+6 March 2018: Wouter
+ - Reverted fix for #3512, this may not be the best way forward;
+ although it could be changed at a later time, to stay similar to
+ other implementations.
+
5 March 2018: Wouter
- Fix to check define of DSA for when openssl is without deprecated.
- iana port update.
if(iq->query_restart_count > MAX_RESTART_COUNT) {
verbose(VERB_QUERY, "request has exceeded the maximum number"
" of query restarts with %d", iq->query_restart_count);
- if(iq->response) {
- /* return the partial CNAME loop, i.e. with the
- * actual packet in iq->response cleared of RRsets,
- * the stored prepend RRsets contain the loop contents
- * with duplicates removed */
- return next_state(iq, FINISHED_STATE);
- }
return error_response(qstate, id, LDNS_RCODE_SERVFAIL);
}
iq->qchase.qname_len = slen;
/* This *is* a query restart, even if it is a cheap
* one. */
- msg->rep->an_numrrsets = 0;
- msg->rep->ns_numrrsets = 0;
- msg->rep->ar_numrrsets = 0;
- msg->rep->rrset_count = 0;
- iq->response = msg;
iq->dp = NULL;
iq->refetch_glue = 0;
iq->query_restart_count++;
if (qstate->env->cfg->qname_minimisation)
iq->minimisation_state = INIT_MINIMISE_STATE;
/* Clear the query state, since this is a query restart. */
- iq->response->rep->an_numrrsets = 0;
- iq->response->rep->ns_numrrsets = 0;
- iq->response->rep->ar_numrrsets = 0;
- iq->response->rep->rrset_count = 0;
iq->deleg_msg = NULL;
iq->dp = NULL;
iq->dsns_point = NULL;
; Expected result is defined by RFC 1034 section 3.6.2:
; CNAME chains should be followed and CNAME loops signalled as an error
-; but bug#3512: return partial contents with NOERROR.
STEP 221002 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
-REPLY QR RD RA DO NOERROR
+REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
cyc2.example.com. IN A
-SECTION ANSWER
-example.com. 0 IN DNAME cyc2.example.net.
-cyc2.example.com. 0 IN CNAME cyc2.cyc2.example.net.
-cyc2.example.net. 0 IN DNAME example.com.
-cyc2.cyc2.example.net. 0 IN CNAME cyc2.example.com.
ENTRY_END
; ns1.example.com.
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
fake-sha1: yes
- trust-anchor-signaling: no
stub-zone:
name: "."
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-ns.example.com. IN AAAA
-SECTION AUTHORITY
-ns.example.com. IN NSEC www.example.com. A RRSIG NSEC
-ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AE+zfHodyVCTnni/bur8IiUhTUtdac6ip/znrYYN0l1nqll1fon2+kQ=
-ENTRY_END
-
; response to DNSKEY priming query
ENTRY_BEGIN
MATCH opcode qtype qname
ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854}
ENTRY_END
-; response to DNSKEY priming query
-ENTRY_BEGIN
-MATCH opcode qtype qname
-ADJUST copy_id
-REPLY QR NOERROR
-SECTION QUESTION
-www.example.com. IN DS
-SECTION AUTHORITY
-www.example.com. IN NSEC z.example.com. CNAME RRSIG NSEC
-www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AJ8hqdeoKtvR094y+0KjO6LkCe1SCs6z5YhuY2YZCmzvUiYHP9wiMTw=
-ENTRY_END
-
; response to query of interest
ENTRY_BEGIN
MATCH opcode qtype qname
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
-REPLY QR RD RA DO AD NOERROR
+REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
-www.example.com. 3600 IN CNAME www.example.com.
-www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
fake-sha1: yes
- trust-anchor-signaling: no
stub-zone:
name: "."
www.example.com. IN A
SECTION ANSWER
www.example.com. IN CNAME foo.example.com.
-www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AD50yy1elnzRmjGCd7FBiWEkYlhQYXaZu0g1JoJMr/ONiXVnV2yiONg=
+www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
foo.example.com. IN A
SECTION ANSWER
foo.example.com. IN CNAME www.example.com.
-foo.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AEEIVUwbtfcn2RP41l0PDO+Sk4YdJ0HyRVsgq20fJnrDDC6eFXFGqUg=
+foo.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC7kcWPsMnGbjvzj5UNnxQzM0YvnAhUAgxIKgs1huJHvcAP2Xt3p8Adpy/c= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
-REPLY QR RD RA DO AD NOERROR
+REPLY QR RD RA DO SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
-www.example.com. 3600 IN CNAME foo.example.com.
-www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AD50yy1elnzRmjGCd7FBiWEkYlhQYXaZu0g1JoJMr/ONiXVnV2yiONg= ;{id = 2854}
-foo.example.com. 3600 IN CNAME www.example.com.
-foo.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AEEIVUwbtfcn2RP41l0PDO+Sk4YdJ0HyRVsgq20fJnrDDC6eFXFGqUg= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
val-override-date: "20070916134226"
target-fetch-policy: "0 0 0 0 0"
fake-sha1: yes
- trust-anchor-signaling: no
stub-zone:
name: "."
www.example.com. IN A
SECTION ANSWER
www.example.com. IN CNAME foo.example.com.
-www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AD50yy1elnzRmjGCd7FBiWEkYlhQYXaZu0g1JoJMr/ONiXVnV2yiONg=
+www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
foo.example.com. IN A
SECTION ANSWER
foo.example.com. IN CNAME bar.example.com.
-foo.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AILRq+NAK+k+qCNJAmByoTAkGNveSHT+au0u360OeUa56b8zU7gi6+I=
+foo.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFFMlXuWrNL/8aYOl9U9WYjgif8gAAhUAqsC/xOXakHP1SYxMSLANziOik94= ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
bar.example.com. IN A
SECTION ANSWER
bar.example.com. IN CNAME www.example.com.
-bar.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKA7eO4DAGPB8vg/OdBLk41/2txpklOJrszT8Gvp+UOVSLYtddNGz+k=
+bar.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFAsalUJJSV86uPlfiGS3kKDc0JB7AhQ+qmHqagY/r36Re/J3Q1OfvcA1dA== ;{id = 2854}
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA SERVFAIL
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
-www.example.com. 3600 IN CNAME foo.example.com.
-foo.example.com. 3600 IN CNAME bar.example.com.
-bar.example.com. 3600 IN CNAME www.example.com.
SECTION AUTHORITY
SECTION ADDITIONAL
ENTRY_END
if(verbosity >= VERB_ALGO)
log_dns_msg("chased extract", &vq->qchase,
vq->chase_reply);
- /* we skipped cnames, and now the reply is empty, is this
- * a CNAME loop? */
- if(vq->rrset_skip > 0 && vq->chase_reply->rrset_count == 0) {
- if(reply_find_rrset_section_an(vq->orig_msg->rep,
- lookup_name, lookup_len, LDNS_RR_TYPE_CNAME,
- vq->qchase.qclass)) {
- if(anchor) {
- lock_basic_unlock(&anchor->lock);
- }
- verbose(VERB_ALGO, "validator: encountered "
- "CNAME loop - terminating");
- vq->chase_reply->security = vq->orig_msg->rep->security;
- vq->state = VAL_FINISHED_STATE;
- return 1;
- }
- }
}
vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len,
projects / thirdparty / unbound.git / commitdiff
