From 6dc7c4245a8daa8942d300cef744fef0e36f4d93 Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Fri, 7 Aug 2020 15:43:40 +0200
Subject: [PATCH 1/2] dns server: improve error reporting of incoming packets
 (fixes #166)

---
 server/dns_server.ml | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/server/dns_server.ml b/server/dns_server.ml
index af75bcca1..40e4cb470 100644
--- a/server/dns_server.ml
+++ b/server/dns_server.ml
@@ -346,31 +346,24 @@ let handle_ixfr_request t m proto key ((zone, _) as question) soa =
 
 let safe_decode buf =
   match Packet.decode buf with
-  | Error e ->
-    Logs.err (fun m -> m "error %a while decoding, giving up" Packet.pp_err e);
-    rx_metrics (`Rcode_error (Rcode.FormErr, Opcode.Query, None));
-    Error Rcode.FormErr
-(*  | Error `Partial ->
-    Log.err (fun m -> m "partial frame (length %d)@.%a" (Cstruct.len buf) Cstruct.hexdump_pp buf);
-    Packet.create <<no header>> <<no question>> Dns_enum.FormErr
   | Error (`Bad_edns_version i) ->
     Log.err (fun m -> m "bad edns version error %u while decoding@.%a"
                  i Cstruct.hexdump_pp buf);
-    Error Dns_enum.BadVersOrSig
+    Error Rcode.BadVersOrSig
   | Error (`Not_implemented (off, msg)) ->
     Log.err (fun m -> m "not implemented at %d: %s while decoding@.%a"
                 off msg Cstruct.hexdump_pp buf);
-    Error Dns_enum.NotImp
+    Error Rcode.NotImp
   | Error e ->
-    Log.err (fun m -> m "error %a while decoding@.%a"
-                 Packet.pp_err e Cstruct.hexdump_pp buf);
-    Error Dns_enum.FormErr *)
+    Log.err (fun m -> m "error %a while decoding, giving up" Packet.pp_err e);
+    rx_metrics (`Rcode_error (Rcode.FormErr, Opcode.Query, None));
+    Error Rcode.FormErr
   | Ok v ->
     rx_metrics v.Packet.data;
     Ok v
 
 let handle_question t (name, typ) =
-  (* TODO white/blacklist of allowed qtypes? what about ANY and UDP? *)
+  (* TODO allow/disallowlist of allowed qtypes? what about ANY and UDP? *)
   match typ with
   (* this won't happen, decoder constructs `Axfr *)
   | `Axfr | `Ixfr -> Error (Rcode.NotImp, None)

From f1735fc458642385081c54a98f68303076433e41 Mon Sep 17 00:00:00 2001
From: Hannes Mehnert <hannes@mehnert.org>
Date: Fri, 7 Aug 2020 16:00:24 +0200
Subject: [PATCH 2/2] [ci skip] changes for 4.6.2

---
 CHANGES.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index c80a09d07..ec9a351c0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,12 @@
+### v4.6.2 (2020-08-07)
+
+* fixes for 32 bit support (OCaml-CI now runs on 32 bit) in test suite and EDNS
+* dns: fix EDNS flag decoding and encoding (16 bit only)
+  reported in #234 by @dinosaure, fix #235 by @hannesm
+* dns-server: reply to unsupported EDNS version (not 0) with
+  rcode=16 (BadVersOrSig), as required by RFC 6891, and tested by DNS flag day
+  issue #166, fix in #237 by @hannesm
+
 ### v4.6.1 (2020-06-20)
 
 * dns-client.lwt, dns-client.unix: initialize RNG (#232 @hannesm)