From b5b646fd67b47e9f10766396e0985a1d1f4c48dc Mon Sep 17 00:00:00 2001
From: Robert Edmonds <edmonds@users.noreply.github.com>
Date: Wed, 5 Jan 2022 18:05:00 -0500
Subject: [PATCH] kdig: compare wire format QNAMEs

This commit updates kdig's check_reply_question() function so that it
compares the original wire format QNAME of the query against the
original wire format QNAME of the response. Using knot_pkt_qname()
instead of knot_pkt_wire_qname() only compares the downcased QNAMEs.

RFC 5452:

    4.2.  Matching the Question Section

       DNS packets, both queries and responses, contain a question section.
       Incoming responses should be verified to have a question section that
       is equivalent to that of the outgoing query.

I think "equivalent" here means that the case of the QNAMEs should be
compared too.
---
 src/utils/kdig/kdig_exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/utils/kdig/kdig_exec.c b/src/utils/kdig/kdig_exec.c
index 295fb148d2..1d926b4c5c 100644
--- a/src/utils/kdig/kdig_exec.c
+++ b/src/utils/kdig/kdig_exec.c
@@ -537,7 +537,7 @@ static void check_reply_question(const knot_pkt_t *reply,
 		return;
 	}
 
-	if (!knot_dname_is_equal(knot_pkt_qname(reply), knot_pkt_qname(query)) ||
+	if (!knot_dname_is_equal(knot_pkt_wire_qname(reply), knot_pkt_wire_qname(query)) ||
 	    knot_pkt_qclass(reply) != knot_pkt_qclass(query) ||
 	    knot_pkt_qtype(reply)  != knot_pkt_qtype(query)) {
 		WARN("query/response question sections are different\n");
-- 
GitLab