]> git.ipfire.org Git - thirdparty/pdns.git/commitdiff
projects / thirdparty / pdns.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2b99608)
auth: do not answer with broken TYPE0 data when expanding an ENT wildcard 12860/head
authorPeter van Dijk <peter.van.dijk@powerdns.com>
Sun, 28 May 2023 21:05:35 +0000 (23:05 +0200)
committerPeter van Dijk <peter.van.dijk@powerdns.com>
Wed, 31 May 2023 10:18:37 +0000 (12:18 +0200)
pdns/packethandler.cc patch | blob | blame | history
regression-tests/tests/ent-asterisk/command patch | blob | blame | history
regression-tests/tests/ent-asterisk/expected_result patch | blob | blame | history
regression-tests/tests/ent-asterisk/expected_result.dnssec patch | blob | blame | history
regression-tests/tests/ent-asterisk/expected_result.narrow patch | blob | blame | history
regression-tests/tests/ent-asterisk/expected_result.nsec3 patch | blob | blame | history

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 5d603648c510cd45a9342f1e53bf235e205ae897..d83b8393d1f66bdfb92504f52c41f931f5d5fd98 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -436,7 +436,7 @@ bool PacketHandler::getBestWildcard(DNSPacket& p, const DNSName &target, DNSName
       }
       else
 #endif
-      if(rr.dr.d_type == p.qtype.getCode() || rr.dr.d_type == QType::CNAME || (p.qtype.getCode() == QType::ANY && rr.dr.d_type != QType::RRSIG)) {
+      if(rr.dr.d_type != QType::ENT && (rr.dr.d_type == p.qtype.getCode() || rr.dr.d_type == QType::CNAME || (p.qtype.getCode() == QType::ANY && rr.dr.d_type != QType::RRSIG))) {
         ret->push_back(rr);
       }
 
diff --git a/regression-tests/tests/ent-asterisk/command b/regression-tests/tests/ent-asterisk/command
index bce5a5ec687fd8a77d91f2486b03e0574f56fa23..b183ea74b64b5e33660317ed7d5de43f9e7ed104 100755 (executable)
--- a/regression-tests/tests/ent-asterisk/command
+++ b/regression-tests/tests/ent-asterisk/command
@@ -1,3 +1,4 @@
 #!/bin/sh
 
 cleandig sub.host.sub.example.com a dnssec
+cleandig sub.host.sub.example.com any dnssec tcp
diff --git a/regression-tests/tests/ent-asterisk/expected_result b/regression-tests/tests/ent-asterisk/expected_result
index c07355b8cd99772a4bb2ce8f47c20a88ccebf622..51e64a592fd33b41ee1c0392469ee05443823753 100644 (file)
--- a/regression-tests/tests/ent-asterisk/expected_result
+++ b/regression-tests/tests/ent-asterisk/expected_result
@@ -2,3 +2,7 @@
 2      .       32768   IN      OPT     
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='sub.host.sub.example.com.', qtype=A
+1      example.com.    86400   IN      SOA     ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400
+2      .       32768   IN      OPT     
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=ANY
diff --git a/regression-tests/tests/ent-asterisk/expected_result.dnssec b/regression-tests/tests/ent-asterisk/expected_result.dnssec
index 6be3db6d8519f5db55380ed8cbcfb99d7c006363..3c5498c78eeeb58947b225570853f4469ce7f6f7 100644 (file)
--- a/regression-tests/tests/ent-asterisk/expected_result.dnssec
+++ b/regression-tests/tests/ent-asterisk/expected_result.dnssec
@@ -7,3 +7,12 @@
 2      .       32768   IN      OPT     
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='sub.host.sub.example.com.', qtype=A
+1      example.com.    86400   IN      RRSIG   SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    86400   IN      SOA     ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400
+1      host.*.sub.example.com. 86400   IN      NSEC    bar.svcb.example.com. A RRSIG NSEC
+1      host.*.sub.example.com. 86400   IN      RRSIG   NSEC 13 5 86400 [expiry] [inception] [keytag] example.com. ...
+1      start4.example.com.     86400   IN      NSEC    host.*.sub.example.com. A RRSIG NSEC
+1      start4.example.com.     86400   IN      RRSIG   NSEC 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       32768   IN      OPT     
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=ANY
diff --git a/regression-tests/tests/ent-asterisk/expected_result.narrow b/regression-tests/tests/ent-asterisk/expected_result.narrow
index d0f8c68d65a7ad051da4cc8301ea8fea4d501c39..fa87e0b259214bdf34336d10a98e42259c659cd3 100644 (file)
--- a/regression-tests/tests/ent-asterisk/expected_result.narrow
+++ b/regression-tests/tests/ent-asterisk/expected_result.narrow
@@ -9,3 +9,14 @@
 2      .       32768   IN      OPT     
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='sub.host.sub.example.com.', qtype=A
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   86400   IN      NSEC3   1 [flags] 1 abcd 5UI8H56R4776MAICVHPDEGS6CHR19I9A
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   86400   IN      RRSIG   NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    86400   IN      RRSIG   SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    86400   IN      SOA     ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   86400   IN      NSEC3   1 [flags] 1 abcd HHRSADPARTHVTUOU67TRENTJSTDODLA1
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   86400   IN      RRSIG   NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.   86400   IN      NSEC3   1 [flags] 1 abcd PBL3RTQV3MT7EB29GQP0A17O0H42NJ78
+1      pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.   86400   IN      RRSIG   NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       32768   IN      OPT     
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=ANY
diff --git a/regression-tests/tests/ent-asterisk/expected_result.nsec3 b/regression-tests/tests/ent-asterisk/expected_result.nsec3
index 04967be403fe64c429cb3e46c38affac1e7097b4..127945409770e80d40dfdde8ceb30bdbe9758168 100644 (file)
--- a/regression-tests/tests/ent-asterisk/expected_result.nsec3
+++ b/regression-tests/tests/ent-asterisk/expected_result.nsec3
@@ -9,3 +9,14 @@
 2      .       32768   IN      OPT     
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='sub.host.sub.example.com.', qtype=A
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   86400   IN      NSEC3   1 [flags] 1 abcd 5UMB87SUFNRRMLILGL48A5GUUHG7RI58
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   86400   IN      RRSIG   NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    86400   IN      RRSIG   SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    86400   IN      SOA     ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   86400   IN      NSEC3   1 [flags] 1 abcd HHTKKD5HB125SGANBTKMQK84LULH60LH
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   86400   IN      RRSIG   NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.   86400   IN      NSEC3   1 [flags] 1 abcd PBL4SE96F8T4H4Q24UQMRQ4KS96AHPV3 A RRSIG
+1      pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.   86400   IN      RRSIG   NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       32768   IN      OPT     
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=ANY
Unnamed repository; edit this file 'description' to name the repository.