From: Wouter Wijngaards Date: Tue, 9 Oct 2007 15:33:40 +0000 (+0000) Subject: no more AD bits, except when DO is set. X-Git-Tag: release-0.6~72 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d4424931f4d0459ee5a52871a851ba34d16b5dfe;p=thirdparty%2Funbound.git no more AD bits, except when DO is set. git-svn-id: file:///svn/unbound/trunk@672 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/daemon/worker.c b/daemon/worker.c index 4ce2624bb..7ed290d49 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -723,6 +723,8 @@ worker_handle_request(struct comm_point* c, void* arg, int error, LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), LDNS_RCODE_SERVFAIL); ldns_buffer_set_position(c->buffer, LDNS_HEADER_SIZE); + ldns_buffer_write_at(c->buffer, 4, + (uint8_t*)"\0\0\0\0\0\0\0\0", 8); ldns_buffer_flip(c->buffer); return 1; } diff --git a/doc/Changelog b/doc/Changelog index 9bd8ddf38..35c1d596b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -5,6 +5,8 @@ - callback checks for event callbacks done from mini_event. Because of deletions cannot do this from netevent. This means when using libevent the protection does not work on event-callbacks. + - fixup too small reply (did not zero counts). + - fixup reply no longer AD bit when query without DO bit. 5 October 2007: Wouter - function pointer whitelist. diff --git a/testcode/fake_event.c b/testcode/fake_event.c index 7ff389998..ba53bc74d 100644 --- a/testcode/fake_event.c +++ b/testcode/fake_event.c @@ -359,6 +359,7 @@ fake_front_query(struct replay_runtime* runtime, struct replay_moment *todo) else repinfo.c->type = comm_udp; fill_buffer_with_reply(repinfo.c->buffer, todo->match, NULL); log_info("testbound: incoming QUERY"); + log_pkt("query pkt", todo->match->reply_list->reply); /* call the callback for incoming queries */ if((*runtime->callback_query)(repinfo.c, runtime->cb_arg, NETEVENT_NOERROR, &repinfo)) { diff --git a/testcode/ldns-testpkts.c b/testcode/ldns-testpkts.c index 4c13692b7..c4e6b6c06 100644 --- a/testcode/ldns-testpkts.c +++ b/testcode/ldns-testpkts.c @@ -185,6 +185,7 @@ static void replyline(const char* line, ldns_pkt *reply) } else if(str_keyword(&parse, "AD")) { ldns_pkt_set_ad(reply, true); } else if(str_keyword(&parse, "DO")) { + ldns_pkt_set_edns_udp_size(reply, 4096); ldns_pkt_set_edns_do(reply, true); } else { error("could not parse REPLY: '%s'", parse); diff --git a/testdata/iter_emptydp.rpl b/testdata/iter_emptydp.rpl index 40c9e9c09..fa0444437 100644 --- a/testdata/iter_emptydp.rpl +++ b/testdata/iter_emptydp.rpl @@ -148,7 +148,7 @@ RANGE_END STEP 1 QUERY ENTRY_BEGIN -REPLY RD +REPLY RD DO SECTION QUESTION www.example.com. IN A ENTRY_END @@ -162,10 +162,13 @@ SECTION QUESTION www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} SECTION AUTHORITY example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} ENTRY_END ; make sure glue fetch is done. diff --git a/testdata/iter_primenoglue.rpl b/testdata/iter_primenoglue.rpl index 74227f2e8..c5ebfa1f4 100644 --- a/testdata/iter_primenoglue.rpl +++ b/testdata/iter_primenoglue.rpl @@ -197,7 +197,7 @@ RANGE_END STEP 1 QUERY ENTRY_BEGIN -REPLY RD +REPLY RD DO SECTION QUESTION www.example.com. IN A ENTRY_END @@ -211,10 +211,13 @@ SECTION QUESTION www.example.com. IN A SECTION ANSWER www.example.com. IN A 10.20.30.40 +www.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC99iE9K5y2WNgI0gFvBWaTi9wm6AhUAoUqOpDtG5Zct+Qr9F3mSdnbc6V4= ;{id = 2854} SECTION AUTHORITY example.com. IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCN+qHdJxoI/2tNKwsb08pra/G7aAIUAWA5sDdJTbrXA1/3OaesGBAO3sI= ;{id = 2854} SECTION ADDITIONAL ns.example.com. IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFQCQMyTjn7WWwpwAR1LlVeLpRgZGuQIUCcJDEkwAuzytTDRlYK7nIMwH1CM= ;{id = 2854} ENTRY_END ; make sure glue fetch is done. diff --git a/testdata/val_anchor_nx.rpl b/testdata/val_anchor_nx.rpl index b4bec845d..43c614f90 100644 --- a/testdata/val_anchor_nx.rpl +++ b/testdata/val_anchor_nx.rpl @@ -165,7 +165,7 @@ RANGE_END STEP 1 QUERY ENTRY_BEGIN -REPLY RD +REPLY RD DO SECTION QUESTION www.sub.example.com. IN A ENTRY_END @@ -180,6 +180,11 @@ www.sub.example.com. IN A SECTION ANSWER SECTION AUTHORITY example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} SECTION ADDITIONAL ENTRY_END diff --git a/testdata/val_anchor_nx_nosig.rpl b/testdata/val_anchor_nx_nosig.rpl index 668e47c68..94320b501 100644 --- a/testdata/val_anchor_nx_nosig.rpl +++ b/testdata/val_anchor_nx_nosig.rpl @@ -164,7 +164,7 @@ RANGE_END STEP 1 QUERY ENTRY_BEGIN -REPLY RD +REPLY RD DO SECTION QUESTION www.sub.example.com. IN A ENTRY_END @@ -179,6 +179,11 @@ www.sub.example.com. IN A SECTION ANSWER SECTION AUTHORITY example.com. SOA ns.example.com. h.example.com. 2007090504 1800 1800 2419200 7200 +example.com. 3600 IN RRSIG SOA 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFC5uwIHSehZtetK2CMNXttSFUB0XAhROFDAgy/FaxR8zFXJzyPdpQG93Sw== ;{id = 2854} +blub.example.com. NSEC znub.example.com. A MX RRSIG NSEC +blub.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFCic/WwyMtdDE/84g8l0S0M8AOtnAhR88hQEp5cD5XQ3EmQ79RUuNTCgdg== ;{id = 2854} +example.com. NSEC blub.example.com. SOA NS MX DNSKEY RRSIG NSEC +example.com. 3600 IN RRSIG NSEC 3 2 3600 20070926134150 20070829134150 2854 example.com. MC0CFFYX7iNIlT79gNFFlvnn44Ittm6HAhUAg7u0hZ4to87qyfkonZu2jVLW3xw= ;{id = 2854} SECTION ADDITIONAL ENTRY_END diff --git a/testdata/val_ans_dsent.rpl b/testdata/val_ans_dsent.rpl index 41ba05bbb..b9e83d849 100644 --- a/testdata/val_ans_dsent.rpl +++ b/testdata/val_ans_dsent.rpl @@ -183,7 +183,7 @@ RANGE_END STEP 1 QUERY ENTRY_BEGIN -REPLY RD +REPLY RD DO SECTION QUESTION 328.0.0.194.example.com. IN A ENTRY_END @@ -197,6 +197,7 @@ SECTION QUESTION 328.0.0.194.example.com. IN A SECTION ANSWER 328.0.0.194.example.com. 3600 IN A 11.11.11.11 +328.0.0.194.example.com. 3600 IN RRSIG A 5 6 3600 20070926135752 20070829135752 30899 0.0.194.example.com. chZW77mqywhw/4ch6BxXQ4EbFgb9zgh2xF75FLlKq/7ey6CfHSJRpJRjRqtMTn+1i18UL2B4nPS/WnK5DZeqlA== ;{id = 30899} SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END diff --git a/util/data/msgencode.c b/util/data/msgencode.c index 36fa285f6..4d199ef05 100644 --- a/util/data/msgencode.c +++ b/util/data/msgencode.c @@ -721,7 +721,7 @@ reply_info_answer_encode(struct query_info* qinf, struct reply_info* rep, /* remove AA bit, copy RD and CD bits from query. */ flags = (rep->flags & ~BIT_AA) | (qflags & (BIT_RD|BIT_CD)); } - if(secure) + if(secure && dnssec) flags |= BIT_AD; log_assert(flags & BIT_QR); /* QR bit must be on in our replies */ if(udpsize < LDNS_HEADER_SIZE)