You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 lines
1.1 KiB
38 lines
1.1 KiB
6 years ago
|
diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
|
||
|
|
index 2bc4461..d9de369 100644
|
||
|
|
--- a/lib/dns/resolver.c
|
||
|
|
+++ b/lib/dns/resolver.c
|
||
|
|
@@ -6533,6 +6533,19 @@ answer_response(fetchctx_t *fctx) {
|
||
|
|
log_formerr(fctx, "NSEC3 in answer");
|
||
|
|
return (DNS_R_FORMERR);
|
||
|
|
}
|
||
|
|
+ if (rdataset->type == dns_rdatatype_tkey) {
|
||
|
|
+ /*
|
||
|
|
+ * TKEY is not a valid record in a
|
||
|
|
+ * response to any query we can make.
|
||
|
|
+ */
|
||
|
|
+ log_formerr(fctx, "TKEY in answer");
|
||
|
|
+ return (DNS_R_FORMERR);
|
||
|
|
+ }
|
||
|
|
+ if (rdataset->rdclass != fctx->res->rdclass) {
|
||
|
|
+ log_formerr(fctx, "Mismatched class "
|
||
|
|
+ "in answer");
|
||
|
|
+ return (DNS_R_FORMERR);
|
||
|
|
+ }
|
||
|
|
|
||
|
|
/*
|
||
|
|
* Apply filters, if given, on answers to reject
|
||
|
|
@@ -6719,6 +6732,12 @@ answer_response(fetchctx_t *fctx) {
|
||
|
|
rdataset != NULL;
|
||
|
|
rdataset = ISC_LIST_NEXT(rdataset, link))
|
||
|
|
{
|
||
|
|
+ if (rdataset->rdclass != fctx->res->rdclass) {
|
||
|
|
+ log_formerr(fctx, "Mismatched class "
|
||
|
|
+ "in answer");
|
||
|
|
+ return (DNS_R_FORMERR);
|
||
|
|
+ }
|
||
|
|
+
|
||
|
|
/*
|
||
|
|
* Only pass DNAME or RRSIG(DNAME).
|
||
|
|
*/
|