From 4c024de2b2606f4a795b40521df6920e7c9e676e Mon Sep 17 00:00:00 2001 From: Pieter Lexis Date: Mon, 30 Oct 2017 18:37:49 +0100 Subject: [PATCH] pdnsutil: Support DNAME in occlusion check Rename eclipsed to occluded. --- pdns/pdnsutil.cc | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/pdns/pdnsutil.cc b/pdns/pdnsutil.cc index ebbc5fae59..0f64bba793 100644 --- a/pdns/pdnsutil.cc +++ b/pdns/pdnsutil.cc @@ -266,8 +266,8 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, const vect bool hasNsAtApex = false; - set tlsas, cnames, noncnames, glue, checkglue, nsrecords; - set > recs; + set tlsas, cnames, noncnames, glue, checkglue; + set > recs, checkOcclusion; set recordcontents; map ttl; @@ -391,12 +391,14 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, const vect if (DNSName(rr.content).isPartOf(rr.qname)) { checkglue.insert(DNSName(toLower(rr.content))); } - nsrecords.insert(rr.qname); + checkOcclusion.insert({rr.qname, rr.qtype}); } else if (rr.qtype.getCode() == QType::A || rr.qtype.getCode() == QType::AAAA) { glue.insert(rr.qname); + } else if (rr.qtype == QType::DNAME) { + checkOcclusion.insert({rr.qname, rr.qtype}); } - if (rr.qtype != QType::NS && rr.qtype != QType::DS) { + if (rr.qtype != QType::NS && rr.qtype != QType::DS && rr.qtype != QType::DNAME) { recs.insert({rr.qname, rr.qtype}); } } @@ -516,10 +518,17 @@ int checkZone(DNSSECKeeper &dk, UeberBackend &B, const DNSName& zone, const vect } } - for(const auto &nsrecord : nsrecords) { + for(const auto &qname : checkOcclusion) { for (const auto &q : recs) { - if (q.first.isPartOf(nsrecord)) { - cout<<"[Warning] '"<