upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-03 05:19:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- rpz-triggers, fix what domain name to match for nsdname.

Browse source
This commit is contained in:
W.C.A. Wijngaards 2021-04-01 13:11:51 +02:00
parent 14582d2445
commit a2ea701f31
2 changed files with 19 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
services/rpz.c
View file

@ -1928,23 +1928,18 @@ rpz_delegation_point_zone_lookup(struct delegpt* dp, struct local_zones* zones,
struct local_zone* z = NULL;
rpz_log_dname("delegation point", dp->name, dp->namelen);
// XXX: do we want this?
z = rpz_find_zone(zones, dp->name, dp->namelen, qclass, 0, 0, 0);
if(z != NULL) {
match->dname = dp->name;
match->dname_len = dp->namelen;
} else if(z == NULL) {
for(nameserver = dp->nslist;
nameserver != NULL;
nameserver = nameserver->next) {
rpz_log_dname("delegation point", nameserver->name, nameserver->namelen);
z = rpz_find_zone(zones, nameserver->name, nameserver->namelen,
qclass, 0, 0, 0);
if(z != NULL) {
match->dname = nameserver->name;
match->dname_len = nameserver->namelen;
break;
}
/* the rpz specs match the nameserver names (NS records), not the
* name of the delegation point itself, to the nsdname triggers */
for(nameserver = dp->nslist;
nameserver != NULL;
nameserver = nameserver->next) {
rpz_log_dname("delegation point ns", nameserver->name, nameserver->namelen);
z = rpz_find_zone(zones, nameserver->name, nameserver->namelen,
qclass, 0, 0, 0);
if(z != NULL) {
match->dname = nameserver->name;
match->dname_len = nameserver->namelen;
break;
}
}

14
testdata/rpz_nsdname.rpl vendored
View file

@ -16,13 +16,13 @@ rpz 3600 IN SOA ns1.rpz.example.com. hostmaster.rpz.example.com. (
3600 IN NS ns1.rpz.example.com.
3600 IN NS ns2.rpz.example.com.
$ORIGIN rpz.example.com.
gotham.aa.rpz-nsdname CNAME .
gotham.bb.rpz-nsdname CNAME *.
gotham.cc.rpz-nsdname CNAME rpz-drop.
gotham.com.rpz-nsdname CNAME rpz-passthru.
gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
gotham.ff.rpz-nsdname A 127.0.0.1
gotham.ff.rpz-nsdname TXT "42"
ns1.gotham.aa.rpz-nsdname CNAME .
ns1.gotham.bb.rpz-nsdname CNAME *.
ns1.gotham.cc.rpz-nsdname CNAME rpz-drop.
ns1.gotham.com.rpz-nsdname CNAME rpz-passthru.
ns1.gotham.dd.rpz-nsdname CNAME rpz-tcp-only.
ns1.gotham.ff.rpz-nsdname A 127.0.0.1
ns1.gotham.ff.rpz-nsdname TXT "42"
TEMPFILE_END
stub-zone: