From 4eb2bdf2b1d008cb0752d81024e0b8c601b77fc3 Mon Sep 17 00:00:00 2001 From: Wouter Wijngaards Date: Tue, 6 Jan 2009 13:51:12 +0000 Subject: [PATCH] fixup transparent zone answers. git-svn-id: file:///svn/unbound/trunk@1409 be551aaa-1e26-0410-a405-d3ace91eadb9 --- doc/Changelog | 4 ++ doc/TODO | 2 + doc/example.conf.in | 2 +- doc/unbound.conf.5.in | 4 +- services/localzone.c | 14 +++++ testdata/local_transparent_sametype.rpl | 78 +++++++++++++++++++++++++ 6 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 testdata/local_transparent_sametype.rpl diff --git a/doc/Changelog b/doc/Changelog index af1813e95..5ebf27f8b 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -2,6 +2,10 @@ - fixup packet-of-death when compiled with --enable-debug. A malformed packet could cause an internal assertion failure. - added test for HINFO canonicalisation behaviour. + - fixup reported problem with transparent local-zone data where + queries with different type could get nxdomain. Now queries + with a different name get resolved normally, with different type + get a correct NOERROR/NODATA answer. 5 January 2009: Wouter - fixup getaddrinfo failure handling for remote control port. diff --git a/doc/TODO b/doc/TODO index 53413582f..c2d9960d1 100644 --- a/doc/TODO +++ b/doc/TODO @@ -59,3 +59,5 @@ o local-zone directive with authority service, full authority server o configure option to force use of builtin ldns tarball. o include /etc/pki/dnssec-keys/production/*.conf with wildcard support. o make so revoke bit keys cannot verify signatures +o option to print UTC timestamps instead of epoch in seconds. +o print querier IP address on high loglevels. diff --git a/doc/example.conf.in b/doc/example.conf.in index 484280e56..d801bb620 100644 --- a/doc/example.conf.in +++ b/doc/example.conf.in @@ -351,7 +351,7 @@ server: # o deny serves local data (if any), else, drops queries. # o refuse serves local data (if any), else, replies with error. # o static serves local data, else, nxdomain or nodata answer. - # o transparent serves local data, else, resolves normally . + # o transparent gives local data, but resolves normally for other names # o redirect serves the zone data for any subdomain in the zone. # o nodefault can be used to normally resolve AS112 zones. # diff --git a/doc/unbound.conf.5.in b/doc/unbound.conf.5.in index a9a9b4860..66fdf9f04 100644 --- a/doc/unbound.conf.5.in +++ b/doc/unbound.conf.5.in @@ -577,7 +577,9 @@ as local\-data for the zone apex domain. .TP 10 \h'5'\fItransparent\fR If there is a match from local data, the query is answered. -Otherwise, the query is resolved normally. +Otherwise if the query has a different name, the query is resolved normally. +If the query is for a name given in localdata but no such type of data is +given in localdata, then a noerror nodata answer is returned. If no local\-zone is given local\-data causes a transparent zone to be created by default. .TP 10 diff --git a/services/localzone.c b/services/localzone.c index 354db66df..3934ec626 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1093,6 +1093,20 @@ lz_zone_answer(struct local_zone* z, struct query_info* qinfo, return 1; } /* else z->type == local_zone_transparent */ + + /* if the zone is transparent and the name exists, but the type + * does not, then we should make this noerror/nodata */ + if(ld && ld->rrsets) { + int rcode = LDNS_RCODE_NOERROR; + if(z->soa) + return local_encode(qinfo, edns, buf, temp, + z->soa, 0, rcode); + error_encode(buf, (rcode|BIT_AA), qinfo, + *(uint16_t*)ldns_buffer_begin(buf), + ldns_buffer_read_u16_at(buf, 2), edns); + return 1; + } + /* stop here, and resolve further on */ return 0; } diff --git a/testdata/local_transparent_sametype.rpl b/testdata/local_transparent_sametype.rpl new file mode 100644 index 000000000..6f0880b5d --- /dev/null +++ b/testdata/local_transparent_sametype.rpl @@ -0,0 +1,78 @@ +; config options +; The island of trust is at example.com +server: + local-zone: "example.com." transparent + local-data: "mail.example.com. IN A 10.20.30.40" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test local data with transparent zone queried for types + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NXDOMAIN +SECTION QUESTION +mail.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +. IN SOA invalid. invalid. 1 2 3 4 5 +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +mail.example.com. IN A +ENTRY_END +; get straight answer from localdata + +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +mail.example.com. IN A +SECTION ANSWER +mail.example.com. IN A 10.20.30.40 +SECTION AUTHORITY +ENTRY_END + +STEP 20 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +mail.example.com. IN AAAA +ENTRY_END +; must be NOERROR/NODATA because of A record, not NXDOMAIN from internet. + +STEP 30 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR AA RD RA NOERROR +SECTION QUESTION +mail.example.com. IN AAAA +SECTION ANSWER +SECTION AUTHORITY +ENTRY_END + +SCENARIO_END -- 2.47.3