ref: 0feb60e566660099b427054a82e4305a964a20f3
parent: 3d8f7832675e77e1daea2bb7486a851a711ff500
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Sat Aug 3 20:52:39 EDT 2013
dns: ignore spam addresses from cname answers
--- a/sys/src/cmd/ndb/dnresolve.c
+++ b/sys/src/cmd/ndb/dnresolve.c
@@ -1091,8 +1091,20 @@
unique(mp->ns);
unique(mp->ar);
- if(mp->an)
+ if(mp->an){+ /*
+ * only use cname answer when returned. some dns servers
+ * attach spam address records which poisons the cache.
+ */
+ if((tp = rrremtype(&mp->an, Tcname)) != 0){+ if(mp->an){+ dnslog("removing spam %Q for %Q from %I", mp->an, tp, srcip);+ rrfreelist(mp->an);
+ }
+ mp->an = tp;
+ }
rrattach(mp->an, (mp->flags & Fauth) != 0);
+ }
if(mp->ar)
rrattach(mp->ar, Notauthoritative);
if(mp->ns && !cfg.justforw){--
⑨