diff --git a/src/net/server/middleware/mandatory.rs b/src/net/server/middleware/mandatory.rs index 21ff82762..fffea530d 100644 --- a/src/net/server/middleware/mandatory.rs +++ b/src/net/server/middleware/mandatory.rs @@ -35,9 +35,11 @@ pub const MINIMUM_RESPONSE_BYTE_LEN: u16 = 512; /// |--------|---------| /// | [1035] | TBD | /// | [2181] | TBD | +/// | [9619] | TBD | /// /// [1035]: https://datatracker.ietf.org/doc/html/rfc1035 /// [2181]: https://datatracker.ietf.org/doc/html/rfc2181 +/// [9619]: https://datatracker.ietf.org/doc/html/rfc9619 #[derive(Clone, Debug)] pub struct MandatoryMiddlewareSvc { /// The upstream [`Service`] to pass requests to and receive responses @@ -203,12 +205,29 @@ where // "Therefore IQUERY is now obsolete, and name servers SHOULD return // a "Not Implemented" error when an IQUERY request is received." if self.strict && msg.header().opcode() == Opcode::IQUERY { + debug!("RFC 3425 violation: request opcode IQUERY is obsolete."); + return ControlFlow::Break(mk_error_response( + msg, + OptRcode::NOTIMP, + )); + } + + // https://datatracker.ietf.org/doc/html/rfc9619#section-4 + // 4. Updates to RFC 1035 + // ... + // "A DNS message with OPCODE = 0 and QDCOUNT > 1 MUST be treated as + // an incorrectly formatted message. The value of the RCODE + // parameter in the response message MUST be set to 1 (FORMERR)." + if self.strict + && msg.header().opcode() == Opcode::QUERY + && msg.header_counts().qdcount() > 1 + { debug!( - "RFC 3425 3 violation: request opcode IQUERY is obsolete." + "RFC 9619 violation: request opcode QUERY with QDCOUNT > 1." ); return ControlFlow::Break(mk_error_response( msg, - OptRcode::NOTIMP, + OptRcode::FORMERR, )); }