From 525aaa04579926c49b51179abb8cd23f673022e1 Mon Sep 17 00:00:00 2001
From: Ximon Eighteen <3304436+ximon18@users.noreply.github.com>
Date: Wed, 2 Oct 2024 21:43:33 +0200
Subject: [PATCH] Extend MandatoryMiddlewareSvc with an RFC 9619 check for
 opcode QUERY with QDCOUNT > 1.

---
 src/net/server/middleware/mandatory.rs | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/net/server/middleware/mandatory.rs b/src/net/server/middleware/mandatory.rs
index 21ff82762..fffea530d 100644
--- a/src/net/server/middleware/mandatory.rs
+++ b/src/net/server/middleware/mandatory.rs
@@ -35,9 +35,11 @@ pub const MINIMUM_RESPONSE_BYTE_LEN: u16 = 512;
 /// |--------|---------|
 /// | [1035] | TBD     |
 /// | [2181] | TBD     |
+/// | [9619] | TBD     |
 ///
 /// [1035]: https://datatracker.ietf.org/doc/html/rfc1035
 /// [2181]: https://datatracker.ietf.org/doc/html/rfc2181
+/// [9619]: https://datatracker.ietf.org/doc/html/rfc9619
 #[derive(Clone, Debug)]
 pub struct MandatoryMiddlewareSvc<RequestOctets, NextSvc, RequestMeta> {
     /// The upstream [`Service`] to pass requests to and receive responses
@@ -203,12 +205,29 @@ where
         //   "Therefore IQUERY is now obsolete, and name servers SHOULD return
         //    a "Not Implemented" error when an IQUERY request is received."
         if self.strict && msg.header().opcode() == Opcode::IQUERY {
+            debug!("RFC 3425 violation: request opcode IQUERY is obsolete.");
+            return ControlFlow::Break(mk_error_response(
+                msg,
+                OptRcode::NOTIMP,
+            ));
+        }
+
+        // https://datatracker.ietf.org/doc/html/rfc9619#section-4
+        // 4. Updates to RFC 1035
+        //   ...
+        //   "A DNS message with OPCODE = 0 and QDCOUNT > 1 MUST be treated as
+        //   an incorrectly formatted message. The value of the RCODE
+        //   parameter in the response message MUST be set to 1 (FORMERR)."
+        if self.strict
+            && msg.header().opcode() == Opcode::QUERY
+            && msg.header_counts().qdcount() > 1
+        {
             debug!(
-                "RFC 3425 3 violation: request opcode IQUERY is obsolete."
+                "RFC 9619 violation: request opcode QUERY with QDCOUNT > 1."
             );
             return ControlFlow::Break(mk_error_response(
                 msg,
-                OptRcode::NOTIMP,
+                OptRcode::FORMERR,
             ));
         }