:bar.svcb.example.com:28:\040\001\015\270\000\000\000\000\000\000\000\000\000\003\000\004:120
:bar.svcb.example.com:64:\000\001\000\000\001\000\003\002h2:120
:bar.svcb.example.com:64:\000\003\000\000\001\000\003\002h3\000\003\000\002\005\334:120
+:baz.svcb.example.com:64:\000\000\004foo1\004svcb\007example\003net\000:120
:dsdelegation.example.com:43:m\341\010\001\312\361\352\256\315\253\347afpx\217\220\042EK\365\375\237\332:120
:escapedtext.example.com:16:\005begin\022the\040\042middle\042\040p\134art\007the\040end:120
:foo.svcb.example.com:64:\000\000\004foo1\004svcb\007example\003com\000:120
return haveSomething;
}
-DNSName PacketHandler::doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r) {
+DNSName PacketHandler::doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r, vector<DNSZoneRecord>& extraRecords) {
DNSName ret = firstTarget;
size_t ctr = 5; // Max 5 SVCB Aliasforms per query
bool done = false;
while (!done && ctr > 0) {
DNSZoneRecord rr;
done = true;
+
+ if(!ret.isPartOf(d_sd.qname)) {
+ continue;
+ }
+
B.lookup(QType(qtype), ret, d_sd.domain_id);
while (B.get(rr)) {
rr.dr.d_place = DNSResourceRecord::ADDITIONAL;
case QType::SVCB: /* fall-through */
case QType::HTTPS: {
auto rrc = getRR<SVCBBaseRecordContent>(rr.dr);
- r->addRecord(std::move(rr));
+ extraRecords.push_back(std::move(rr));
ret = rrc->getTarget().isRoot() ? ret : rrc->getTarget();
if (rrc->getPriority() == 0) {
done = false;
{
DNSName content;
std::unordered_set<DNSName> lookup;
+ vector<DNSZoneRecord> extraRecords;
const auto& rrs = r->getRRS();
lookup.reserve(rrs.size());
if (content.isRoot()) {
content = rr.dr.d_name;
}
- content = doAdditionalServiceProcessing(content, rr.dr.d_type, r);
+ if (rrc->getPriority() == 0) {
+ content = doAdditionalServiceProcessing(content, rr.dr.d_type, r, extraRecords);
+ }
break;
}
default:
}
}
}
+
+ for(auto& rr : extraRecords) {
+ r->addRecord(std::move(rr));
+ }
+ extraRecords.clear();
// TODO should we have a setting to do this?
for (auto &rec : r->getServiceRecords()) {
// Process auto hints
bool addCDS(DNSPacket& p, std::unique_ptr<DNSPacket>& r);
bool addNSEC3PARAM(const DNSPacket& p, std::unique_ptr<DNSPacket>& r);
void doAdditionalProcessing(DNSPacket& p, std::unique_ptr<DNSPacket>& r);
- DNSName doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r);
+ DNSName doAdditionalServiceProcessing(const DNSName &firstTarget, const uint16_t &qtype, std::unique_ptr<DNSPacket>& r, vector<DNSZoneRecord>& extraRecords);
+
//! Get all IPv4 or IPv6 addresses (based on |qtype|) for |target|.
vector<ComboAddress> getIPAddressFor(const DNSName &target, const uint16_t qtype);
void addNSECX(DNSPacket& p, std::unique_ptr<DNSPacket>& r, const DNSName &target, const DNSName &wildcard, int mode);
-034a2b6c643ef42a58d19aaed62c6b27 ../regression-tests/zones/example.com
+229dad9ea0464a429685d3dda8a8e9ef ../regression-tests/zones/example.com
fe49d2784b1bcc3b91ddd5619f0b6cc1 ../regression-tests/zones/test.com
f0df67fa656d33fd85098cbe43893395 ../regression-tests/zones/test.dyndns
dee3e8b568549d9450134b555ca73990 ../regression-tests/zones/sub.test.dyndns
9aeed2c26d0c3ba3baf22dfa9568c451 ../regression-tests/zones/2.0.192.in-addr.arpa
99c73e8b5db5781fec1ac3fa6a2662a9 ../regression-tests/zones/cryptokeys.org
1f9e19be0cff67330f3a0a5347654f91 ../regression-tests/zones/hiddencryptokeys.org
-8d42198e3c989c38edb715407bc9c4ae ../modules/tinydnsbackend/data.cdb
+31595b9c5e078fa22dd1716a34ca1323 ../modules/tinydnsbackend/data.cdb
#!/bin/sh
-cleandig foo.svcb.example.com SVCB dnssec
\ No newline at end of file
+cleandig foo.svcb.example.com SVCB dnssec
+cleandig baz.svcb.example.com SVCB dnssec
\ No newline at end of file
2 foo1.svcb.example.com. IN SVCB 120 1 . alpn=h2,h3
Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
Reply to question for qname='foo.svcb.example.com.', qtype=SVCB
+0 baz.svcb.example.com. IN SVCB 120 0 foo1.svcb.example.net.
+2 . IN OPT 32768
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='baz.svcb.example.com.', qtype=SVCB
2 foo1.svcb.example.com. IN SVCB 120 1 . alpn=h2,h3
Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
Reply to question for qname='foo.svcb.example.com.', qtype=SVCB
+0 baz.svcb.example.com. IN RRSIG 120 SVCB 13 4 120 [expiry] [inception] [keytag] example.com. ...
+0 baz.svcb.example.com. IN SVCB 120 0 foo1.svcb.example.net.
+2 . IN OPT 32768
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='baz.svcb.example.com.', qtype=SVCB
foo.svcb IN A 192.0.2.1 ; Should not show up in additional
foo1.svcb IN A 192.0.2.2 ; Should show up in additional
+
bar.svcb IN SVCB 1 . alpn=h2
bar.svcb IN SVCB 3 . alpn=h3 port=1500
bar.svcb IN AAAA 2001:db8::3:1
bar.svcb IN AAAA 2001:db8::3:4
-bar.svcb IN A 192.0.2.1
\ No newline at end of file
+bar.svcb IN A 192.0.2.1
+
+baz.svcb IN SVCB 0 foo1.svcb.example.net. ; AliasMode - should not trigger additional processing, the target is in another zone
projects / thirdparty / pdns.git / commitdiff
