From 2a8bf4f6bbb954398d594d7986f41c3caefd93fd Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 18 Jul 2024 13:35:41 +1000 Subject: [PATCH] Fix gratuitious DNS protocol errors in the ANS servers The ANS servers were not to written to handle NS queries at the QNAME resulting in gratuitious protocol errors that will break tests when NS requests are made for the QNAME. (cherry picked from commit 0680eb6f64c13bcf8239b263b12f651d47bb91f8) --- bin/tests/system/cookie/ans9/ans.py | 25 ++++-- bin/tests/system/qmin/ans2/ans.py | 97 +++++++++++++++++++----- bin/tests/system/qmin/ans3/ans.py | 17 ++++- bin/tests/system/qmin/ans4/ans.py | 34 +++++++-- bin/tests/system/serve-stale/ans2/ans.pl | 9 +-- 5 files changed, 140 insertions(+), 42 deletions(-) diff --git a/bin/tests/system/cookie/ans9/ans.py b/bin/tests/system/cookie/ans9/ans.py index c3430024aa..a107e938dd 100644 --- a/bin/tests/system/cookie/ans9/ans.py +++ b/bin/tests/system/cookie/ans9/ans.py @@ -104,22 +104,35 @@ def create_response(msg, tcp, first, ns10): r.answer.append(dns.rrset.from_text(qname, 1, IN, A, "10.53.0.10")) dopass2 = True elif rrtype == NS: - r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, ".")) + length = len(labels) + if length == 2: + r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, "ns." + qname)) + if ns10: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.10") + ) + else: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.9") + ) + else: + tld = ".".join(labels[length - 2 :]) + r.authority.append(dns.rrset.from_text(tld, 2, IN, SOA, ". . 0 0 0 0 2")) elif rrtype == SOA: - r.answer.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.answer.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) else: - r.authority.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.authority.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) # Add a server cookie to the response - if labels[0] != "nocookie": + if labels[0] != "nocookie" or rrtype != A: for o in m.options: if o.otype == 10: # Use 10 instead of COOKIE - if first and labels[0] == "withtsig" and not tcp: + if first and labels[0] == "withtsig" and not tcp and rrtype == A: r.use_tsig( keyring=keyring, keyname=dns.name.from_text("fake"), algorithm=HMAC_SHA256, ) - elif labels[0] != "tcponly" or tcp: + elif labels[0] != "tcponly" or tcp or rrtype != A: cookie = o try: if len(o.server) == 0: diff --git a/bin/tests/system/qmin/ans2/ans.py b/bin/tests/system/qmin/ans2/ans.py index 1994ff35db..d372c2003b 100755 --- a/bin/tests/system/qmin/ans2/ans.py +++ b/bin/tests/system/qmin/ans2/ans.py @@ -212,6 +212,19 @@ def create_response(msg): "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" ) ) + r.flags |= dns.flags.AA + elif lqname == "ns2.stale.": + if rrtype == A: + r.additional.append( + dns.rrset.from_text("ns.b.stale.", 2, IN, A, "10.53.0.2") + ) + else: + r.authority.append( + dns.rrset.from_text( + "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" + ) + ) + r.flags |= dns.flags.AA else: # NXDOMAIN r.authority.append( @@ -257,30 +270,72 @@ def create_response(msg): elif lqname == "" and rrtype == NS: r.answer.append(dns.rrset.from_text(suffix, 30, IN, NS, "ns2." + suffix)) r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2")) + elif lqname == "ns2.": r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2") - ) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns3.": r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3")) - r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3") - ) - r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4")) - r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4") - ) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3") + ) + elif lqname == "ns3." and rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns4.": r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) elif lqname == "a.bit.longer.ns.name." and rrtype == A: r.answer.append( dns.rrset.from_text("a.bit.longer.ns.name." + suffix, 1, IN, A, "10.53.0.4") diff --git a/bin/tests/system/qmin/ans3/ans.py b/bin/tests/system/qmin/ans3/ans.py index 079c3d2cda..b5ae73c3fa 100755 --- a/bin/tests/system/qmin/ans3/ans.py +++ b/bin/tests/system/qmin/ans3/ans.py @@ -97,17 +97,16 @@ def create_response(msg): ip6req = True elif endswith(lqname, "a.b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "peekaboo")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -115,7 +114,6 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA else: # NODATA. r.authority.append( @@ -123,7 +121,20 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) + else: + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) else: + r.flags |= dns.flags.AA r.authority.append( dns.rrset.from_text( lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" diff --git a/bin/tests/system/qmin/ans4/ans.py b/bin/tests/system/qmin/ans4/ans.py index f3d00c3514..517217aec1 100755 --- a/bin/tests/system/qmin/ans4/ans.py +++ b/bin/tests/system/qmin/ans4/ans.py @@ -98,17 +98,16 @@ def create_response(msg): ip6req = True elif endswith(lqname, "b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "hooray")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -116,7 +115,19 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) else: # NODATA. r.authority.append( @@ -125,13 +136,13 @@ def create_response(msg): ) ) elif lqname == "b.stale.": + r.flags |= dns.flags.AA if rrtype == NS: # NS b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.b.stale.")) r.additional.append( dns.rrset.from_text("ns.b.stale.", 1, IN, A, "10.53.0.4") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA b. r.answer.append( @@ -139,7 +150,20 @@ def create_response(msg): lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + # SOA a.b. + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.4") + ) else: # NODATA. r.authority.append( diff --git a/bin/tests/system/serve-stale/ans2/ans.pl b/bin/tests/system/serve-stale/ans2/ans.pl index 3fdc1fc9aa..fed26967fe 100644 --- a/bin/tests/system/serve-stale/ans2/ans.pl +++ b/bin/tests/system/serve-stale/ans2/ans.pl @@ -185,13 +185,8 @@ sub reply_handler { } $rcode = "NOERROR"; } elsif ($qname eq "shortttl.cname.example") { - if ($qtype eq "A") { - my $rr = new Net::DNS::RR($SHORTCNAME); - push @ans, $rr; - } else { - my $rr = new Net::DNS::RR($negSOA); - push @auth, $rr; - } + my $rr = new Net::DNS::RR($SHORTCNAME); + push @ans, $rr; $rcode = "NOERROR"; } elsif ($qname eq "longttl.target.example") { if ($slow_response) {