Fix handling of dnssec-retry queries. #1438
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
By submitting this pull request, I confirm the following:
How familiar are you with the codebase?:
10
The most recent FTL release contains
dnsmasq v2.87rc1
which causes a regression fordnssec-retry
queries leading to a bug where FTL isn't able to interpret the query type asDS
/DNSKEY
and incorrectly infersTYPE<upstream-port>
as query type:(picture taken from related Discourse topic)
Subsequently, FTL fails to analyze the content of this query (as it doesn't know how to handle, e.g.
TYPE5335
) and simply logsBLOB
as return type (= some unknown binary stuff).It is worth pointing out that DNS blocking and internal DNSSEC verification still works fine making this a displaying bug only.