fix for errata 3441 of RFC5155

author Kees Monshouwer <mind04@monshouwer.org>

Fri, 28 Feb 2014 00:07:07 +0000 (01:07 +0100)

committer mind04 <mind04@monshouwer.org>

Fri, 28 Feb 2014 00:20:54 +0000 (01:20 +0100)
author Kees Monshouwer <mind04@monshouwer.org>
Fri, 28 Feb 2014 00:07:07 +0000 (01:07 +0100)
committer mind04 <mind04@monshouwer.org>
Fri, 28 Feb 2014 00:20:54 +0000 (01:20 +0100)
diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc

index 169232795e56551065693edc940cb1e9089028d1..460ef6898fac2243c0b214c4cb7ccc1106e05c16 100644 (file)
--- a/modules/bindbackend/bindbackend2.cc
+++ b/modules/bindbackend/bindbackend2.cc
@@ -675,7 +675,7 @@ void Bind2Backend::doEmptyNonTerminals(shared_ptr<State> stage, int id, bool nse
  
      while(chopOff(shorter))
      {
-      if(!qnames.count(shorter) && !nonterm.count(shorter))
+      if(!qnames.count(shorter))
        {
          if(!(maxent))
          {
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index 1bcf2382516f9556f493e3b45c663e87db174be4..e970a649c85523c8081b840216aa533604bf7f4f 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -618,16 +618,18 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
  
      getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, false, unhashed, before, after, mode);
  
-    if (mode == 1 && (hashed != before)) {
-      DLOG(L<<"No matching NSEC3 for DS, do closest (provable) encloser"<<endl);
+    if ((mode == 0 ||  mode == 1) && (hashed != before)) {
+      DLOG(L<<"No matching NSEC3, do closest (provable) encloser"<<endl);
  
+      bool doBreak = false;
        DNSResourceRecord rr;
        while( chopOff( closest ) && (closest != sd.qname))  { // stop at SOA
          B.lookup(QType(QType::ANY), closest, p, sd.domain_id);
-        if (B.get(rr)) {
-          while(B.get(rr));
+        while(B.get(rr))
+          if (rr.auth)
+            doBreak = true;
+        if(doBreak)
            break;
-        }
        }
        doNextcloser = true;
        unhashed=closest;
diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc

index 2e942e01a9f1b3eaaf8916949cbd5cde45b3ffcf..7165404df6cef4bb04c0a97f81bb94be6be1f6a6 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -286,7 +286,7 @@ bool rectifyZone(DNSSECKeeper& dk, const std::string& zone)
          shorter=qname;
          while(!pdns_iequals(shorter, zone) && chopOff(shorter))
          {
-          if(!qnames.count(shorter) && !nonterm.count(shorter))
+          if(!qnames.count(shorter))
            {
              if(!(maxent))
              {
@@ -297,16 +297,16 @@ bool rectifyZone(DNSSECKeeper& dk, const std::string& zone)
                break;
              }
  
+            if (!delnonterm.count(shorter) && !nonterm.count(shorter))
+              insnonterm.insert(shorter);
+            else
+              delnonterm.erase(shorter);
+
              if (!nonterm.count(shorter)) {
                nonterm.insert(pair<string, bool>(shorter, auth));
                --maxent;
              } else if (auth)
                nonterm[shorter]=true;
-
-            if (!delnonterm.count(shorter))
-              insnonterm.insert(shorter);
-            else
-              delnonterm.erase(shorter);
            }
          }
        }
author	Kees Monshouwer <mind04@monshouwer.org>
	Fri, 28 Feb 2014 00:07:07 +0000 (01:07 +0100)
committer	mind04 <mind04@monshouwer.org>
	Fri, 28 Feb 2014 00:20:54 +0000 (01:20 +0100)
modules/bindbackend/bindbackend2.cc		patch \| blob \| blame \| history
pdns/packethandler.cc		patch \| blob \| blame \| history
pdns/pdnssec.cc		patch \| blob \| blame \| history