Ignore DNS queries with RRs

DNS queries with optional records (RRs), for example, with cookies for EDNS, are not supported by the OVN resolver. Trying to reply sometimes results in mangled responses that clients do not understand. Instead, just return early when one is present, which should trigger a negative response and cause clients to go to the upstream forwarder, hopefully resulting in a successful query. Closes issue ovn-org#192 Signed-off-by: Brian Haley <haleyb.dev@gmail.com>
brianphaley · May 22, 2023 · d560558 · d560558
1 parent 939f054
commit d560558
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/controller/pinctrl.c b/controller/pinctrl.c
@@ -2864,6 +2864,13 @@ pinctrl_handle_dns_lookup(
         goto exit;
     }
 
+    /* Check if there is an additional record present, which is unsupported */
+    if (in_dns_header->arcount) {
+        VLOG_DBG_RL(&rl, "Received DNS query with additional records, which"
+                    " is unsupported");
+        goto exit;
+    }
+
     struct udp_header *in_udp = dp_packet_l4(pkt_in);
     size_t udp_len = ntohs(in_udp->udp_len);
     size_t l4_len = dp_packet_l4_size(pkt_in);