layer/iterate: do not presume AA=1 is really authoritative

author Marek Vavruša <marek.vavrusa@nic.cz>

Fri, 29 May 2015 21:55:33 +0000 (23:55 +0200)

committer Marek Vavruša <marek.vavrusa@nic.cz>

Fri, 29 May 2015 21:55:33 +0000 (23:55 +0200)
author Marek Vavruša <marek.vavrusa@nic.cz>
Fri, 29 May 2015 21:55:33 +0000 (23:55 +0200)
committer Marek Vavruša <marek.vavrusa@nic.cz>
Fri, 29 May 2015 21:55:33 +0000 (23:55 +0200)
diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c

index da49252d1f578c0a680347f4593cfb83b12357d7..10b323c627b5cbb4565ae9eef23195273d2b887c 100644 (file)
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -224,10 +224,12 @@ static int process_authority(knot_pkt_t *pkt, struct kr_request *req)
         int result = KNOT_STATE_CONSUME;
         const knot_pktsection_t *ns = knot_pkt_section(pkt, KNOT_AUTHORITY);
  
+#ifdef STRICT_MODE
         /* AA, terminate resolution chain. */
         if (knot_wire_get_aa(pkt->wire)) {
                 return KNOT_STATE_CONSUME;
         }
+#endif
  
         /* Update zone cut information. */
         for (unsigned i = 0; i < ns->count; ++i) {
@@ -367,6 +369,7 @@ static int prepare_query(knot_layer_t *ctx, knot_pkt_t *pkt)
  
  static int resolve_badmsg(knot_pkt_t *pkt, struct kr_request *req, struct kr_query *query)
  {
+#ifndef STRICT_MODE
         /* Work around broken auths/load balancers */
         if (query->flags & QUERY_SAFEMODE) {
                 return resolve_error(pkt, req);
@@ -374,6 +377,9 @@ static int resolve_badmsg(knot_pkt_t *pkt, struct kr_request *req, struct kr_que
                 query->flags |= QUERY_SAFEMODE;
                 return KNOT_STATE_DONE;
         }
+#else
+               return resolve_error(pkt, req);
+#endif
  }
  
  /** Resolve input query or continue resolution with followups.
diff --git a/tests/testdata/iter_ns_badaa.rpl b/tests/testdata/iter_ns_badaa.rpl

new file mode 100644 (file)

index 0000000..5407a07
--- /dev/null
+++ b/tests/testdata/iter_ns_badaa.rpl
@@ -0,0 +1,78 @@
+; config options
+server:
+       target-fetch-policy: "3 2 1 0 0"
+
+stub-zone:
+       name: "."
+       stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test iterator with NS falsely declaring referral answer as authoritative.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+       ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS        K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.    IN      A       193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+; False declaration here
+REPLY QR AA NOERROR
+SECTION QUESTION
+MORECOWBELL. IN A
+SECTION AUTHORITY
+MORECOWBELL.   IN NS   a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+       ADDRESS 192.5.6.30
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id copy_query
+REPLY QR AA NOERROR
+SECTION QUESTION
+CATALYST.MORECOWBELL. IN A
+SECTION ANSWER
+CATALYST.MORECOWBELL. IN A     10.20.30.40
+SECTION AUTHORITY
+CATALYST.MORECOWBELL.  IN NS   a.gtld-servers.net.
+ENTRY_END
+
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+catalyst.morecowbell. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+catalyst.morecowbell. IN A
+SECTION ANSWER
+catalyst.morecowbell. IN A 10.20.30.40
+ENTRY_END
+
+SCENARIO_END
author	Marek Vavruša <marek.vavrusa@nic.cz>
	Fri, 29 May 2015 21:55:33 +0000 (23:55 +0200)
committer	Marek Vavruša <marek.vavrusa@nic.cz>
	Fri, 29 May 2015 21:55:33 +0000 (23:55 +0200)
lib/layer/iterate.c		patch \| blob \| blame \| history
tests/testdata/iter_ns_badaa.rpl	[new file with mode: 0644]	patch \| blob