From 6f7e05681ef382d644830647a48f4ee04239d4bc Mon Sep 17 00:00:00 2001
From: Miod Vallat <miod.vallat@open-xchange.com>
Date: Fri, 3 Jan 2025 09:12:58 +0100
Subject: [PATCH] Do not follow CNAME records for ANY or CNAME queries.

The existing logic was only preventing this for CNAME queries.

Fixes #5769
---
 pdns/packethandler.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index ca6d263438c4..496285679dce 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1660,8 +1660,9 @@ std::unique_ptr<DNSPacket> PacketHandler::doQuestion(DNSPacket& p)
       if((rr.dr.d_type == p.qtype.getCode() && !rr.auth) || (rr.dr.d_type == QType::NS && (!rr.auth || !(d_sd.qname==rr.dr.d_name))))
         weHaveUnauth=true;
 
-      if(rr.dr.d_type == QType::CNAME && p.qtype.getCode() != QType::CNAME)
-        weRedirected=true;
+      if (rr.dr.d_type == QType::CNAME && (p.qtype.getCode() != QType::ANY && p.qtype.getCode() != QType::CNAME)) {
+        weRedirected = true;
+      }
 
       if (DP && rr.dr.d_type == QType::ALIAS && (p.qtype.getCode() == QType::A || p.qtype.getCode() == QType::AAAA || p.qtype.getCode() == QType::ANY) && !d_dk.isPresigned(d_sd.qname)) {
         if (!d_doExpandALIAS) {