From 4712e24749affa73ccb508f8119f0655e888373d Mon Sep 17 00:00:00 2001
From: Daniel Nephin <dnephin@hashicorp.com>
Date: Tue, 13 Apr 2021 17:48:29 -0400
Subject: [PATCH] dns: trim response immediately before the write

Previously the response was being trimmed before adding the EDNS values, which could cause it to exceed
the max size.
---
 agent/dns.go      | 10 +++-------
 agent/dns_test.go |  1 +
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/agent/dns.go b/agent/dns.go
index ac1f28242..033d528ad 100644
--- a/agent/dns.go
+++ b/agent/dns.go
@@ -507,7 +507,7 @@ func (d *DNSServer) handleQuery(resp dns.ResponseWriter, req *dns.Msg) {
 
 	setEDNS(req, m, !errors.Is(err, errECSNotGlobal))
 
-	//d.trimDNSResponse(cfg, network, req, m)
+	d.trimDNSResponse(cfg, network, req, m)
 
 	if err := resp.WriteMsg(m); err != nil {
 		d.logger.Warn("failed to respond", "error", err)
@@ -1270,10 +1270,8 @@ func (d *DNSServer) serviceLookup(cfg *dnsConfig, lookup serviceLookup, req, res
 		d.serviceNodeRecords(cfg, lookup.Datacenter, out.Nodes, req, resp, ttl, lookup.MaxRecursionLevel)
 	}
 
-	d.trimDNSResponse(cfg, lookup.Network, req, resp)
-
 	// If the answer is empty and the response isn't truncated, return not found
-	if len(resp.Answer) == 0 && !resp.Truncated {
+	if len(resp.Answer) == 0 {
 		return errNoAnswer
 	}
 	return nil
@@ -1378,10 +1376,8 @@ func (d *DNSServer) preparedQueryLookup(cfg *dnsConfig, network, datacenter, que
 		d.serviceNodeRecords(cfg, out.Datacenter, out.Nodes, req, resp, ttl, maxRecursionLevel)
 	}
 
-	d.trimDNSResponse(cfg, network, req, resp)
-
 	// If the answer is empty and the response isn't truncated, return not found
-	if len(resp.Answer) == 0 && !resp.Truncated {
+	if len(resp.Answer) == 0 {
 		return errNoAnswer
 	}
 	return nil
diff --git a/agent/dns_test.go b/agent/dns_test.go
index 36f774b68..0d344baa5 100644
--- a/agent/dns_test.go
+++ b/agent/dns_test.go
@@ -545,6 +545,7 @@ func TestDNS_NodeLookup_CNAME(t *testing.T) {
 
 	m := new(dns.Msg)
 	m.SetQuestion("google.node.consul.", dns.TypeANY)
+	m.SetEdns0(8192, true)
 
 	c := new(dns.Client)
 	in, _, err := c.Exchange(m, a.DNSAddr())