From 2a7a2b84eca108c8147122265ed81f86c66e5c07 Mon Sep 17 00:00:00 2001
From: Simon Kelley <simon@thekelleys.org.uk>
Date: Sat, 22 Mar 2014 19:18:06 +0000
Subject: Ignore DNS queries from port 0:
 http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html

---
 src/forward.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/src/forward.c b/src/forward.c
index 4dc3dca..3f4ec62 100644
--- a/src/forward.c
+++ b/src/forward.c
@@ -1076,11 +1076,24 @@ void receive_query(struct listener *listen, time_t now)
     return;
   
   source_addr.sa.sa_family = listen->family;
+  
+  if (listen->family == AF_INET)
+    {
+       /* Source-port == 0 is an error, we can't send back to that. 
+	  http://www.ietf.org/mail-archive/web/dnsop/current/msg11441.html */
+      if (source_addr.in.sin_port == 0)
+	return;
+    }
 #ifdef HAVE_IPV6
-  if (listen->family == AF_INET6)
-    source_addr.in6.sin6_flowinfo = 0;
+  else
+    {
+      /* Source-port == 0 is an error, we can't send back to that. */
+      if (source_addr.in6.sin6_port == 0)
+	return;
+      source_addr.in6.sin6_flowinfo = 0;
+    }
 #endif
-
+  
   /* We can be configured to only accept queries from at-most-one-hop-away addresses. */
   if (option_bool(OPT_LOCAL_SERVICE))
     {
-- 
cgit v1.2.1