From: George Thessalonikefs <george@nlnetlabs.nl>
Date: Fri, 10 Dec 2021 16:35:36 +0000 (+0100)
Subject: - Allow local-data for classes other than IN to inherit a configured
X-Git-Tag: release-1.15.0rc1~50
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2c1a5203a5c074cf696477a292dbfcacc26df7ef;p=thirdparty%2Funbound.git

- Allow local-data for classes other than IN to inherit a configured
  local-zone's type if possible, instead of defaulting to type
  transparent as per the implicit rule.
---

diff --git a/doc/Changelog b/doc/Changelog
index 8a5a32317..9df23b322 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+10 December 2021: George
+	- Allow local-data for classes other than IN to inherit a configured
+	  local-zone's type if possible, instead of defaulting to type
+	  transparent as per the implicit rule.
+
 10 December 2021: Wouter
 	- Add code similar to fix for ldns for tab between strings, for
 	  consistency, the test case was not broken.
diff --git a/services/localzone.c b/services/localzone.c
index 77d0107f9..beaefbdc8 100644
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -56,6 +56,44 @@
  * with 16 bytes for an A record, a 64K packet has about 4000 max */
 #define LOCALZONE_RRSET_COUNT_MAX 4096
 
+/** print all RRsets in local zone */
+static void
+local_zone_out(struct local_zone* z)
+{
+	struct local_data* d;
+	struct local_rrset* p;
+	RBTREE_FOR(d, struct local_data*, &z->data) {
+		for(p = d->rrsets; p; p = p->next) {
+			log_nametypeclass(NO_VERBOSE, "rrset", d->name,
+				ntohs(p->rrset->rk.type),
+				ntohs(p->rrset->rk.rrset_class));
+		}
+	}
+}
+
+static void
+local_zone_print(struct local_zone* z)
+{
+	char buf[64];
+	lock_rw_rdlock(&z->lock);
+	snprintf(buf, sizeof(buf), "%s zone",
+		local_zone_type2str(z->type));
+	log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass);
+	local_zone_out(z);
+	lock_rw_unlock(&z->lock);
+}
+
+void local_zones_print(struct local_zones* zones)
+{
+	struct local_zone* z;
+	lock_rw_rdlock(&zones->lock);
+	log_info("number of auth zones %u", (unsigned)zones->ztree.count);
+	RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
+		local_zone_print(z);
+	}
+	lock_rw_unlock(&zones->lock);
+}
+
 struct local_zones* 
 local_zones_create(void)
 {
@@ -1010,6 +1048,35 @@ lz_setup_implicit(struct local_zones* zones, struct config_file* cfg)
 		lock_rw_rdlock(&zones->lock);
 		if(!local_zones_lookup(zones, rr_name, len, labs, rr_class,
 			rr_type)) {
+			/* Check if there is a zone that this could go
+			 * under but for different class; created zones are
+			 * always for LDNS_RR_CLASS_IN. Create the zone with
+			 * a different class but the same configured
+			 * local_zone_type. */
+			struct local_zone* z = local_zones_lookup(zones,
+				rr_name, len, labs, LDNS_RR_CLASS_IN, rr_type);
+			if(z) {
+				uint8_t* name = memdup(z->name, z->namelen);
+				lock_rw_unlock(&zones->lock);
+				if(!name) {
+					log_err("out of memory");
+					free(rr_name);
+					return 0;
+				}
+				if(!(
+#ifndef THREADS_DISABLED
+					z =
+#endif
+					lz_enter_zone_dname(zones, name,
+						z->namelen, z->namelabs,
+						z->type, rr_class))) {
+					free(rr_name);
+					return 0;
+				}
+				lock_rw_unlock(&z->lock);
+				free(rr_name);
+				continue;
+			}
 			if(!have_name) {
 				dclass = rr_class;
 				nm = rr_name;
@@ -1220,38 +1287,6 @@ local_zones_find_le(struct local_zones* zones,
 	return (struct local_zone*)node;
 }
 
-/** print all RRsets in local zone */
-static void 
-local_zone_out(struct local_zone* z)
-{
-	struct local_data* d;
-	struct local_rrset* p;
-	RBTREE_FOR(d, struct local_data*, &z->data) {
-		for(p = d->rrsets; p; p = p->next) {
-			log_nametypeclass(NO_VERBOSE, "rrset", d->name,
-				ntohs(p->rrset->rk.type),
-				ntohs(p->rrset->rk.rrset_class));
-		}
-	}
-}
-
-void local_zones_print(struct local_zones* zones)
-{
-	struct local_zone* z;
-	lock_rw_rdlock(&zones->lock);
-	log_info("number of auth zones %u", (unsigned)zones->ztree.count);
-	RBTREE_FOR(z, struct local_zone*, &zones->ztree) {
-		char buf[64];
-		lock_rw_rdlock(&z->lock);
-		snprintf(buf, sizeof(buf), "%s zone",
-			local_zone_type2str(z->type));
-		log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass);
-		local_zone_out(z);
-		lock_rw_unlock(&z->lock);
-	}
-	lock_rw_unlock(&zones->lock);
-}
-
 /** encode answer consisting of 1 rrset */
 static int
 local_encode(struct query_info* qinfo, struct module_env* env,
diff --git a/testdata/localdata.rpl b/testdata/localdata.rpl
index 047fbeeba..e54de2b61 100644
--- a/testdata/localdata.rpl
+++ b/testdata/localdata.rpl
@@ -45,9 +45,32 @@ server:
 	local-data: "b.c.implicit. A 20.30.45.50"
 	local-data: "c.c.implicit. A 20.30.44.50"
 
+        ; create implicit data in the ANY domain
+        ; this should inherit the local_zone_type of the already configured
+        ; zone 'refuse.top.' and not be transparent
+        local-data: "refuse.top. ANY TXT implicit_non_transparent"
+
+stub-zone:
+        name: "refuse.top"
+        stub-addr: 1.2.3.4
+
 CONFIG_END
 SCENARIO_BEGIN Test local data queries
 
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+; This entry should never be queried
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.refuse.top. IN A
+SECTION ANSWER
+www.refuse.top. IN A 5.5.5.5
+ENTRY_END
+RANGE_END
+
 ; id.server.
 STEP 1 QUERY
 ENTRY_BEGIN
@@ -390,4 +413,35 @@ SECTION ANSWER
 foo.null.top. IN AAAA ::0
 ENTRY_END
 
+; refuse zone for implicit local-data with CLASS != IN
+STEP 64 QUERY
+ENTRY_BEGIN
+SECTION QUESTION
+refuse.top. ANY TXT
+ENTRY_END
+STEP 65 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA NOERROR
+SECTION QUESTION
+refuse.top. ANY TXT
+SECTION ANSWER
+refuse.top. ANY TXT implicit_non_transparent
+ENTRY_END
+
+; refuse zone for implicit local-data with CLASS != IN
+STEP 66 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.refuse.top. ANY A
+ENTRY_END
+STEP 67 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA RD AA REFUSED
+SECTION QUESTION
+www.refuse.top. ANY A
+ENTRY_END
+
 SCENARIO_END