DNAME don't sign the synthesised CNAME

author Kees Monshouwer <mind04@monshouwer.org>

Tue, 23 Sep 2014 22:34:09 +0000 (00:34 +0200)

committer mind04 <mind04@monshouwer.org>

Tue, 23 Sep 2014 22:34:09 +0000 (00:34 +0200)
author Kees Monshouwer <mind04@monshouwer.org>
Tue, 23 Sep 2014 22:34:09 +0000 (00:34 +0200)
committer mind04 <mind04@monshouwer.org>
Tue, 23 Sep 2014 22:34:09 +0000 (00:34 +0200)
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc

index 5f7046d71ff951e2d2ae753e5300f3339cae8a9c..f63617bf115aaa2e50a325d247db1632c8fc657e 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -260,6 +260,7 @@ vector<DNSResourceRecord> PacketHandler::getBestDNAMESynth(DNSPacket *p, SOAData
        rr.qtype = QType::CNAME;
        rr.qname = prefix + rr.qname;
        rr.content = prefix + rr.content;
+      rr.auth = 0; // don't sign CNAME
        target= rr.content;
        ret.push_back(rr); 
      }
diff --git a/regression-tests/tests/dname/command b/regression-tests/tests/dname/command

index 1dc9147719c1ef9988b9b09f6f22735010da30a9..44791ca9fae09039b583ac705c502c0a91352997 100755 (executable)
--- a/regression-tests/tests/dname/command
+++ b/regression-tests/tests/dname/command
@@ -1,2 +1,2 @@
  #!/bin/sh
-cleandig www.d.test.com A
+cleandig www.d.test.com A dnssec
diff --git a/regression-tests/tests/dname/expected_result b/regression-tests/tests/dname/expected_result

index 3490552730a7a67b56ed4ece1c708e77ae7a3d4c..3ad4b3d26bc55afed8214c6fd9679792cc56a5e1 100644 (file)
--- a/regression-tests/tests/dname/expected_result
+++ b/regression-tests/tests/dname/expected_result
@@ -13,6 +13,7 @@
  1      .       IN      NS      518400  k.root-servers.net.
  1      .       IN      NS      518400  l.root-servers.net.
  1      .       IN      NS      518400  m.root-servers.net.
+2      .       IN      OPT     32768   
  2      a.root-servers.net.     IN      A       3600000 198.41.0.4
  2      b.root-servers.net.     IN      A       3600000 192.228.79.201
  2      c.root-servers.net.     IN      A       3600000 192.33.4.12
@@ -25,5 +26,6 @@
  2      j.root-servers.net.     IN      A       3600000 192.58.128.30
  2      k.root-servers.net.     IN      A       3600000 193.0.14.129
  2      l.root-servers.net.     IN      A       3600000 199.7.83.42
+2      m.root-servers.net.     IN      A       3600000 202.12.27.33
  Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
  Reply to question for qname='www.d.test.com.', qtype=A
diff --git a/regression-tests/tests/dname/expected_result.dnssec b/regression-tests/tests/dname/expected_result.dnssec

new file mode 100644 (file)

index 0000000..dd5afec
--- /dev/null
+++ b/regression-tests/tests/dname/expected_result.dnssec
@@ -0,0 +1,32 @@
+0      d.test.com.     IN      DNAME   3600    d2.test2.com.
+0      d.test.com.     IN      RRSIG   3600    DNAME 8 3 3600 [expiry] [inception] [keytag] test.com. ...
+0      www.d.test.com. IN      CNAME   3600    www.d2.test2.com.
+1      .       IN      NS      518400  a.root-servers.net.
+1      .       IN      NS      518400  b.root-servers.net.
+1      .       IN      NS      518400  c.root-servers.net.
+1      .       IN      NS      518400  d.root-servers.net.
+1      .       IN      NS      518400  e.root-servers.net.
+1      .       IN      NS      518400  f.root-servers.net.
+1      .       IN      NS      518400  g.root-servers.net.
+1      .       IN      NS      518400  h.root-servers.net.
+1      .       IN      NS      518400  i.root-servers.net.
+1      .       IN      NS      518400  j.root-servers.net.
+1      .       IN      NS      518400  k.root-servers.net.
+1      .       IN      NS      518400  l.root-servers.net.
+1      .       IN      NS      518400  m.root-servers.net.
+2      .       IN      OPT     32768   
+2      a.root-servers.net.     IN      A       3600000 198.41.0.4
+2      b.root-servers.net.     IN      A       3600000 192.228.79.201
+2      c.root-servers.net.     IN      A       3600000 192.33.4.12
+2      d.root-servers.net.     IN      A       3600000 199.7.91.13
+2      e.root-servers.net.     IN      A       3600000 192.203.230.10
+2      f.root-servers.net.     IN      A       3600000 192.5.5.241
+2      g.root-servers.net.     IN      A       3600000 192.112.36.4
+2      h.root-servers.net.     IN      A       3600000 128.63.2.53
+2      i.root-servers.net.     IN      A       3600000 192.36.148.17
+2      j.root-servers.net.     IN      A       3600000 192.58.128.30
+2      k.root-servers.net.     IN      A       3600000 193.0.14.129
+2      l.root-servers.net.     IN      A       3600000 199.7.83.42
+2      m.root-servers.net.     IN      A       3600000 202.12.27.33
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.d.test.com.', qtype=A
diff --git a/regression-tests/tests/dname/skip.nodnssec b/regression-tests/tests/dname/skip.nodnssec

deleted file mode 100644 (file)

index e69de29..0000000
author	Kees Monshouwer <mind04@monshouwer.org>
	Tue, 23 Sep 2014 22:34:09 +0000 (00:34 +0200)
committer	mind04 <mind04@monshouwer.org>
	Tue, 23 Sep 2014 22:34:09 +0000 (00:34 +0200)
pdns/packethandler.cc		patch \| blob \| blame \| history
regression-tests/tests/dname/command		patch \| blob \| blame \| history
regression-tests/tests/dname/expected_result		patch \| blob \| blame \| history
regression-tests/tests/dname/expected_result.dnssec	[new file with mode: 0644]	patch \| blob
regression-tests/tests/dname/skip.nodnssec	[deleted file]	patch \| blob \| blame \| history