issue, it should be fixed by #5369!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

Successfully merging a pull request may close this issue.

2 participants