diff --git a/CHANGES b/CHANGES index 38316bc6cc..8a0bf7f59f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6287. [bug] Recognize escapes when reading the public key from file. + [GL !8502] + 6286. [bug] Dig +yaml will now report "no servers could be reached" on TCP connection failure as well as for UDP timeouts. [GL #4396] diff --git a/bin/tests/system/kasp/ns3/named-fips.conf.in b/bin/tests/system/kasp/ns3/named-fips.conf.in index cef81f94d5..d67aa5f38a 100644 --- a/bin/tests/system/kasp/ns3/named-fips.conf.in +++ b/bin/tests/system/kasp/ns3/named-fips.conf.in @@ -48,6 +48,14 @@ zone "default.kasp" { dnssec-policy "default"; }; +/* A zone with special characters. */ +zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." { + type primary; + file "i-am.special.kasp.db"; + check-names ignore; + dnssec-policy "default"; +}; + /* checkds: Zone with one KSK. */ zone "checkds-ksk.kasp" { type primary; diff --git a/bin/tests/system/kasp/ns3/setup.sh b/bin/tests/system/kasp/ns3/setup.sh index 63aeb36fa5..55fcd1b5e1 100644 --- a/bin/tests/system/kasp/ns3/setup.sh +++ b/bin/tests/system/kasp/ns3/setup.sh @@ -51,6 +51,13 @@ for zn in default dnssec-keygen some-keys legacy-keys pregenerated \ cp template.db.in "$zonefile" done +# +# Setup special zone +# +zone="i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." +echo_i "setting up zone: $zone" +cp template.db.in "i-am.special.kasp.db" + # # Set up RSASHA1 based zones # diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 6ac891c0d2..645d77b8dd 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -393,6 +393,16 @@ check_apex check_subdomain dnssec_verify +# +# A zone with special characters. +# +set_zone "i-am.\":\;?&[]\@!\$*+,|=\.\(\)special.kasp." +set_policy "default" "1" "3600" +set_server "ns3" "10.53.0.3" +# It is non-trivial to adapt the tests to deal with all possible different +# escaping characters, so we will just try to verify the zone. +dnssec_verify + # # Zone: dynamic.kasp # diff --git a/lib/dns/dst_api.c b/lib/dns/dst_api.c index d01062781a..af53947ac6 100644 --- a/lib/dns/dst_api.c +++ b/lib/dns/dst_api.c @@ -1606,7 +1606,7 @@ dst_key_read_public(const char *filename, int type, isc_mem_t *mctx, isc_token_t token; isc_result_t ret; dns_rdata_t rdata = DNS_RDATA_INIT; - unsigned int opt = ISC_LEXOPT_DNSMULTILINE; + unsigned int opt = ISC_LEXOPT_DNSMULTILINE | ISC_LEXOPT_ESCAPE; dns_rdataclass_t rdclass = dns_rdataclass_in; isc_lexspecials_t specials; uint32_t ttl = 0;