diff --git a/CHANGES b/CHANGES index 7178d909f1..213875a896 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +1187. [bug] named was incorrectly returning DNSSEC records + in negative responses when the DO bit was not set. + 1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the EOL token when reading to end of line. diff --git a/lib/dns/include/dns/masterdump.h b/lib/dns/include/dns/masterdump.h index 0af77e0982..bc4aee7de4 100644 --- a/lib/dns/include/dns/masterdump.h +++ b/lib/dns/include/dns/masterdump.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: masterdump.h,v 1.25 2001/11/19 03:08:14 mayer Exp $ */ +/* $Id: masterdump.h,v 1.26 2002/01/22 09:07:25 bwelling Exp $ */ #ifndef DNS_MASTERDUMP_H #define DNS_MASTERDUMP_H 1 @@ -217,22 +217,6 @@ dns_master_questiontotext(dns_name_t *owner_name, dns_rdataset_t *rdataset, const dns_master_style_t *style, isc_buffer_t *target); -/* - * Print a text representation of 'rdataset', a pseudo-rdataset - * representing a questino. - * - * Requires: - * 'rdataset' is a valid question rdataset. - * - * 'rdataset' is not empty. - */ - -isc_result_t -dns_rdataset_towire(dns_rdataset_t *rdataset, - dns_name_t *owner_name, - dns_compress_t *cctx, - isc_buffer_t *target, - unsigned int *countp); isc_result_t dns_master_dumpnodetostream(isc_mem_t *mctx, dns_db_t *db, diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h index fc0380e02b..06cf170827 100644 --- a/lib/dns/include/dns/message.h +++ b/lib/dns/include/dns/message.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.h,v 1.105 2001/12/08 02:14:46 bwelling Exp $ */ +/* $Id: message.h,v 1.106 2002/01/22 09:07:26 bwelling Exp $ */ #ifndef DNS_MESSAGE_H #define DNS_MESSAGE_H 1 @@ -159,6 +159,7 @@ typedef int dns_messagetextflag_t; */ #define DNS_MESSAGERENDER_ORDERED 0x0001 /* don't change order */ #define DNS_MESSAGERENDER_PARTIAL 0x0002 /* allow a partial rdataset */ +#define DNS_MESSAGERENDER_OMITDNSSEC 0x0004 /* omit DNSSEC records */ typedef struct dns_msgblock dns_msgblock_t; diff --git a/lib/dns/include/dns/ncache.h b/lib/dns/include/dns/ncache.h index 447efd7df1..25b66a3153 100644 --- a/lib/dns/include/dns/ncache.h +++ b/lib/dns/include/dns/ncache.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.h,v 1.12 2001/01/09 21:53:07 bwelling Exp $ */ +/* $Id: ncache.h,v 1.13 2002/01/22 09:07:27 bwelling Exp $ */ #ifndef DNS_NCACHE_H #define DNS_NCACHE_H 1 @@ -85,11 +85,13 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, - isc_buffer_t *target, unsigned int *countp); + isc_buffer_t *target, isc_boolean_t omit_dnssec, + unsigned int *countp); /* * Convert the negative caching rdataset 'rdataset' to wire format, * compressing names as specified in 'cctx', and storing the result in - * 'target'. + * 'target'. If 'omit_dnssec' is set, DNSSEC records will not + * be added to 'target'. * * Notes: * The number of RRs added to target will be added to *countp. diff --git a/lib/dns/include/dns/rdataset.h b/lib/dns/include/dns/rdataset.h index ab2ebd863d..8ba66cf64d 100644 --- a/lib/dns/include/dns/rdataset.h +++ b/lib/dns/include/dns/rdataset.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.h,v 1.42 2002/01/17 00:16:30 marka Exp $ */ +/* $Id: rdataset.h,v 1.43 2002/01/22 09:07:28 bwelling Exp $ */ #ifndef DNS_RDATASET_H #define DNS_RDATASET_H 1 @@ -130,6 +130,12 @@ struct dns_rdataset { #define DNS_RDATASETATTR_RANDOMIZE 0x0800 #define DNS_RDATASETATTR_CHASE 0x1000 /* Used by resolver. */ +/* + * _OMITDNSSEC: + * Omit DNSSEC records when rendering ncache records. + */ +#define DNS_RDATASETTOWIRE_OMITDNSSEC 0x0001 + void dns_rdataset_init(dns_rdataset_t *rdataset); /* @@ -305,6 +311,7 @@ dns_rdataset_towire(dns_rdataset_t *rdataset, dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, + unsigned int options, unsigned int *countp); /* * Convert 'rdataset' to wire format, compressing names as specified @@ -345,6 +352,7 @@ dns_rdataset_towiresorted(dns_rdataset_t *rdataset, isc_buffer_t *target, dns_rdatasetorderfunc_t order, void *order_arg, + unsigned int options, unsigned int *countp); /* * Like dns_rdataset_towire(), but sorting the rdatasets according to @@ -363,6 +371,7 @@ dns_rdataset_towirepartial(dns_rdataset_t *rdataset, isc_buffer_t *target, dns_rdatasetorderfunc_t order, void *order_arg, + unsigned int options, unsigned int *countp, void **state); /* diff --git a/lib/dns/message.c b/lib/dns/message.c index 4cf9668692..3ea97ccb88 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.203 2002/01/21 09:47:09 bwelling Exp $ */ +/* $Id: message.c,v 1.204 2002/01/22 09:07:21 bwelling Exp $ */ /*** *** Imports @@ -1721,6 +1721,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, isc_buffer_t st; /* for rollbacks */ int pass; isc_boolean_t partial = ISC_FALSE; + unsigned int rd_options; REQUIRE(DNS_MESSAGE_VALID(msg)); REQUIRE(msg->buffer != NULL); @@ -1734,6 +1735,11 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, else pass = 1; + if ((options & DNS_MESSAGERENDER_OMITDNSSEC) == 0) + rd_options = 0; + else + rd_options = DNS_RDATASETTOWIRE_OMITDNSSEC; + /* * Shrink the space in the buffer by the reserved amount. */ @@ -1779,6 +1785,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, msg->buffer, msg->order, msg->order_arg, + rd_options, &count, NULL); else @@ -1789,6 +1796,7 @@ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid, msg->buffer, msg->order, msg->order_arg, + rd_options, &count); total += count; @@ -1915,7 +1923,8 @@ dns_message_renderend(dns_message_t *msg) { */ count = 0; result = dns_rdataset_towire(msg->opt, dns_rootname, - msg->cctx, msg->buffer, &count); + msg->cctx, msg->buffer, 0, + &count); msg->counts[DNS_SECTION_ADDITIONAL] += count; if (result != ISC_R_SUCCESS) return (result); @@ -1956,7 +1965,8 @@ dns_message_renderend(dns_message_t *msg) { return (result); count = 0; result = dns_rdataset_towire(msg->tsig, msg->tsigname, - msg->cctx, msg->buffer, &count); + msg->cctx, msg->buffer, 0, + &count); msg->counts[DNS_SECTION_ADDITIONAL] += count; if (result != ISC_R_SUCCESS) return (result); @@ -1978,7 +1988,8 @@ dns_message_renderend(dns_message_t *msg) { * be set in a message being rendered. */ result = dns_rdataset_towire(msg->sig0, dns_rootname, - msg->cctx, msg->buffer, &count); + msg->cctx, msg->buffer, 0, + &count); msg->counts[DNS_SECTION_ADDITIONAL] += count; if (result != ISC_R_SUCCESS) return (result); diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index c641cedeaa..e003fb07e8 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.26 2002/01/21 16:26:06 bwelling Exp $ */ +/* $Id: ncache.c,v 1.27 2002/01/22 09:07:22 bwelling Exp $ */ #include @@ -254,7 +254,8 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, isc_result_t dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, - isc_buffer_t *target, unsigned int *countp) + isc_buffer_t *target, isc_boolean_t omit_dnssec, + unsigned int *countp) { dns_rdata_t rdata = DNS_RDATA_INIT; isc_result_t result; @@ -312,6 +313,9 @@ dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx, INSIST(remaining.length >= rdata.length); isc_buffer_forward(&source, rdata.length); + if (omit_dnssec && dns_rdatatype_isdnssec(type)) + continue; + /* * Write the name. */ diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index f228701950..f76946d60f 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: rdataset.c,v 1.58 2001/06/05 09:23:14 marka Exp $ */ +/* $Id: rdataset.c,v 1.59 2002/01/22 09:07:23 bwelling Exp $ */ #include @@ -273,8 +273,8 @@ static isc_result_t towiresorted(dns_rdataset_t *rdataset, dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, dns_rdatasetorderfunc_t order, void *order_arg, - isc_boolean_t partial, unsigned int *countp, - void **state) + isc_boolean_t partial, unsigned int options, + unsigned int *countp, void **state) { dns_rdata_t rdata = DNS_RDATA_INIT; isc_region_t r; @@ -308,7 +308,10 @@ towiresorted(dns_rdataset_t *rdataset, dns_name_t *owner_name, /* * This is a negative caching rdataset. */ - return (dns_ncache_towire(rdataset, cctx, target, countp)); + isc_boolean_t omit_dnssec; + omit_dnssec = ISC_TF(DNS_RDATASETTOWIRE_OMITDNSSEC != 0); + return (dns_ncache_towire(rdataset, cctx, target, omit_dnssec, + countp)); } else { count = (rdataset->methods->count)(rdataset); result = dns_rdataset_first(rdataset); @@ -469,10 +472,12 @@ dns_rdataset_towiresorted(dns_rdataset_t *rdataset, isc_buffer_t *target, dns_rdatasetorderfunc_t order, void *order_arg, + unsigned int options, unsigned int *countp) { return (towiresorted(rdataset, owner_name, cctx, target, - order, order_arg, ISC_FALSE, countp, NULL)); + order, order_arg, ISC_FALSE, options, + countp, NULL)); } isc_result_t @@ -482,12 +487,14 @@ dns_rdataset_towirepartial(dns_rdataset_t *rdataset, isc_buffer_t *target, dns_rdatasetorderfunc_t order, void *order_arg, + unsigned int options, unsigned int *countp, void **state) { REQUIRE(state == NULL); /* XXX remove when implemented */ return (towiresorted(rdataset, owner_name, cctx, target, - order, order_arg, ISC_TRUE, countp, state)); + order, order_arg, ISC_TRUE, options, + countp, state)); } isc_result_t @@ -495,10 +502,11 @@ dns_rdataset_towire(dns_rdataset_t *rdataset, dns_name_t *owner_name, dns_compress_t *cctx, isc_buffer_t *target, + unsigned int options, unsigned int *countp) { return (towiresorted(rdataset, owner_name, cctx, target, - NULL, NULL, ISC_FALSE, countp, NULL)); + NULL, NULL, ISC_FALSE, options, countp, NULL)); } isc_result_t