Filter AAAA: allow modification of unsigned responses for DNSSEC-aware

clients Fixes #1105
2026-01-06 08:45:32 +00:00 · 2024-11-12 23:45:23 +01:00
parent 0f83d23e60
commit e6979353b2
1 changed files with 10 additions and 1 deletions
--- a/Apps/FilterAaaaApp/App.cs
+++ b/Apps/FilterAaaaApp/App.cs
@@ -116,7 +116,16 @@ namespace FilterAaaa
                return response;

            if (request.DnssecOk)
-                return response;
+            {
+                foreach (DnsResourceRecord record in response.Answer)
+                {
+                    if (record.Type == DnsResourceRecordType.RRSIG)
+                    {
+                        //response is signed and the client is DNSSEC aware; must not be modified
+                        return response;
+                    }
+                }
+            }

            if (response.RCODE != DnsResponseCode.NoError)
                return response;