From 8325f4e872dfa5ce39715db1da3a8529b2670191 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Thu, 18 Jul 2024 13:35:41 +1000 Subject: [PATCH] Fix gratuitious DNS protocol errors in the ANS servers The ANS servers were not to written to handle NS queries at the QNAME resulting in gratuitious protocol errors that will break tests when NS requests are made for the QNAME. (cherry picked from commit 0680eb6f64c13bcf8239b263b12f651d47bb91f8) --- bin/tests/system/cookie/ans9/ans.py | 25 ++++-- bin/tests/system/qmin/ans2/ans.py | 97 +++++++++++++++++++----- bin/tests/system/qmin/ans3/ans.py | 17 ++++- bin/tests/system/qmin/ans4/ans.py | 34 +++++++-- bin/tests/system/serve-stale/ans2/ans.pl | 9 +-- 5 files changed, 140 insertions(+), 42 deletions(-) diff --git a/bin/tests/system/cookie/ans9/ans.py b/bin/tests/system/cookie/ans9/ans.py index 79babc84d2..1a477f872c 100644 --- a/bin/tests/system/cookie/ans9/ans.py +++ b/bin/tests/system/cookie/ans9/ans.py @@ -104,22 +104,35 @@ def create_response(msg, tcp, first, ns10): r.answer.append(dns.rrset.from_text(qname, 1, IN, A, "10.53.0.10")) dopass2 = True elif rrtype == NS: - r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, ".")) + length = len(labels) + if length == 2: + r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, "ns." + qname)) + if ns10: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.10") + ) + else: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.9") + ) + else: + tld = ".".join(labels[length - 2 :]) + r.authority.append(dns.rrset.from_text(tld, 2, IN, SOA, ". . 0 0 0 0 2")) elif rrtype == SOA: - r.answer.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.answer.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) else: - r.authority.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.authority.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) # Add a server cookie to the response - if labels[0] != "nocookie": + if labels[0] != "nocookie" or rrtype != A: for o in m.options: if o.otype == 10: # Use 10 instead of COOKIE - if first and labels[0] == "withtsig" and not tcp: + if first and labels[0] == "withtsig" and not tcp and rrtype == A: r.use_tsig( keyring=keyring, keyname=dns.name.from_text("fake"), algorithm=HMAC_SHA256, ) - elif labels[0] != "tcponly" or tcp: + elif labels[0] != "tcponly" or tcp or rrtype != A: cookie = o try: if len(o.server) == 0: diff --git a/bin/tests/system/qmin/ans2/ans.py b/bin/tests/system/qmin/ans2/ans.py index 1994ff35db..d372c2003b 100755 --- a/bin/tests/system/qmin/ans2/ans.py +++ b/bin/tests/system/qmin/ans2/ans.py @@ -212,6 +212,19 @@ def create_response(msg): "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" ) ) + r.flags |= dns.flags.AA + elif lqname == "ns2.stale.": + if rrtype == A: + r.additional.append( + dns.rrset.from_text("ns.b.stale.", 2, IN, A, "10.53.0.2") + ) + else: + r.authority.append( + dns.rrset.from_text( + "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" + ) + ) + r.flags |= dns.flags.AA else: # NXDOMAIN r.authority.append( @@ -257,30 +270,72 @@ def create_response(msg): elif lqname == "" and rrtype == NS: r.answer.append(dns.rrset.from_text(suffix, 30, IN, NS, "ns2." + suffix)) r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2")) + elif lqname == "ns2.": r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2") - ) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns3.": r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3")) - r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3") - ) - r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4")) - r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4") - ) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3") + ) + elif lqname == "ns3." and rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns4.": r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) elif lqname == "a.bit.longer.ns.name." and rrtype == A: r.answer.append( dns.rrset.from_text("a.bit.longer.ns.name." + suffix, 1, IN, A, "10.53.0.4") diff --git a/bin/tests/system/qmin/ans3/ans.py b/bin/tests/system/qmin/ans3/ans.py index 079c3d2cda..b5ae73c3fa 100755 --- a/bin/tests/system/qmin/ans3/ans.py +++ b/bin/tests/system/qmin/ans3/ans.py @@ -97,17 +97,16 @@ def create_response(msg): ip6req = True elif endswith(lqname, "a.b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "peekaboo")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -115,7 +114,6 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA else: # NODATA. r.authority.append( @@ -123,7 +121,20 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) + else: + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) else: + r.flags |= dns.flags.AA r.authority.append( dns.rrset.from_text( lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" diff --git a/bin/tests/system/qmin/ans4/ans.py b/bin/tests/system/qmin/ans4/ans.py index f3d00c3514..517217aec1 100755 --- a/bin/tests/system/qmin/ans4/ans.py +++ b/bin/tests/system/qmin/ans4/ans.py @@ -98,17 +98,16 @@ def create_response(msg): ip6req = True elif endswith(lqname, "b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "hooray")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -116,7 +115,19 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) else: # NODATA. r.authority.append( @@ -125,13 +136,13 @@ def create_response(msg): ) ) elif lqname == "b.stale.": + r.flags |= dns.flags.AA if rrtype == NS: # NS b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.b.stale.")) r.additional.append( dns.rrset.from_text("ns.b.stale.", 1, IN, A, "10.53.0.4") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA b. r.answer.append( @@ -139,7 +150,20 @@ def create_response(msg): lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + # SOA a.b. + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.4") + ) else: # NODATA. r.authority.append( diff --git a/bin/tests/system/serve-stale/ans2/ans.pl b/bin/tests/system/serve-stale/ans2/ans.pl index a223876b7a..12d54b4a30 100644 --- a/bin/tests/system/serve-stale/ans2/ans.pl +++ b/bin/tests/system/serve-stale/ans2/ans.pl @@ -195,13 +195,8 @@ sub reply_handler { } $rcode = "NOERROR"; } elsif ($qname eq "shortttl.cname.example") { - if ($qtype eq "A") { - my $rr = new Net::DNS::RR($SHORTCNAME); - push @ans, $rr; - } else { - my $rr = new Net::DNS::RR($negSOA); - push @auth, $rr; - } + my $rr = new Net::DNS::RR($SHORTCNAME); + push @ans, $rr; $rcode = "NOERROR"; } elsif ($qname eq "longttl.target.example") { if ($slow_response) {