From decbadf0987d1f8f743fc3c854e1a421ca5d8746 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Wed, 4 Sep 2013 13:24:11 +1000
Subject: [PATCH] 3640.   [bug]           ndots was not being checked when
 searching.  Only                         continue searching on NXDOMAIN
 responses.  Add the                         ability to specify ndots to
 nslookup. [RT #34711]

(cherry picked from commit 8afea636ab0c07399aa3e2410b2cfbd41099df98)
---
 CHANGES                  |  4 ++++
 bin/dig/dighost.c        | 18 +++++++++++++++++-
 bin/dig/nslookup.c       | 17 +++++++++++++----
 bin/dig/nslookup.docbook | 11 +++++++++++
 4 files changed, 45 insertions(+), 5 deletions(-)

diff --git a/CHANGES b/CHANGES
index 45d1751f76..469f8e4ef4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
 3646.	[bug]		Journal filename string could be set incorrectly,
 			causing garbage in log messages. [RT #34738]
 
+3640.	[bug]		ndots was not being checked when searching.  Only
+			continue searching on NXDOMAIN responses.  Add the
+			ability to specify ndots to nslookup. [RT #34711]
+
 3639.	[bug]		Treat type 65533 (KEYDATA) as opaque except when used
 			in a key zone. [RT #34238]
 
diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
index 4b9158b8d8..cb90361444 100644
--- a/bin/dig/dighost.c
+++ b/bin/dig/dighost.c
@@ -1881,6 +1881,9 @@ static isc_boolean_t
 next_origin(dig_query_t *query) {
 	dig_lookup_t *lookup;
 	dig_searchlist_t *search;
+	dns_fixedname_t fixed;
+	dns_name_t *name;
+	isc_result_t result;
 
 	INSIST(!free_now);
 
@@ -1893,6 +1896,19 @@ next_origin(dig_query_t *query) {
 		 * about finding the next entry.
 		 */
 		return (ISC_FALSE);
+	
+	/*
+	 * Check for a absolute name or ndots being met.
+	 */
+	dns_fixedname_init(&fixed);
+	name = dns_fixedname_name(&fixed);
+	result = dns_name_fromstring2(name, query->lookup->textname, NULL,
+				      0, NULL);
+	if (result == ISC_R_SUCCESS &&
+	    (dns_name_isabsolute(name) ||
+	     (int)dns_name_countlabels(name) > ndots))
+		return (ISC_FALSE);
+		
 	if (query->lookup->origin == NULL && !query->lookup->need_search)
 		/*
 		 * Then we just did rootorg; there's nothing left.
@@ -3398,7 +3414,7 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 	}
 
 	if (!l->doing_xfr || l->xfr_q == query) {
-		if (msg->rcode != dns_rcode_noerror &&
+		if (msg->rcode == dns_rcode_nxdomain &&
 		    (l->origin != NULL || l->need_search)) {
 			if (!next_origin(query) || showsearch) {
 				printmessage(query, msg, ISC_TRUE);
diff --git a/bin/dig/nslookup.c b/bin/dig/nslookup.c
index 3f5b82fd29..ab8066656c 100644
--- a/bin/dig/nslookup.c
+++ b/bin/dig/nslookup.c
@@ -442,8 +442,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		dns_name_format(query->lookup->name,
 				nametext, sizeof(nametext));
 		printf("** server can't find %s: %s\n",
-		       (msg->rcode != dns_rcode_nxdomain) ? nametext :
-		       query->lookup->textname, rcode_totext(msg->rcode));
+		       nametext, rcode_totext(msg->rcode));
 		debug("returning with rcode == 0");
 
 		/* the lookup failed */
@@ -502,8 +501,8 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 	printf("  %s\t\t%s\n",
 	       usesearch ? "search" : "nosearch",
 	       recurse ? "recurse" : "norecurse");
-	printf("  timeout = %d\t\tretry = %d\tport = %d\n",
-	       timeout, tries, port);
+	printf("  timeout = %d\t\tretry = %d\tport = %d\tndots = %d\n",
+	       timeout, tries, port, ndots);
 	printf("  querytype = %-8s\tclass = %s\n", deftype, defclass);
 	printf("  srchlist = ");
 	for (listent = ISC_LIST_HEAD(search_list);
@@ -574,6 +573,14 @@ set_tries(const char *value) {
 		tries = n;
 }
 
+static void
+set_ndots(const char *value) {
+	isc_uint32_t n;
+	isc_result_t result = parse_uint(&n, value, 128, "ndots");
+	if (result == ISC_R_SUCCESS)
+		ndots = n;
+}
+
 static void
 setoption(char *opt) {
 	if (strncasecmp(opt, "all", 4) == 0) {
@@ -654,6 +661,8 @@ setoption(char *opt) {
 		nofail=ISC_FALSE;
 	} else if (strncasecmp(opt, "nofail", 3) == 0) {
 		nofail=ISC_TRUE;
+	} else if (strncasecmp(opt, "ndots=", 6) == 0) {
+		set_ndots(&opt[6]);
 	} else {
 		printf("*** Invalid option: %s\n", opt);
 	}
diff --git a/bin/dig/nslookup.docbook b/bin/dig/nslookup.docbook
index f4d497b399..3f7d1f6fb8 100644
--- a/bin/dig/nslookup.docbook
+++ b/bin/dig/nslookup.docbook
@@ -409,6 +409,17 @@ nslookup -query=hinfo  -timeout=10
                 </listitem>
               </varlistentry>
 
+              <varlistentry>
+                <term><constant>ndots=</constant><replaceable>number</replaceable></term>
+                <listitem>
+                  <para>
+		    Set the number of dots (label separators) in a domain
+		    that will disable searching.  Absolute names always
+		    stop searching.
+                  </para>
+                </listitem>
+              </varlistentry>
+
               <varlistentry>
                 <term><constant>retry=</constant><replaceable>number</replaceable></term>
                 <listitem>