]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 174a2c1)
NSEC3 and related RRSIGS are not part of the dnstree 2348/head
authorKees Monshouwer <mind04@monshouwer.org>
Thu, 12 Mar 2015 16:38:51 +0000 (17:38 +0100)
committermind04 <mind04@monshouwer.org>
Thu, 12 Mar 2015 20:32:52 +0000 (21:32 +0100)
pdns/packethandler.cc patch | blob | blame | history
regression-tests/tests/nsec3-hash-query/command [new file with mode: 0755] patch | blob
regression-tests/tests/nsec3-hash-query/description [new file with mode: 0644] patch | blob
regression-tests/tests/nsec3-hash-query/expected_result [new file with mode: 0644] patch | blob

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index ef5599d4149bc6f2e698881e0f633d3a3b5606f8..a5ebfed0966742f3a96aab2caf5324403450a9c4 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1232,12 +1232,10 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     weDone = weRedirected = weHaveUnauth =  false;
     
     while(B.get(rr)) {
-      if (p->qtype.getCode() == QType::ANY) {
-        if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
-          continue; // TODO: this actually means addRRSig should check if the RRSig is already there.
-        if (!p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
-          continue; // Don't send dnssec info to non validating resolvers.
-      }
+      if (p->qtype.getCode() == QType::ANY && !p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
+        continue; // Don't send dnssec info to non validating resolvers.
+      if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+        continue; // TODO: this actually means addRRSig should check if the RRSig is already there
 
       // cerr<<"Auth: "<<rr.auth<<", "<<(rr.qtype == p->qtype)<<", "<<rr.qtype.getName()<<endl;
       if((p->qtype.getCode() == QType::ANY || rr.qtype == p->qtype) && rr.auth) 
diff --git a/regression-tests/tests/nsec3-hash-query/command b/regression-tests/tests/nsec3-hash-query/command
new file mode 100755 (executable)
index 0000000..a41f17c
--- /dev/null
+++ b/regression-tests/tests/nsec3-hash-query/command
@@ -0,0 +1,2 @@
+#!/bin/sh
+cleandig vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com A
diff --git a/regression-tests/tests/nsec3-hash-query/description b/regression-tests/tests/nsec3-hash-query/description
new file mode 100644 (file)
index 0000000..8f9f06d
--- /dev/null
+++ b/regression-tests/tests/nsec3-hash-query/description
@@ -0,0 +1 @@
+NSEC3 hashes are not part of the dns tree.
diff --git a/regression-tests/tests/nsec3-hash-query/expected_result b/regression-tests/tests/nsec3-hash-query/expected_result
new file mode 100644 (file)
index 0000000..e178b01
--- /dev/null
+++ b/regression-tests/tests/nsec3-hash-query/expected_result
@@ -0,0 +1,3 @@
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.', qtype=A
Unnamed repository; edit this file 'description' to name the repository.