upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-08 18:12:07 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Ignore attempts to add DS records at zone apex

Browse source 
DS records belong in the parent zone at a zone cut and
are not retrievable with modern recursive servers.
This commit is contained in:
Mark Andrews 2020-05-07 09:36:50 +10:00 committed by Ondřej Surý
parent 35a58d30c9
commit ae55fbbe9c
2 changed files with 34 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
bin/tests/system/nsupdate/tests.sh
View file

@ -32,6 +32,8 @@ RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s"
status=0
n=0
nextpartreset ns3/named.run
# wait for zone transfer to complete
tries=0
while true; do
@ -1087,6 +1089,25 @@ then
echo_i "failed"; status=1
fi
echo_i "check that DS to the zone apex is ignored ($n)"
$DIG $DIGOPTS +tcp +norec example DS @10.53.0.3 > dig.out.pre.test$n || ret=1
grep "status: NOERROR" dig.out.pre.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.pre.test$n > /dev/null || ret=1
nextpart ns3/named.run > /dev/null
# specify zone to override the default of adding to parent zone
$NSUPDATE -d <<END > nsupdate.out-$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
zone example
update add example 0 in DS 14364 10 2 FD03B2312C8F0FE72C1751EFA1007D743C94EC91594FF0047C23C37CE119BA0C
send
END
msg=": attempt to add a DS record at zone apex ignored"
nextpart ns3/named.run | grep "$msg" > /dev/null || ret=1
$DIG $DIGOPTS +tcp +norec example DS @10.53.0.3 > dig.out.post.test$n || ret=1
grep "status: NOERROR" dig.out.post.test$n > /dev/null || ret=1
grep "ANSWER: 0," dig.out.post.test$n > /dev/null || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
if $FEATURETEST --gssapi ; then
n=`expr $n + 1`
ret=0

13
lib/ns/update.c
View file

@ -2969,6 +2969,19 @@ update_action(isc_task_t *task, isc_event_t *event) {
soa_serial_changed = true;
}
if (dns_rdatatype_atparent(rdata.type) &&
dns_name_equal(name, zonename)) {
char typebuf[DNS_RDATATYPE_FORMATSIZE];
dns_rdatatype_format(rdata.type, typebuf,
sizeof(typebuf));
update_log(client, zone, LOGLEVEL_PROTOCOL,
"attempt to add a %s record at "
"zone apex ignored",
typebuf);
continue;
}
if (rdata.type == privatetype) {
update_log(client, zone, LOGLEVEL_PROTOCOL,
"attempt to add a private type "