dns: ignore spam addresses from cname answers
This commit is contained in:
parent
631ac3d2e2
commit
7dee88ec33
1 changed files with 13 additions and 1 deletions
|
@ -1091,8 +1091,20 @@ procansw(Query *qp, DNSmsg *mp, uchar *srcip, int depth, Dest *p)
|
|||
unique(mp->ns);
|
||||
unique(mp->ar);
|
||||
|
||||
if(mp->an)
|
||||
if(mp->an){
|
||||
/*
|
||||
* only use cname answer when returned. some dns servers
|
||||
* attach spam address records which poisons the cache.
|
||||
*/
|
||||
if((tp = rrremtype(&mp->an, Tcname)) != 0){
|
||||
if(mp->an){
|
||||
dnslog("removing spam %Q for %Q from %I", mp->an, tp, srcip);
|
||||
rrfreelist(mp->an);
|
||||
}
|
||||
mp->an = tp;
|
||||
}
|
||||
rrattach(mp->an, (mp->flags & Fauth) != 0);
|
||||
}
|
||||
if(mp->ar)
|
||||
rrattach(mp->ar, Notauthoritative);
|
||||
if(mp->ns && !cfg.justforw){
|
||||
|
|
Loading…
Reference in a new issue