From: Kees Monshouwer Date: Tue, 23 Sep 2014 22:34:09 +0000 (+0200) Subject: DNAME don't sign the synthesised CNAME X-Git-Tag: auth-3.4.0~19^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F1726%2Fhead;p=thirdparty%2Fpdns.git DNAME don't sign the synthesised CNAME --- diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 5f7046d71f..f63617bf11 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -260,6 +260,7 @@ vector PacketHandler::getBestDNAMESynth(DNSPacket *p, SOAData rr.qtype = QType::CNAME; rr.qname = prefix + rr.qname; rr.content = prefix + rr.content; + rr.auth = 0; // don't sign CNAME target= rr.content; ret.push_back(rr); } diff --git a/regression-tests/tests/dname/command b/regression-tests/tests/dname/command index 1dc9147719..44791ca9fa 100755 --- a/regression-tests/tests/dname/command +++ b/regression-tests/tests/dname/command @@ -1,2 +1,2 @@ #!/bin/sh -cleandig www.d.test.com A +cleandig www.d.test.com A dnssec diff --git a/regression-tests/tests/dname/expected_result b/regression-tests/tests/dname/expected_result index 3490552730..3ad4b3d26b 100644 --- a/regression-tests/tests/dname/expected_result +++ b/regression-tests/tests/dname/expected_result @@ -13,6 +13,7 @@ 1 . IN NS 518400 k.root-servers.net. 1 . IN NS 518400 l.root-servers.net. 1 . IN NS 518400 m.root-servers.net. +2 . IN OPT 32768 2 a.root-servers.net. IN A 3600000 198.41.0.4 2 b.root-servers.net. IN A 3600000 192.228.79.201 2 c.root-servers.net. IN A 3600000 192.33.4.12 @@ -25,5 +26,6 @@ 2 j.root-servers.net. IN A 3600000 192.58.128.30 2 k.root-servers.net. IN A 3600000 193.0.14.129 2 l.root-servers.net. IN A 3600000 199.7.83.42 +2 m.root-servers.net. IN A 3600000 202.12.27.33 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='www.d.test.com.', qtype=A diff --git a/regression-tests/tests/dname/expected_result.dnssec b/regression-tests/tests/dname/expected_result.dnssec new file mode 100644 index 0000000000..dd5afec0d7 --- /dev/null +++ b/regression-tests/tests/dname/expected_result.dnssec @@ -0,0 +1,32 @@ +0 d.test.com. IN DNAME 3600 d2.test2.com. +0 d.test.com. IN RRSIG 3600 DNAME 8 3 3600 [expiry] [inception] [keytag] test.com. ... +0 www.d.test.com. IN CNAME 3600 www.d2.test2.com. +1 . IN NS 518400 a.root-servers.net. +1 . IN NS 518400 b.root-servers.net. +1 . IN NS 518400 c.root-servers.net. +1 . IN NS 518400 d.root-servers.net. +1 . IN NS 518400 e.root-servers.net. +1 . IN NS 518400 f.root-servers.net. +1 . IN NS 518400 g.root-servers.net. +1 . IN NS 518400 h.root-servers.net. +1 . IN NS 518400 i.root-servers.net. +1 . IN NS 518400 j.root-servers.net. +1 . IN NS 518400 k.root-servers.net. +1 . IN NS 518400 l.root-servers.net. +1 . IN NS 518400 m.root-servers.net. +2 . IN OPT 32768 +2 a.root-servers.net. IN A 3600000 198.41.0.4 +2 b.root-servers.net. IN A 3600000 192.228.79.201 +2 c.root-servers.net. IN A 3600000 192.33.4.12 +2 d.root-servers.net. IN A 3600000 199.7.91.13 +2 e.root-servers.net. IN A 3600000 192.203.230.10 +2 f.root-servers.net. IN A 3600000 192.5.5.241 +2 g.root-servers.net. IN A 3600000 192.112.36.4 +2 h.root-servers.net. IN A 3600000 128.63.2.53 +2 i.root-servers.net. IN A 3600000 192.36.148.17 +2 j.root-servers.net. IN A 3600000 192.58.128.30 +2 k.root-servers.net. IN A 3600000 193.0.14.129 +2 l.root-servers.net. IN A 3600000 199.7.83.42 +2 m.root-servers.net. IN A 3600000 202.12.27.33 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='www.d.test.com.', qtype=A diff --git a/regression-tests/tests/dname/skip.nodnssec b/regression-tests/tests/dname/skip.nodnssec deleted file mode 100644 index e69de29bb2..0000000000