- Fix #759: 0x20 capsforid no longer checks type PTR, for

compatibility with cisco dns guard.  This lowers false positives.


git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@3715 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -1,3 +1,7 @@
+28 April 2016: Wouter
+	- Fix #759: 0x20 capsforid no longer checks type PTR, for
+	  compatibility with cisco dns guard.  This lowers false positives.
+
 18 April 2016: Wouter
 	- Fix some malformed reponses to edns queries get fallback to nonedns.
 

services/outside_network.c

@@ -1527,7 +1527,10 @@ serviced_callbacks(struct serviced_query* sq, int error, struct comm_point* c,
 	sq->to_be_deleted = 1; 
 	verbose(VERB_ALGO, "svcd callbacks start");
 	if(sq->outnet->use_caps_for_id && error == NETEVENT_NOERROR && c &&
-		!sq->nocaps) {
+		!sq->nocaps && sq->qtype != LDNS_RR_TYPE_PTR) {
+		/* for type PTR do not check perturbed name in answer,
+		 * compatibility with cisco dns guard boxes that mess up
+		 * reverse queries 0x20 contents */
 		/* noerror and nxdomain must have a qname in reply */
 		if(sldns_buffer_read_u16_at(c->buffer, 4) == 0 &&
 			(LDNS_RCODE_WIRE(sldns_buffer_begin(c->buffer))