From 2c598dcaec88956e9a2b4944ddef78e8be0a8676 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Sun, 4 Apr 2021 21:14:51 -0400
Subject: [PATCH] Change default failures to 3 and timeout to 5sec

Also, check that the opcode and response flag are correct when
parsing responses.

When handling a resolve call, ensure no errors occured.
---
 exec/load/dns.js | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/exec/load/dns.js b/exec/load/dns.js
index 0f3693244b..d7e730232b 100644
--- a/exec/load/dns.js
+++ b/exec/load/dns.js
@@ -403,12 +403,16 @@ DNS.prototype.handle_response = function(sock) {
 
 	ret.id = id;
 	ret.response = !!(ascii(resp[2]) & 1);
+	if (!ret.response)
+		return null;
 	ret.opcode = (ascii(resp[2]) & 0x1e) >> 1;
+	if (ret.opcode !== 0)
+		return null;
 	ret.authoritative = !!(ascii(resp[2]) & (1<<5));
 	ret.truncation = !!(ascii(resp[2]) & (1<<6));
 	ret.recusrion = !!(ascii(resp[2]) & (1<<7));
 	ret.reserved = ascii(resp[3]) & 7;
-	ret.rcode = ascii(resp[3] & 0xf1) >> 3;
+	ret.rcode = ascii(resp[3] & 0xf0) >> 4;
 
 	queries = string_to_int16(resp.substr(4, 2));
 	answers = string_to_int16(resp.substr(6, 2));
@@ -498,9 +502,9 @@ DNS.prototype.asynchronous_query = function(queries, /* queryStr, type, class, *
 	if (recursive === undefined)
 		recursive = true;
 	if (timeout === undefined)
-		timeout = 1000;
+		timeout = 5000;
 	if (failures === undefined)
-		failures = 1;
+		failures = 3;
 	if (failed === undefined)
 		failed = 0;
 
@@ -539,9 +543,9 @@ DNS.prototype.synchronous_query = function(queries, callback, thisObj, recursive
 	if (recursive === undefined)
 		recursive = true;
 	if (timeout === undefined)
-		timeout = 1000;
+		timeout = 5000;
 	if (failures === undefined)
-		failures = 1;
+		failures = 3;
 	if (failed === undefined)
 		failed = 0;
 
@@ -717,6 +721,8 @@ DNS.prototype.resolveTypeClass = function(host, type, class, callback, thisObj)
 			resp.answers.forEach(function(ans) {
 				if (resp.queries[0].type != ans.type || resp.queries[0].class != ans.class)
 					return;
+				if (resp.rcode !== 0)
+					return;
 				this.ret.push(ans.rdata);
 			}, this);
 		}
-- 
GitLab