From 93e423cfe107ba2ea28cbd74d9526cea2af9b8cd Mon Sep 17 00:00:00 2001
From: Yip Rui Fung <rf@yrf.me>
Date: Sat, 9 Dec 2023 13:14:46 +0800
Subject: [PATCH] DnsRebindBlocking: Exclude authoritative responses.

---
 Apps/DnsRebindBlockingApp/App.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Apps/DnsRebindBlockingApp/App.cs b/Apps/DnsRebindBlockingApp/App.cs
index 6602ef87..b40d89f4 100644
--- a/Apps/DnsRebindBlockingApp/App.cs
+++ b/Apps/DnsRebindBlockingApp/App.cs
@@ -46,7 +46,8 @@ namespace DnsRebindBlocking
 
         public Task<DnsDatagram> PostProcessAsync(DnsDatagram request, IPEndPoint remoteEP, DnsTransportProtocol protocol, DnsDatagram response)
         {
-            if (!Config.Enabled)
+            // Do not filter authoritative responses. Because in this case any rebinding is intentional.
+            if (!Config.Enabled || response.AuthoritativeAnswer)
                 return Task.FromResult(response);
             
             var answers = response.Answer.Where(res => !IsFilteredRebind(res)).ToList();