upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'aram/catz-processing-skip-warnings-for-some-rrset-types-v9_18' into 'v9_18'

Browse source 
[v9_18] Don't process DNSSEC-related and ZONEMD records in catz

See merge request isc-projects/bind9!6383
This commit is contained in:
Arаm Sаrgsyаn 2022-06-02 10:56:24 +00:00
commit 8bef862607
3 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
5899. [func] Don't try to process DNSSEC-related and ZONEMD records
in catz. [GL #3380]
5896. [func] Add some more dnssec-policy checks to detect weird
policies. [GL #1611]

3
doc/notes/notes-current.rst
View file

@ -45,3 +45,6 @@ Bug Fixes
- Key files were updated every time the ``dnssec-policy`` key manager ran,
whether the metadata has changed or not. BIND now checks if changes were
applied before writing out the key files. :gl:`#3302`.
- DNSSEC-signed catalog zones were not being processed correctly. This
has been fixed. :gl:`#3380`.

18
lib/dns/catz.c
View file

@ -2100,6 +2100,12 @@ cleanup:
return (result);
}
static bool
catz_rdatatype_is_processable(const dns_rdatatype_t type) {
return (!dns_rdatatype_isdnssec(type) && type != dns_rdatatype_cds &&
type != dns_rdatatype_cdnskey && type != dns_rdatatype_zonemd);
}
void
dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
dns_catz_zone_t *oldzone = NULL, *newzone = NULL;
@ -2242,6 +2248,17 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
/*
* Skip processing DNSSEC-related and ZONEMD types,
* because we are not interested in them in the context
* of a catalog zone, and processing them will fail
* and produce an unnecessary warning message.
*/
if (!catz_rdatatype_is_processable(rdataset.type)) {
goto next;
}
result = dns_catz_update_process(catzs, newzone, name,
&rdataset);
if (result != ISC_R_SUCCESS) {
@ -2263,6 +2280,7 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
cname, classbuf, typebuf,
isc_result_totext(result));
}
next:
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}