no more AD bits, except when DO is set.

git-svn-id: file:///svn/unbound/trunk@672 be551aaa-1e26-0410-a405-d3ace91eadb9
2026-01-03 13:29:36 -05:00 · 2007-10-09 15:33:40 +00:00 · 2007-10-09 15:33:40 +00:00 · d4424931f4
commit d4424931f4
parent a5ac86f410
10 changed files with 29 additions and 6 deletions
--- a/daemon/worker.c
+++ b/daemon/worker.c
@ -723,6 +723,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
 		LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), 
 			LDNS_RCODE_SERVFAIL);
 		ldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE);
+		ldns_buffer_write_at(c->buffer, 4, 
+			(uint8_t*)"\0\0\0\0\0\0\0\0", 8);
 		ldns_buffer_flip(c->buffer);
 		return 1;
 	}
--- a/doc/Changelog
+++ b/doc/Changelog
@ -5,6 +5,8 @@
 	- callback checks for event callbacks done from mini_event. Because
 	  of deletions cannot do this from netevent. This means when using
 	  libevent the protection does not work on event-callbacks.
+	- fixup too small reply (did not zero counts).
+	- fixup reply no longer AD bit when query without DO bit.

 5 October 2007: Wouter
 	- function pointer whitelist.
--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@ -359,6 +359,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo)
 	else	repinfo.c->type = comm_udp;
 	fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL);
 	log_info("testbound: incoming QUERY");
+	log_pkt("query pkt", todo->match->reply_list->reply);
 	/* call the callback for incoming queries */
 	if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, 
 		NETEVENT_NOERROR, &repinfo)) {
--- a/testcode/ldns-testpkts.c
+++ b/testcode/ldns-testpkts.c
@ -185,6 +185,7 @@ static void replyline(const char* line, ldns_pkt *reply)
 		} else if(str_keyword(&parse, "AD")) {
 			ldns_pkt_set_ad(reply, true);
 		} else if(str_keyword(&parse, "DO")) {
+			ldns_pkt_set_edns_udp_size(reply, 4096);
 			ldns_pkt_set_edns_do(reply, true);
 		} else {
 			error("could not parse REPLY: '%s'", parse);
--- a/testdata/iter_emptydp.rpl
+++ b/testdata/iter_emptydp.rpl
@ -148,7 +148,7 @@ RANGE_END

 STEP 1 QUERY
 ENTRY_BEGIN
-REPLY RD
+REPLY RD DO
 SECTION QUESTION
 www.example.com. IN A
 ENTRY_END
@ -162,10 +162,13 @@ SECTION QUESTION
 www.example.com. IN A
 SECTION ANSWER
 www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
 SECTION AUTHORITY
 example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
 SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
 ENTRY_END

 ; make sure glue fetch is done.
--- a/testdata/iter_primenoglue.rpl
+++ b/testdata/iter_primenoglue.rpl
@ -197,7 +197,7 @@ RANGE_END

 STEP 1 QUERY
 ENTRY_BEGIN
-REPLY RD
+REPLY RD DO
 SECTION QUESTION
 www.example.com. IN A
 ENTRY_END
@ -211,10 +211,13 @@ SECTION QUESTION
 www.example.com. IN A
 SECTION ANSWER
 www.example.com. IN A	10.20.30.40
+www.example.com.        3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854}
 SECTION AUTHORITY
 example.com.	IN NS	ns.example.com.
+example.com.    3600    IN      RRSIG   NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854}
 SECTION ADDITIONAL
 ns.example.com.		IN 	A	1.2.3.4
+ns.example.com. 3600    IN      RRSIG   A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854}
 ENTRY_END

 ; make sure glue fetch is done.
--- a/testdata/val_anchor_nx.rpl
+++ b/testdata/val_anchor_nx.rpl
@ -165,7 +165,7 @@ RANGE_END

 STEP 1 QUERY
 ENTRY_BEGIN
-REPLY RD
+REPLY RD DO
 SECTION QUESTION
 www.sub.example.com. IN A
 ENTRY_END
@ -180,6 +180,11 @@ www.sub.example.com. IN A
 SECTION ANSWER
 SECTION AUTHORITY
 example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
 SECTION ADDITIONAL
 ENTRY_END

--- a/testdata/val_anchor_nx_nosig.rpl
+++ b/testdata/val_anchor_nx_nosig.rpl
@ -164,7 +164,7 @@ RANGE_END

 STEP 1 QUERY
 ENTRY_BEGIN
-REPLY RD
+REPLY RD DO
 SECTION QUESTION
 www.sub.example.com. IN A
 ENTRY_END
@ -179,6 +179,11 @@ www.sub.example.com. IN A
 SECTION ANSWER
 SECTION AUTHORITY
 example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200
+example.com.    3600    IN      RRSIG   SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854}
+blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC
+blub.example.com.       3600    IN      RRSIG   NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854}
+example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC
+example.com.    3600    IN      RRSIG   NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854}
 SECTION ADDITIONAL
 ENTRY_END

--- a/testdata/val_ans_dsent.rpl
+++ b/testdata/val_ans_dsent.rpl
@ -183,7 +183,7 @@ RANGE_END

 STEP 1 QUERY
 ENTRY_BEGIN
-REPLY RD
+REPLY RD DO
 SECTION QUESTION
 328.0.0.194.example.com. IN A
 ENTRY_END
@ -197,6 +197,7 @@ SECTION QUESTION
 328.0.0.194.example.com. IN A
 SECTION ANSWER
 328.0.0.194.example.com. 	3600	IN	A	11.11.11.11
+328.0.0.194.example.com.        3600    IN      RRSIG   A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899}
 SECTION AUTHORITY
 SECTION ADDITIONAL
 ENTRY_END
--- a/util/data/msgencode.c
+++ b/util/data/msgencode.c
@ -721,7 +721,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep,
 		/* remove AA bit, copy RD and CD bits from query. */
 		flags = (rep->flags & ~BIT_AA) | (qflags & (BIT_RD|BIT_CD)); 
 	}
-	if(secure)
+	if(secure && dnssec)
 		flags |= BIT_AD;
 	log_assert(flags & BIT_QR); /* QR bit must be on in our replies */
 	if(udpsize < LDNS_HEADER_SIZE)