[dnsdist] RecordsTypeCountRule is broken #5365
Description
- Program: dnsdist
- Issue type: Bug report
Short description
RecordsTypeCountRule() does not work as expected.
RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,1 )
Should hit if the answer section has exactly one CNAME record in it, however, the rule does not currently hit if there is a CNAME and an A record in the answer section.
Environment
- Operating system: Centos 7
- Software version: dnsdist 0.0.1582gc4083e2 (Lua 5.1.4 [LuaJIT 2.0.4])
Enabled features: dnscrypt libsodium protobuf re2 systemd - Software source: powerdns repository
Steps to reproduce
- create a response rule which expects exactly one CNAME record:
addResponseAction(RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,1 ) , RemoteLogResponseAction( newRemoteLogger('127.0.0.1:4242'), nil, true)) - for good measurement, create another one that expects one or two CNAME records:
addResponseAction(RecordsTypeCountRule(DNSSection.Answer, dnsdist.CNAME, 1,2 ) , RemoteLogResponseAction( newRemoteLogger('127.0.0.1:4242'), nil, true)) - perform a query which returns a CNAME and A reord in the answer section:
dig www.switch.ch - show the rule stats
showResponseRules()
Expected behaviour
The first rule should have a match, the second one shouldn't
Actual behaviour
The second rule has a match, the first one doesn't
> showResponseRules()
# Matches Rule Action
0 0 1 <= CNAME records in AN <= 1 remote log response to 127.0.0.1:4242
1 1 1 <= CNAME records in AN <= 2 remote log response to 127.0.0.1:4242
Other information
I may be wrong , but it looks like there is some copy-pasted code from RecordsCountRule which prevents the logic from RecordsTypeCountRule of being evaluated:
https://github.com/PowerDNS/pdns/blob/master/pdns/dnsrulactions.hh#L480-L496