Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Check the flags to detect collisions in the packet cache #6747

Merged
merged 1 commit into from
Jun 28, 2018

Conversation

rgacogne
Copy link
Member

Short description

In the unlikely but quite real event two queries with the same qname, qtype and qclass but different EDNS options or flags end up with the same hash, the packet cache would return a answer that might
not be suitable for the query. Reduce the odds by checking the flags present in the dns header in addition to the qname, qtype and qclass.
For the same reason we might need to consider storing the ECS subnet if any.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

In the unlikely but quite real event two queries with the same qname,
qtype and qclass but different EDNS options or flags end up with
the same hash, the packet cache would return a answer that might
not be suitable for the query. Reduce the odds by checking the
flags present in the dns header in addition to the qname, qtype
and qclass.
For the same reason we might need to consider storing the ECS
subnet if any.
@rgacogne rgacogne force-pushed the dnsdist-flags-collision branch from 1b3fe00 to 8dcdbdb Compare June 22, 2018 09:09
@rgacogne rgacogne merged commit fc6e4aa into PowerDNS:master Jun 28, 2018
@rgacogne rgacogne deleted the dnsdist-flags-collision branch June 28, 2018 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant