upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2026-01-05 22:39:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Test DLV anchor.

Browse source 
git-svn-id: file:///svn/unbound/trunk@1202 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2008-08-21 14:58:39 +00:00
parent d9cd60a41c
commit a7cfe2bf65
16 changed files with 1110 additions and 761 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -2,6 +2,9 @@
- negative cache code linked into validator, for DLV use.
negative cache works for DLV.
- iana portlist update.
- dlv-anchor option for unit tests.
- fixup NSEC_AT_APEX classification for short typemaps.
- ldns-testns has subdomain checks, for unit tests.
20 August 2008: Wouter
- negative cache code, reviewed.

3
doc/unbound.conf.5.in
View file

@ -418,6 +418,9 @@ DNSKEY entries can be used in the file, in the same format as for
would be slow. The DLV configured is used as a root trusted DLV, this
means that it is a lookaside for the root. Default is "", or no dlv anchor file.
.TP
.B dlv\-anchor: \fI<"Resource Record">
Much like trust\-anchor, this is a DLV anchor with the DS or DNSKEY inline.
.TP
.B val\-override\-date: \fI<rrsig\-style date spec>
Default is "" or "0", which disables this debugging feature. If enabled by
giving a RRSIG style date, that date is used for verifying RRSIG inception

11
testcode/ldns-testpkts.c
View file

@ -104,6 +104,8 @@ static void matchline(const char* line, struct entry* e)
e->match_qtype = true;
} else if(str_keyword(&parse, "qname")) {
e->match_qname = true;
} else if(str_keyword(&parse, "subdomain")) {
e->match_subdomain = true;
} else if(str_keyword(&parse, "all")) {
e->match_all = true;
} else if(str_keyword(&parse, "ttl")) {
@ -227,6 +229,7 @@ static struct entry* new_entry()
e->match_opcode = false;
e->match_qtype = false;
e->match_qname = false;
e->match_subdomain = false;
e->match_all = false;
e->match_ttl = false;
e->match_do = false;
@ -672,6 +675,14 @@ find_match(struct entry* entries, ldns_pkt* query_pkt,
continue;
}
}
if(p->match_subdomain) {
if(!get_owner(query_pkt) || !get_owner(reply) ||
!ldns_dname_is_subdomain(
get_owner(query_pkt), get_owner(reply)) != 0) {
verbose(3, "bad subdomain\n");
continue;
}
}
if(p->match_serial && get_serial(query_pkt) != p->ixfr_soa_serial) {
verbose(3, "bad serial\n");
continue;

3
testcode/ldns-testpkts.h
View file

@ -42,6 +42,7 @@
; if you leave it out, any opcode matches this entry.
; 'qtype' makes the query match the qtype from the reply
; 'qname' makes the query match the qname from the reply
; 'subdomain' makes the query match subdomains of qname from the reply
; 'serial=1023' makes the query match if ixfr serial is 1023.
; 'all' has to match header byte for byte and all rrs in packet.
; 'ttl' used with all, rrs in packet must also have matching TTLs.
@ -157,6 +158,8 @@ struct entry {
bool match_qtype;
/** match qname with answer qname */
bool match_qname;
/** match qname as subdomain of answer qname */
bool match_subdomain;
/** match SOA serial number, from auth section */
bool match_serial;
/** match all of the packet */

274
testdata/dlv_anchor.rpl vendored Normal file
View file

@ -0,0 +1,274 @@
; config options
; The island of trust is at example.com (the DLV repository)
server:
dlv-anchor: "example.com. 3600 IN DS 2854 3 1 46e4ffc6e9a4793b488954bd3f0cc6af0dfb201b"
val-override-date: "20070916134226"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test validator with DLV anchor
; positive response for DLV.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
com. IN A
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
net. IN A
SECTION AUTHORITY
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
com. IN NS
SECTION ANSWER
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net. IN NS
SECTION ANSWER
net. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.com. IN A
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR NOERROR
SECTION QUESTION
example.net. IN A
SECTION AUTHORITY
example.net. IN NS ns.example.net.
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN NS
SECTION ANSWER
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
example.com. 3600 IN DNSKEY 256 3 3 ALXLUsWqUrY3JYER3T4TBJII s70j+sDS/UT2QRp61SE7S3E EXopNXoFE73JLRmvpi/UrOO/Vz4Se 6wXv/CYCKjGw06U4WRgR YXcpEhJROyNapmdIKSx hOzfLVE1gqA0PweZR8d tY3aNQSRn3sPpwJr6Mi /PqQKAMMrZ9ckJpf1+b QMOOvxgzz2U1GS18b3y ZKcgTMEaJzd/GZYzi/B N2DzQ0MsrSwYXfsNLFO Bbs8PJMW4LYIxeeOe6rUgkWOF 7CC9Dh/dduQ1QrsJhmZAEFfd6ByYV+ ;{id = 2854 (zsk), size = 1688b}
example.com. 3600 IN RRSIG DNSKEY 3 2 3600 20070926134802 20070829134802 2854 example.com. MCwCFG1yhRNtTEa3Eno2zhVVuy2EJX3wAhQeLyUp6+UXcpC5qGNu9tkrTEgPUg== ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
; DLV query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net.example.com. IN DLV
SECTION ANSWER
example.net.example.com. 3600 IN DLV 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
example.net.example.com. 3600 IN RRSIG DLV 3 4 3600 20070926134150 20070829134150 2854 example.com. ACK48Q/oKwh/SM9yRiKjZYuc+AtEZ2yCPNJ15kKCN8nsVcv7xigmNTY= ;{id = 2854}
SECTION AUTHORITY
example.com. IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
net.example.com. IN DLV
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NXDOMAIN
SECTION QUESTION
com.example.com. IN DLV
SECTION ANSWER
SECTION AUTHORITY
example.com. IN SOA open.nlnetlabs.nl. hostmaster.nlnetlabs.nl. 2008081300 28800 7200 604800 3600
example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. AKPJnPBqfJKxE4P2iVYkSRJno9HmiXJZtjdqE8oBeq9Lk9FytcMdcig= ;{id = 2854}
example.com IN NSEC example.net.example.com. SOA NS RRSIG NSEC
example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. AIoUkJ04/7/kJFDLocoqksqt9UL2RHHwlRfXAMxGdBHcNO+GSpG47Uk= ;{id = 2854}
ENTRY_END
RANGE_END
; ns.example.net.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.5
; DS RR is
; example.net. 3600 IN DS 30899 5 1 14188c885f20623ad1d3bec42798f3f951793e4c ; xehac-mofum-malyd-bomaf-pegit-fuzes-ganin-misiz-nigel-nozog-soxix
; DNSKEY prime query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN DNSKEY
SECTION ANSWER
example.net. 3600 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
example.net. 3600 IN RRSIG DNSKEY RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. hiFzlQ8VoYgCuvIsfVuxC3mfJDqsTh0yc6abs5xMx5uEcIjb0dndFQx7INOM+imlzveEN73Hqp4OLFpFhsWLlw== ;{id = 30899}
SECTION AUTHORITY
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
; NS query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
example.net. IN NS
SECTION ANSWER
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
; www.example.net query
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net. 3600 IN A 10.20.30.40
www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
SECTION AUTHORITY
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.net. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD NOERROR
SECTION QUESTION
www.example.net. IN A
SECTION ANSWER
www.example.net. 3600 IN A 10.20.30.40
www.example.net. 3600 IN RRSIG A 5 3 3600 20070926135752 20070829135752 30899 example.net. ACvv4RQVC7TbI57ewqFImRaVoymktJ5Cxn/FaCodIENt82LVM92nivbP2WtwWCsQHWp7FkrMxTlQTJwyAeXFyg== ;{id = 30899}
SECTION AUTHORITY
example.net. IN NS ns.example.net.
example.net. 3600 IN RRSIG NS RSASHA1 2 3600 20070926134150 20070829134150 30899 example.net. E8JX0l4B+cSR5bkHQwOJy1pBmlLMTYCJ8EwfNMU/eCv0YhKwo26rHhn52FGisgv+Nwp7/NbhHqQ+kJgoZC94XA== ;{id = 30899}
SECTION ADDITIONAL
ns.example.net. IN A 1.2.3.5
ns.example.net. 3600 IN RRSIG A RSASHA1 3 3600 20070926134150 20070829134150 30899 example.net. x+tQMC9FhzT7Fcy1pM5NrOC7E8nLd7THPI3C6ie4EwL8PrxllqlR3q/DKB0d/m0qCOPcgN6HFOYURV1s4uAcsw== ;{id = 30899}
ENTRY_END
SCENARIO_END

5
util/config_file.c
View file

@ -138,6 +138,7 @@ config_create()
cfg->trust_anchor_list = NULL;
cfg->trusted_keys_file_list = NULL;
cfg->dlv_anchor_file = NULL;
cfg->dlv_anchor_list = NULL;
cfg->val_date_override = 0;
cfg->val_clean_additional = 1;
cfg->val_permissive_mode = 0;
@ -308,6 +309,9 @@ int config_set_option(struct config_file* cfg, const char* opt,
} else if(strcmp(opt, "dlv-anchor-file:") == 0) {
free(cfg->dlv_anchor_file);
return (cfg->dlv_anchor_file = strdup(val)) != NULL;
} else if(strcmp(opt, "dlv-anchor:") == 0) {
return cfg_strlist_insert(&cfg->dlv_anchor_list,
strdup(val));
} else if(strcmp(opt, "val-override-date:") == 0) {
if(strcmp(val, "") == 0 || strcmp(val, "0") == 0) {
cfg->val_date_override = 0;
@ -457,6 +461,7 @@ config_delete(struct config_file* cfg)
config_delstrlist(cfg->trusted_keys_file_list);
config_delstrlist(cfg->trust_anchor_list);
free(cfg->dlv_anchor_file);
config_delstrlist(cfg->dlv_anchor_list);
config_deldblstrlist(cfg->acls);
free(cfg->val_nsec3_key_iterations);
config_deldblstrlist(cfg->local_zones);

2
util/config_file.h
View file

@ -180,6 +180,8 @@ struct config_file {
struct config_strlist* trusted_keys_file_list;
/** DLV anchor file */
char* dlv_anchor_file;
/** DLV anchor inline */
struct config_strlist* dlv_anchor_list;
/** the number of seconds maximal TTL used for RRsets and messages */
int max_ttl;

957
util/configlexer.c
View file

File diff suppressed because it is too large Load diff

1
util/configlexer.lex
View file

@ -163,6 +163,7 @@ hide-version{COLON} { YDOUT; return VAR_HIDE_VERSION;}
identity{COLON} { YDOUT; return VAR_IDENTITY;}
version{COLON} { YDOUT; return VAR_VERSION;}
module-config{COLON} { YDOUT; return VAR_MODULE_CONF;}
dlv-anchor{COLON} { YDOUT; return VAR_DLV_ANCHOR;}
dlv-anchor-file{COLON} { YDOUT; return VAR_DLV_ANCHOR_FILE;}
trust-anchor-file{COLON} { YDOUT; return VAR_TRUST_ANCHOR_FILE;}
trusted-keys-file{COLON} { YDOUT; return VAR_TRUSTED_KEYS_FILE;}

551
util/configparser.c
View file

File diff suppressed because it is too large Load diff

6
util/configparser.h
View file

@ -118,7 +118,8 @@
VAR_STATISTICS_CUMULATIVE = 334,
VAR_OUTGOING_PORT_PERMIT = 335,
VAR_OUTGOING_PORT_AVOID = 336,
VAR_DLV_ANCHOR_FILE = 337
VAR_DLV_ANCHOR_FILE = 337,
VAR_DLV_ANCHOR = 338
};
#endif
/* Tokens. */
@ -202,6 +203,7 @@
#define VAR_OUTGOING_PORT_PERMIT 335
#define VAR_OUTGOING_PORT_AVOID 336
#define VAR_DLV_ANCHOR_FILE 337
#define VAR_DLV_ANCHOR 338
@ -213,7 +215,7 @@ typedef union YYSTYPE
char* str;
}
/* Line 1489 of yacc.c. */
#line 217 "util/configparser.h"
#line 219 "util/configparser.h"
YYSTYPE;
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1

12
util/configparser.y
View file

@ -90,7 +90,7 @@ extern struct config_parser_state* cfg_parser;
%token VAR_LOCAL_ZONE VAR_LOCAL_DATA VAR_INTERFACE_AUTOMATIC
%token VAR_STATISTICS_INTERVAL VAR_DO_DAEMONIZE VAR_USE_CAPS_FOR_ID
%token VAR_STATISTICS_CUMULATIVE VAR_OUTGOING_PORT_PERMIT
%token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE
%token VAR_OUTGOING_PORT_AVOID VAR_DLV_ANCHOR_FILE VAR_DLV_ANCHOR
%%
toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@ -133,7 +133,7 @@ content_server: server_num_threads | server_verbosity | server_port |
server_statistics_interval | server_do_daemonize |
server_use_caps_for_id | server_statistics_cumulative |
server_outgoing_port_permit | server_outgoing_port_avoid |
server_dlv_anchor_file
server_dlv_anchor_file | server_dlv_anchor
;
stubstart: VAR_STUB_ZONE
{
@ -404,6 +404,14 @@ server_dlv_anchor_file: VAR_DLV_ANCHOR_FILE STRING
free(cfg_parser->cfg->dlv_anchor_file);
cfg_parser->cfg->dlv_anchor_file = $2;
}
;
server_dlv_anchor: VAR_DLV_ANCHOR STRING
{
OUTYY(("P(server_dlv_anchor:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->dlv_anchor_list, $2))
yyerror("out of memory");
}
;
server_trust_anchor_file: VAR_TRUST_ANCHOR_FILE STRING
{
OUTYY(("P(server_trust_anchor_file:%s)\n", $2));

4
util/data/msgparse.c
View file

@ -119,11 +119,11 @@ nsec_at_apex(ldns_buffer* pkt)
}
/* see if SOA bit is set. */
if(ldns_buffer_position(pkt) < pos+rdatalen) {
if(ldns_buffer_position(pkt) < pos+4+rdatalen) {
/* nsec type bitmap contains items */
uint8_t win, blen, bits;
/* need: windownum, bitmap len, firstbyte */
if(ldns_buffer_position(pkt)+3 > pos+rdatalen) {
if(ldns_buffer_position(pkt)+3 > pos+4+rdatalen) {
ldns_buffer_set_position(pkt, pos);
return 0; /* malformed nsec */
}

21
validator/val_anchor.c
View file

@ -277,25 +277,26 @@ anchor_store_new_rr(struct val_anchors* anchors, ldns_buffer* buffer,
return ta;
}
int
struct trust_anchor*
anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
const char* str)
{
struct trust_anchor* ta;
ldns_rr* rr = NULL;
ldns_status status = ldns_rr_new_frm_str(&rr, str, 0, NULL, NULL);
if(status != LDNS_STATUS_OK) {
log_err("error parsing trust anchor: %s",
ldns_get_errorstr_by_id(status));
ldns_rr_free(rr);
return 0;
return NULL;
}
if(!anchor_store_new_rr(anchors, buffer, rr)) {
if(!(ta=anchor_store_new_rr(anchors, buffer, rr))) {
log_err("out of memory");
ldns_rr_free(rr);
return 0;
return NULL;
}
ldns_rr_free(rr);
return 1;
return ta;
}
/**
@ -816,6 +817,16 @@ anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg)
return 0;
}
}
for(f = cfg->dlv_anchor_list; f; f = f->next) {
if(!f->str || f->str[0] == 0) /* empty "" */
continue;
if(!(anchors->dlv_anchor = anchor_store_str(
anchors, parsebuf, f->str))) {
log_err("error in dlv-anchor: \"%s\"", f->str);
ldns_buffer_free(parsebuf);
return 0;
}
}
init_parents(anchors);
anchors_assemble_rrsets(anchors);
ldns_buffer_free(parsebuf);

6
validator/val_anchor.h
View file

@ -160,10 +160,10 @@ struct trust_anchor* anchor_find(struct val_anchors* anchors,
* @param anchors: anchor storage.
* @param buffer: parsing buffer, to generate the RR wireformat in.
* @param str: string.
* @return false on error.
* @return NULL on error.
*/
int anchor_store_str(struct val_anchors* anchors, ldns_buffer* buffer,
const char* str);
struct trust_anchor* anchor_store_str(struct val_anchors* anchors,
ldns_buffer* buffer, const char* str);
/**
* Get memory in use by the trust anchor storage

12
validator/validator.c
View file

@ -1199,8 +1199,9 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq,
}
/* if not key, or if keyentry is *above* the trustanchor, i.e.
* the keyentry is based on another (higher) trustanchor */
else if(vq->key_entry == NULL || dname_strict_subdomain_c(
vq->trust_anchor->name, vq->key_entry->name)) {
else if(vq->key_entry == NULL || (vq->trust_anchor &&
dname_strict_subdomain_c(vq->trust_anchor->name,
vq->key_entry->name))) {
/* fire off a trust anchor priming query. */
verbose(VERB_DETAIL, "prime trust anchor");
if(!prime_trust_anchor(qstate, vq, id, vq->trust_anchor))
@ -1295,7 +1296,12 @@ processFindKey(struct module_qstate* qstate, struct val_qstate* vq, int id)
log_nametypeclass(VERB_ALGO, "target keyname", target_key_name,
LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN);
/* assert we are walking down the DNS tree */
log_assert(dname_subdomain_c(target_key_name, current_key_name));
if(!dname_subdomain_c(target_key_name, current_key_name)) {
verbose(VERB_ALGO, "bad signer name");
vq->chase_reply->security = sec_status_bogus;
vq->state = VAL_FINISHED_STATE;
return 1;
}
/* so this value is >= -1 */
strip_lab = dname_count_labels(target_key_name) -
dname_count_labels(current_key_name) - 1;