From cf5984367bc6a949e3803a576512c5a7bc48ebab Mon Sep 17 00:00:00 2001
From: Vladislav Grishenko <themiron@mail.ru>
Date: Thu, 18 Oct 2018 04:55:21 +0500
Subject: [PATCH 04/32] Don't forward *.bind/*.server queries upstream

Chaos .bind and .server (RFC4892) zones are local, therefore
don't forward queries upstream to avoid mixing with supported
locally and false replies with NO_ID enabled.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---
 src/rfc1035.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

--- a/src/rfc1035.c
+++ b/src/rfc1035.c
@@ -1276,7 +1276,7 @@ size_t answer_request(struct dns_header
   int q, ans, anscount = 0, addncount = 0;
   int dryrun = 0;
   struct crec *crecp;
-  int nxdomain = 0, auth = 1, trunc = 0, sec_data = 1;
+  int nxdomain = 0, notimp = 0, auth = 1, trunc = 0, sec_data = 1;
   struct mx_srv_record *rec;
   size_t len;
 
@@ -1355,6 +1355,17 @@ size_t answer_request(struct dns_header
 	    }
 	}
 
+      if (qclass == C_CHAOS)
+	{
+	  /* don't forward *.bind and *.server chaos queries */
+	  if (hostname_issubdomain("bind", name) || hostname_issubdomain("server", name))
+	    {
+	      if (!ans)
+		notimp = 1, auth = 0;
+	      ans = 1;
+	    }
+	}
+
       if (qclass == C_IN)
 	{
 	  struct txt_record *t;
@@ -1903,6 +1914,8 @@ size_t answer_request(struct dns_header
   
   if (nxdomain)
     SET_RCODE(header, NXDOMAIN);
+  else if (notimp)
+    SET_RCODE(header, NOTIMP);
   else
     SET_RCODE(header, NOERROR); /* no error */
   header->ancount = htons(anscount);