| Message ID | 20230522200003.363328-1-haleyb.dev@gmail.com |
|---|---|
| State | Superseded |
| Headers | show |
| Series | [ovs-dev] controller: Ignore DNS queries with RRs | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
| ovsrobot/github-robot-_ovn-kubernetes | success | github build: passed |
diff --git a/controller/pinctrl.c b/controller/pinctrl.c index b5df8b1eb..b45b4c747 100644 --- a/controller/pinctrl.c +++ b/controller/pinctrl.c @@ -2864,6 +2864,13 @@ pinctrl_handle_dns_lookup( goto exit; } + /* Check if there is an additional record present, which is unsupported */ + if (in_dns_header->arcount) { + VLOG_DBG_RL(&rl, "Received DNS query with additional records, which" + " is unsupported"); + goto exit; + } + struct udp_header *in_udp = dp_packet_l4(pkt_in); size_t udp_len = ntohs(in_udp->udp_len); size_t l4_len = dp_packet_l4_size(pkt_in);
DNS queries with optional records (RRs), for example, with cookies for EDNS, are not supported by the OVN resolver. Trying to reply sometimes results in mangled responses that clients do not understand. Instead, just return early when one is present, which should trigger a negative response and cause clients to go to the upstream forwarder, hopefully resulting in a successful query. Signed-off-by: Brian Haley <haleyb.dev@gmail.com> --- controller/pinctrl.c | 7 +++++++ 1 file changed, 7 insertions(+)