dns: ignore spam addresses from cname answers

author: cinap_lenrek <cinap_lenrek@gmx.de> 2013-08-04 00:52:39 +0200
committer: cinap_lenrek <cinap_lenrek@gmx.de> 2013-08-04 00:52:39 +0200
commit: 7dee88ec33e281ae3771e95b6dfe35e9f6ce4fd4 (patch)
tree: 064bdd5012b79293c54e6d4d4846f88897a52ff8 /sys/src/cmd/ndb
parent: 631ac3d2e229835e15d5c5e9906d118c19f1c0c1 (diff)
1 files changed, 13 insertions, 1 deletions
diff --git a/sys/src/cmd/ndb/dnresolve.c b/sys/src/cmd/ndb/dnresolve.c
index 56b8024f9..b21289c2b 100644
--- a/sys/src/cmd/ndb/dnresolve.c
+++ b/sys/src/cmd/ndb/dnresolve.c
@@ -1091,8 +1091,20 @@ procansw(Query *qp, DNSmsg *mp, uchar *srcip, int depth, Dest *p)
 	unique(mp->ns);
 	unique(mp->ar);
 
-	if(mp->an)
+	if(mp->an){
+		/*
+		 * only use cname answer when returned. some dns servers
+		 * attach spam address records which poisons the cache.
+		 */
+		if((tp = rrremtype(&mp->an, Tcname)) != 0){
+			if(mp->an){
+				dnslog("removing spam %Q for %Q from %I", mp->an, tp, srcip);
+				rrfreelist(mp->an);
+			}
+			mp->an = tp;
+		}
 		rrattach(mp->an, (mp->flags & Fauth) != 0);
+	}
 	if(mp->ar)
 		rrattach(mp->ar, Notauthoritative);
 	if(mp->ns && !cfg.justforw){
author	cinap_lenrek <cinap_lenrek@gmx.de>	2013-08-04 00:52:39 +0200
committer	cinap_lenrek <cinap_lenrek@gmx.de>	2013-08-04 00:52:39 +0200
commit	7dee88ec33e281ae3771e95b6dfe35e9f6ce4fd4 (patch)
tree	064bdd5012b79293c54e6d4d4846f88897a52ff8 /sys/src/cmd/ndb
parent	631ac3d2e229835e15d5c5e9906d118c19f1c0c1 (diff)