upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Return NXDOMAIN after chain of CNAMEs ends at name-not-found.

Browse source 
git-svn-id: file:///svn/unbound/trunk@2208 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2010-08-05 14:31:52 +00:00
parent 7963430481
commit b701d70147
10 changed files with 17 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
doc/Changelog
View file

@ -1,3 +1,6 @@
5 August 2010: Wouter
- Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
4 August 2010: Wouter 4 August 2010: Wouter
- Fix validation in case a trust anchor enters into a zone with - Fix validation in case a trust anchor enters into a zone with
unsupported algorithms. unsupported algorithms.

7
iterator/iterator.c
View file

@ -323,11 +323,8 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg,
(msg->rep->ns_numrrsets + msg->rep->ar_numrrsets) * (msg->rep->ns_numrrsets + msg->rep->ar_numrrsets) *
sizeof(struct ub_packed_rrset_key*)); sizeof(struct ub_packed_rrset_key*));
/* if the rcode was NXDOMAIN, and we prepended DNAME/CNAMEs, then /* NXDOMAIN rcode can stay if we prepended DNAME/CNAMEs, because
* it should now be NOERROR. */ * this is what recursors should give. */
if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) {
FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NOERROR);
}
msg->rep->rrset_count += num_an + num_ns; msg->rep->rrset_count += num_an + num_ns;
msg->rep->an_numrrsets += num_an; msg->rep->an_numrrsets += num_an;
msg->rep->ns_numrrsets += num_ns; msg->rep->ns_numrrsets += num_ns;

2
testdata/iter_cname_nx.rpl vendored
View file

@ -145,7 +145,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all MATCH all
REPLY QR RD RA NOERROR REPLY QR RD RA NXDOMAIN
SECTION QUESTION SECTION QUESTION
www.example.com. IN A www.example.com. IN A
SECTION ANSWER SECTION ANSWER

2
testdata/ttl_msg.rpl vendored
View file

@ -420,7 +420,7 @@ ENTRY_END
STEP 41 CHECK_ANSWER STEP 41 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all ttl MATCH all ttl
REPLY QR RD RA NOERROR REPLY QR RD RA NXDOMAIN
SECTION QUESTION SECTION QUESTION
www.foo.com. IN A www.foo.com. IN A
SECTION ANSWER SECTION ANSWER

2
testdata/val_cnamenx_dblnsec.rpl vendored
View file

@ -157,7 +157,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all MATCH all
REPLY QR RD RA AD NOERROR REPLY QR RD RA AD NXDOMAIN
SECTION QUESTION SECTION QUESTION
cname.example.com. IN A cname.example.com. IN A
SECTION ANSWER SECTION ANSWER

2
testdata/val_cnamenx_rcodenx.rpl vendored
View file

@ -217,7 +217,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all MATCH all
REPLY QR RD RA AD NOERROR REPLY QR RD RA AD NXDOMAIN
SECTION QUESTION SECTION QUESTION
www.example.com. IN A www.example.com. IN A
SECTION ANSWER SECTION ANSWER

2
testdata/val_cnametonx.rpl vendored
View file

@ -217,7 +217,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all MATCH all
REPLY QR RD RA AD NOERROR REPLY QR RD RA AD NXDOMAIN
SECTION QUESTION SECTION QUESTION
www.example.com. IN A www.example.com. IN A
SECTION ANSWER SECTION ANSWER

2
testdata/val_cnamewctonx.rpl vendored
View file

@ -219,7 +219,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all MATCH all
REPLY QR RD RA AD NOERROR REPLY QR RD RA AD NXDOMAIN
SECTION QUESTION SECTION QUESTION
www.example.com. IN A www.example.com. IN A
SECTION ANSWER SECTION ANSWER

2
testdata/val_nsec3_cname_sub.rpl vendored
View file

@ -201,7 +201,7 @@ ENTRY_END
STEP 10 CHECK_ANSWER STEP 10 CHECK_ANSWER
ENTRY_BEGIN ENTRY_BEGIN
MATCH all MATCH all
REPLY QR RD RA AD NOERROR REPLY QR RD RA AD NXDOMAIN
SECTION QUESTION SECTION QUESTION
www.example.com. IN A www.example.com. IN A
SECTION ANSWER SECTION ANSWER

10
validator/val_utils.c
View file

@ -95,15 +95,14 @@ val_classify_response(uint16_t query_flags, struct query_info* origqinf,
return VAL_CLASS_REFERRAL; return VAL_CLASS_REFERRAL;
/* dump bad messages */ /* dump bad messages */
if(rcode != LDNS_RCODE_NOERROR) if(rcode != LDNS_RCODE_NOERROR && rcode != LDNS_RCODE_NXDOMAIN)
return VAL_CLASS_UNKNOWN; return VAL_CLASS_UNKNOWN;
log_assert(rcode == LDNS_RCODE_NOERROR);
/* next check if the skip into the answer section shows no answer */ /* next check if the skip into the answer section shows no answer */
if(skip>0 && rep->an_numrrsets <= skip) if(skip>0 && rep->an_numrrsets <= skip)
return VAL_CLASS_CNAMENOANSWER; return VAL_CLASS_CNAMENOANSWER;
/* Next is NODATA */ /* Next is NODATA */
if(rep->an_numrrsets == 0) if(rcode == LDNS_RCODE_NOERROR && rep->an_numrrsets == 0)
return VAL_CLASS_NODATA; return VAL_CLASS_NODATA;
/* We distinguish between CNAME response and other positive/negative /* We distinguish between CNAME response and other positive/negative
@ -111,13 +110,14 @@ val_classify_response(uint16_t query_flags, struct query_info* origqinf,
/* We distinguish between ANY and CNAME or POSITIVE because /* We distinguish between ANY and CNAME or POSITIVE because
* ANY responses are validated differently. */ * ANY responses are validated differently. */
if(qinf->qtype == LDNS_RR_TYPE_ANY) if(rcode == LDNS_RCODE_NOERROR && qinf->qtype == LDNS_RR_TYPE_ANY)
return VAL_CLASS_ANY; return VAL_CLASS_ANY;
/* Note that DNAMEs will be ignored here, unless qtype=DNAME. Unless /* Note that DNAMEs will be ignored here, unless qtype=DNAME. Unless
* qtype=CNAME, this will yield a CNAME response. */ * qtype=CNAME, this will yield a CNAME response. */
for(i=skip; i<rep->an_numrrsets; i++) { for(i=skip; i<rep->an_numrrsets; i++) {
if(ntohs(rep->rrsets[i]->rk.type) == qinf->qtype) if(rcode == LDNS_RCODE_NOERROR &&
ntohs(rep->rrsets[i]->rk.type) == qinf->qtype)
return VAL_CLASS_POSITIVE; return VAL_CLASS_POSITIVE;
if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME) if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME)
return VAL_CLASS_CNAME; return VAL_CLASS_CNAME;