mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
Fixup scrubber and lameness.
git-svn-id: file:///svn/unbound/trunk@478 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
c9a1cdec68
commit
947bd1ab91
3 changed files with 132 additions and 3 deletions
|
|
@ -2,6 +2,8 @@
|
|||
- configure change for latest libevent trunk version (needs -lrt).
|
||||
- query_done and walk_supers are moved out of module interface.
|
||||
- fixup delegation point duplicates.
|
||||
- fixup iterator scrubber; lame NS set is let through the scrubber
|
||||
so that the classification is lame.
|
||||
|
||||
1 August 2007: Wouter
|
||||
- set version to 0.5
|
||||
|
|
|
|||
|
|
@ -515,17 +515,26 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, uint8_t* zonename,
|
|||
* same check can be used */
|
||||
|
||||
if(!pkt_sub(pkt, rrset->dname, zonename)) {
|
||||
if(!env->cfg->harden_glue) {
|
||||
if(msg->an_rrsets == 0 &&
|
||||
rrset->type == LDNS_RR_TYPE_NS &&
|
||||
FLAGS_GET_RCODE(msg->flags) ==
|
||||
LDNS_RCODE_NOERROR) {
|
||||
/* noerror, nodata and this NS rrset is above
|
||||
* the zone. This is LAME!
|
||||
* Leave in the NS for lame classification. */
|
||||
} else if(!env->cfg->harden_glue) {
|
||||
/* store in cache! Since it is relevant
|
||||
* (from normalize) it will be picked up
|
||||
* from the cache to be used later */
|
||||
store_rrset(pkt, msg, env, rrset);
|
||||
remove_rrset("sanitize: storing potential "
|
||||
"poison RRset:", pkt, msg, prev, &rrset);
|
||||
} else
|
||||
continue;
|
||||
} else {
|
||||
remove_rrset("sanitize: removing potential "
|
||||
"poison RRset:", pkt, msg, prev, &rrset);
|
||||
continue;
|
||||
continue;
|
||||
}
|
||||
}
|
||||
prev = rrset;
|
||||
rrset = rrset->rrset_all_next;
|
||||
|
|
|
|||
118
testdata/iter_lamescrub.rpl
vendored
Normal file
118
testdata/iter_lamescrub.rpl
vendored
Normal file
|
|
@ -0,0 +1,118 @@
|
|||
; config options
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test lameness detection after scrubber.
|
||||
|
||||
; K.ROOT-SERVERS.NET.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS K.ROOT-SERVERS.NET.
|
||||
SECTION ADDITIONAL
|
||||
K.ROOT-SERVERS.NET. IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com.
|
||||
; This server is Lame!
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qtype qname
|
||||
ADJUST copy_id
|
||||
REPLY QR RD NOERROR
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
com. 155182 IN NS a.gtld-servers.net.
|
||||
com. 155182 IN NS b.gtld-servers.net.
|
||||
com. 155182 IN NS c.gtld-servers.net.
|
||||
com. 155182 IN NS d.gtld-servers.net.
|
||||
com. 155182 IN NS e.gtld-servers.net.
|
||||
com. 155182 IN NS f.gtld-servers.net.
|
||||
com. 155182 IN NS g.gtld-servers.net.
|
||||
com. 155182 IN NS h.gtld-servers.net.
|
||||
com. 155182 IN NS i.gtld-servers.net.
|
||||
com. 155182 IN NS j.gtld-servers.net.
|
||||
com. 155182 IN NS k.gtld-servers.net.
|
||||
com. 155182 IN NS l.gtld-servers.net.
|
||||
com. 155182 IN NS m.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. 155182 IN A 192.5.6.30
|
||||
b.gtld-servers.net. 155182 IN A 192.33.14.30
|
||||
c.gtld-servers.net. 155182 IN A 192.26.92.30
|
||||
d.gtld-servers.net. 155182 IN A 192.31.80.30
|
||||
e.gtld-servers.net. 155182 IN A 192.12.94.30
|
||||
f.gtld-servers.net. 155182 IN A 192.35.51.30
|
||||
g.gtld-servers.net. 155182 IN A 192.42.93.30
|
||||
h.gtld-servers.net. 155182 IN A 192.54.112.30
|
||||
i.gtld-servers.net. 155182 IN A 192.43.172.30
|
||||
j.gtld-servers.net. 155182 IN A 192.48.79.30
|
||||
k.gtld-servers.net. 155182 IN A 192.52.178.30
|
||||
l.gtld-servers.net. 155182 IN A 192.41.162.30
|
||||
m.gtld-servers.net. 155182 IN A 192.55.83.30
|
||||
a.gtld-servers.net. 155182 IN AAAA 2001:503:a83e::2:30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
STEP 1 QUERY
|
||||
ENTRY_BEGIN
|
||||
REPLY RD
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
ENTRY_END
|
||||
|
||||
; recursin happens here
|
||||
|
||||
; check that the answer is a failure (lame server)
|
||||
; and not a nodata-noerror message (false answer classification).
|
||||
STEP 10 CHECK_ANSWER
|
||||
ENTRY_BEGIN
|
||||
MATCH all
|
||||
REPLY QR RD RA SERVFAIL
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
SECTION AUTHORITY
|
||||
SECTION ADDITIONAL
|
||||
ENTRY_END
|
||||
|
||||
SCENARIO_END
|
||||
Loading…
Reference in a new issue