Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
dnsdist lua nxdomain spoof echoes flags and EDNS options #6348
When spoofing NXDOMAINs from a lua rule in dnsdist, the flags and EDNS options from the query blindly get echoed in the response completely, which is bad.
Steps to reproduce
Note the CLIENT-SUBNET, COOKIE and OPT lines. Also note that the
changed the title from
dnsdist lua nxdomain spoof echoes EDNS options
dnsdist lua nxdomain spoof echoes (EDNS) options
Mar 14, 2018
I've been trying to figure out how to best fix this. I could either remove the entire OPT record, just unset all flags and options, or just unset specific options and flags. The first two options might have unwanted side effects, and the last option might become alot of work to maintain. It might be better to allow you to specify what flags and options to set somehow, however for example the DO-bit needs to be influenced by the query.