upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-02-17 09:38:03 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

- Fix that cachedb aggressive negative responses have the RA flag set.
Some checks are pending
ci / build (push) Waiting to run
Details

Browse source
This commit is contained in:
W.C.A. Wijngaards 2026-02-16 16:35:37 +01:00
parent 16e1e6d375
commit 014ed9c5ff
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -3,6 +3,9 @@
zones. Fixed by including the ZONEMD RRtype in the list of types to
ignore for RPZ zones. Analysis and patch provided by ummeegge.
16 February 2026: Wouter
- Fix that cachedb aggressive negative responses have the RA flag set.
11 February 2026: Wouter
- Fix #1403: Inconsistency between do-nat64 and do-not-query-address
during retries.

8
validator/val_neg.c
View file

@ -1289,6 +1289,8 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
if(!(msg = dns_msg_create(qname, qname_len,
LDNS_RR_TYPE_DS, zone->dclass, region, 1)))
return NULL;
/* The cache response means recursion is available. */
msg->rep->flags |= BIT_RA;
/* TTL reduced in grab_nsec */
if(!dns_msg_authadd(msg, region, ce_rrset, 0))
return NULL;
@ -1323,6 +1325,8 @@ neg_nsec3_proof_ds(struct val_neg_zone* zone, uint8_t* qname, size_t qname_len,
if(!(msg = dns_msg_create(qname, qname_len,
LDNS_RR_TYPE_DS, zone->dclass, region, 3)))
return NULL;
/* The cache response means recursion is available. */
msg->rep->flags |= BIT_RA;
/* now=0 because TTL was reduced in grab_nsec */
if(!dns_msg_authadd(msg, region, ce_rrset, 0))
return NULL;
@ -1413,6 +1417,8 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len,
qinfo->qtype, qinfo->qclass, region, 2)))
return NULL;
/* The cache response means recursion is available. */
msg->rep->flags |= BIT_RA;
if(!dns_msg_authadd(msg, region, nsec, 0))
return NULL;
if(addsoa && !add_soa(rrset_cache, now, region, msg, NULL))
@ -1426,6 +1432,8 @@ val_neg_getmsg(struct val_neg_cache* neg, struct query_info* qinfo,
if(!(msg = dns_msg_create(qinfo->qname, qinfo->qname_len,
qinfo->qtype, qinfo->qclass, region, 3)))
return NULL;
/* The cache response means recursion is available. */
msg->rep->flags |= BIT_RA;
if(!(ce = nsec_closest_encloser(qinfo->qname, nsec)))
return NULL;
dname_count_size_labels(ce, &ce_len);