New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dnsdist] RecordsTypeCountRule is broken #5365

Closed
gryphius opened this Issue Jun 2, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@gryphius
Contributor

gryphius commented Jun 2, 2017

  • Program: dnsdist
  • Issue type: Bug report

Short description

RecordsTypeCountRule() does not work as expected.
RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,1 )
Should hit if the answer section has exactly one CNAME record in it, however, the rule does not currently hit if there is a CNAME and an A record in the answer section.

Environment

  • Operating system: Centos 7
  • Software version: dnsdist 0.0.1582gc4083e2 (Lua 5.1.4 [LuaJIT 2.0.4])
    Enabled features: dnscrypt libsodium protobuf re2 systemd
  • Software source: powerdns repository

Steps to reproduce

  1. create a response rule which expects exactly one CNAME record:
    addResponseAction(RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,1 ) , RemoteLogResponseAction( newRemoteLogger('127.0.0.1:4242'), nil, true))
  2. for good measurement, create another one that expects one or two CNAME records:
    addResponseAction(RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,2 ) , RemoteLogResponseAction( newRemoteLogger('127.0.0.1:4242'), nil, true))
  3. perform a query which returns a CNAME and A reord in the answer section:
    dig www.switch.ch
  4. show the rule stats
    showResponseRules()

Expected behaviour

The first rule should have a match, the second one shouldn't

Actual behaviour

The second rule has a match, the first one doesn't

> showResponseRules()
#     Matches Rule                                               Action
0           0 1 <= CNAME records in AN <= 1                      remote log response to 127.0.0.1:4242
1           1 1 <= CNAME records in AN <= 2                      remote log response to 127.0.0.1:4242

Other information

I may be wrong , but it looks like there is some copy-pasted code from RecordsCountRule which prevents the logic from RecordsTypeCountRule of being evaluated:

https://github.com/PowerDNS/pdns/blob/master/pdns/dnsrulactions.hh#L480-L496

@rgacogne

This comment has been minimized.

Member

rgacogne commented Jun 2, 2017

Thank you for reporting this issue, it should be fixed by #5369!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment