From ea3aa401bc74d34560af190a4009d436054d1bfa Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 3 Dec 2014 11:34:07 +1100 Subject: [PATCH] 4015. [bug] Nameservers that are skipped due to them being CNAMEs were not being logged. They are now logged to category 'cname' as per BIND 8. [RT #37935] --- CHANGES | 6 +++++- bin/tests/system/resolver/ns4/root.db | 1 + bin/tests/system/resolver/ns4/tld1.db | 3 ++- bin/tests/system/resolver/ns4/tld2.db | 2 ++ bin/tests/system/resolver/ns7/all-cnames.db | 23 +++++++++++++++++++++ bin/tests/system/resolver/ns7/named1.conf | 5 +++++ bin/tests/system/resolver/ns7/named2.conf | 5 +++++ bin/tests/system/resolver/tests.sh | 9 ++++++++ doc/arm/Bv9ARM-book.xml | 11 ++++++++++ doc/arm/notes.xml | 9 ++++++++ lib/dns/include/dns/log.h | 1 + lib/dns/log.c | 1 + lib/dns/resolver.c | 8 +++++++ 13 files changed, 82 insertions(+), 2 deletions(-) create mode 100644 bin/tests/system/resolver/ns7/all-cnames.db diff --git a/CHANGES b/CHANGES index 83ff593050..f2016cf782 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ -4014. [bug] When including a master file origin_changed was +4015. [bug] Nameservers that are skipped due to them being + CNAMEs were not being logged. They are now logged + to category 'cname' as per BIND 8. [RT #37935] + +4014. [bug] When including a master file origin_changed was not being properly set leading to a potentially spurious 'inherited owner' warning. [RT #37919] diff --git a/bin/tests/system/resolver/ns4/root.db b/bin/tests/system/resolver/ns4/root.db index 212f0cf11a..bd92287118 100644 --- a/bin/tests/system/resolver/ns4/root.db +++ b/bin/tests/system/resolver/ns4/root.db @@ -24,3 +24,4 @@ $TTL 300 ) . NS a.root-servers.nil. a.root-servers.nil. A 10.53.0.4 +all-cnames NS cname.tld diff --git a/bin/tests/system/resolver/ns4/tld1.db b/bin/tests/system/resolver/ns4/tld1.db index 5f034f597a..e9930bdfe2 100644 --- a/bin/tests/system/resolver/ns4/tld1.db +++ b/bin/tests/system/resolver/ns4/tld1.db @@ -32,4 +32,5 @@ no-edns-version.tld. NS ns.no-edns-version.tld. ns.no-edns-version.tld. A 10.53.0.6 edns-version.tld. NS ns.edns-version.tld. ns.edns-version.tld. A 10.53.0.7 - +cname CNAME ns7 +ns7 A 10.53.0.7 diff --git a/bin/tests/system/resolver/ns4/tld2.db b/bin/tests/system/resolver/ns4/tld2.db index 338f61fbb7..24c44855b7 100644 --- a/bin/tests/system/resolver/ns4/tld2.db +++ b/bin/tests/system/resolver/ns4/tld2.db @@ -32,3 +32,5 @@ no-edns-version.tld. NS ns.no-edns-version.tld. ns.no-edns-version.tld. A 10.53.0.6 edns-version.tld. NS ns.edns-version.tld. ns.edns-version.tld. A 10.53.0.7 +cname CNAME ns7 +ns7 A 10.53.0.7 diff --git a/bin/tests/system/resolver/ns7/all-cnames.db b/bin/tests/system/resolver/ns7/all-cnames.db new file mode 100644 index 0000000000..3b86c5b432 --- /dev/null +++ b/bin/tests/system/resolver/ns7/all-cnames.db @@ -0,0 +1,23 @@ +; Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") +; +; Permission to use, copy, modify, and/or distribute this software for any +; purpose with or without fee is hereby granted, provided that the above +; copyright notice and this permission notice appear in all copies. +; +; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +; PERFORMANCE OF THIS SOFTWARE. + +$TTL 300 +@ IN SOA marka.isc.org. ns.server. ( + 2010 ; serial + 600 ; refresh + 600 ; retry + 1200 ; expire + 600 ; minimum + ) +@ NS cname.tld. diff --git a/bin/tests/system/resolver/ns7/named1.conf b/bin/tests/system/resolver/ns7/named1.conf index 5572cf8646..6f2b655601 100644 --- a/bin/tests/system/resolver/ns7/named1.conf +++ b/bin/tests/system/resolver/ns7/named1.conf @@ -57,3 +57,8 @@ zone "edns-version.tld" { type master; file "edns-version.tld.db"; }; + +zone "all-cnames" { + type master; + file "all-cnames.db"; +}; diff --git a/bin/tests/system/resolver/ns7/named2.conf b/bin/tests/system/resolver/ns7/named2.conf index daebe3d0e3..30c8a5a771 100644 --- a/bin/tests/system/resolver/ns7/named2.conf +++ b/bin/tests/system/resolver/ns7/named2.conf @@ -57,3 +57,8 @@ zone "edns-version.tld" { type master; file "edns-version.tld.db"; }; + +zone "all-cnames" { + type master; + file "all-cnames.db"; +}; diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 8bde7df345..cd9f922d75 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -527,5 +527,14 @@ if test ${edns:-0} != 0; then status=`expr $status + $ret` fi +n=`expr $n + 1` +echo "I:check that CNAME nameserver is logged correctly (${n})" +ret=0 +$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/doc/arm/Bv9ARM-book.xml b/doc/arm/Bv9ARM-book.xml index dd1c5090a4..398a68175b 100644 --- a/doc/arm/Bv9ARM-book.xml +++ b/doc/arm/Bv9ARM-book.xml @@ -4355,6 +4355,17 @@ category notify { null; }; + + + cname + + + + Logs nameservers that are skipped due to them being + a CNAME rather than A / AAAA records. + + + diff --git a/doc/arm/notes.xml b/doc/arm/notes.xml index 8df5216f20..dfc45f26dc 100644 --- a/doc/arm/notes.xml +++ b/doc/arm/notes.xml @@ -324,6 +324,15 @@ to make it easier to diagnose problems. + + + When encountering an authoritative name server whose name is + an alias pointing to another name, the resolver treats + this as an error and skips to the next server. Previously + this happened silently; now the error will be logged to + the newly-created "cname" log category. + + diff --git a/lib/dns/include/dns/log.h b/lib/dns/include/dns/log.h index c8d0b59b89..bbaac0895d 100644 --- a/lib/dns/include/dns/log.h +++ b/lib/dns/include/dns/log.h @@ -44,6 +44,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[]; #define DNS_LOGCATEGORY_EDNS_DISABLED (&dns_categories[11]) #define DNS_LOGCATEGORY_RPZ (&dns_categories[12]) #define DNS_LOGCATEGORY_RRL (&dns_categories[13]) +#define DNS_LOGCATEGORY_CNAME (&dns_categories[14]) /* Backwards compatibility. */ #define DNS_LOGCATEGORY_GENERAL ISC_LOGCATEGORY_GENERAL diff --git a/lib/dns/log.c b/lib/dns/log.c index 663d420338..56d2bfb6b7 100644 --- a/lib/dns/log.c +++ b/lib/dns/log.c @@ -46,6 +46,7 @@ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = { { "edns-disabled", 0 }, { "rpz", 0 }, { "rate-limit", 0 }, + { "cname", 0 }, { NULL, 0 } }; diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c index 347cd70264..9af58d4976 100644 --- a/lib/dns/resolver.c +++ b/lib/dns/resolver.c @@ -2838,11 +2838,19 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port, fctx->depth + 1, fctx->qc, &find); if (result != ISC_R_SUCCESS) { if (result == DNS_R_ALIAS) { + char namebuf[DNS_NAME_FORMATSIZE]; + /* * XXXRTH Follow the CNAME/DNAME chain? */ dns_adb_destroyfind(&find); fctx->adberr++; + dns_name_format(name, namebuf, sizeof(namebuf)); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_CNAME, + DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO, + "skipping nameserver '%s' because it " + "is a CNAME, while resolving '%s'", + namebuf, fctx->info); } } else if (!ISC_LIST_EMPTY(find->list)) { /*