]>
Commit | Line | Data |
---|---|---|
d54a2ce4 MT |
1 | From 78c6184752dce27849e36cce4360abc27b8d76d2 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Kelley <simon@thekelleys.org.uk> | |
3 | Date: Thu, 16 Apr 2015 15:05:30 +0100 | |
888c41de | 4 | Subject: [PATCH 75/98] Auth: correct replies to NS and SOA in .arpa zones. |
d54a2ce4 MT |
5 | |
6 | --- | |
7 | CHANGELOG | 8 ++++++++ | |
8 | src/auth.c | 51 ++++++++++++++++++++++++++++++--------------------- | |
9 | 2 files changed, 38 insertions(+), 21 deletions(-) | |
10 | ||
11 | diff --git a/CHANGELOG b/CHANGELOG | |
12 | index f2142c71cbdc..0619788e9cef 100644 | |
13 | --- a/CHANGELOG | |
14 | +++ b/CHANGELOG | |
15 | @@ -94,6 +94,14 @@ version 2.73 | |
16 | in the auth-zone declaration. Thanks to Johnny S. Lee | |
17 | for the bugreport and initial patch. | |
18 | ||
19 | + Fix authoritative DNS code to correctly reply to NS | |
20 | + and SOA queries for .arpa zones for which we are | |
21 | + declared authoritative by means of a subnet in auth-zone. | |
22 | + Previously we provided correct answers to PTR queries | |
23 | + in such zones (including NS and SOA) but not direct | |
24 | + NS and SOA queries. Thanks to Johnny S. Lee for | |
25 | + pointing out the problem. | |
26 | + | |
27 | ||
28 | version 2.72 | |
29 | Add ra-advrouter mode, for RFC-3775 mobile IPv6 support. | |
30 | diff --git a/src/auth.c b/src/auth.c | |
31 | index 4a5c39fc5c07..2b0b7d6b052d 100644 | |
32 | --- a/src/auth.c | |
33 | +++ b/src/auth.c | |
34 | @@ -131,24 +131,27 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n | |
35 | continue; | |
36 | } | |
37 | ||
38 | - if (qtype == T_PTR) | |
39 | + if ((qtype == T_PTR || qtype == T_SOA || qtype == T_NS) && | |
40 | + (flag = in_arpa_name_2_addr(name, &addr)) && | |
41 | + !local_query) | |
42 | { | |
43 | - if (!(flag = in_arpa_name_2_addr(name, &addr))) | |
44 | - continue; | |
45 | - | |
46 | - if (!local_query) | |
47 | + for (zone = daemon->auth_zones; zone; zone = zone->next) | |
48 | + if ((subnet = find_subnet(zone, flag, &addr))) | |
49 | + break; | |
50 | + | |
51 | + if (!zone) | |
52 | { | |
53 | - for (zone = daemon->auth_zones; zone; zone = zone->next) | |
54 | - if ((subnet = find_subnet(zone, flag, &addr))) | |
55 | - break; | |
56 | - | |
57 | - if (!zone) | |
58 | - { | |
59 | - auth = 0; | |
60 | - continue; | |
61 | - } | |
62 | + auth = 0; | |
63 | + continue; | |
64 | } | |
65 | + else if (qtype == T_SOA) | |
66 | + soa = 1, found = 1; | |
67 | + else if (qtype == T_NS) | |
68 | + ns = 1, found = 1; | |
69 | + } | |
70 | ||
71 | + if (qtype == T_PTR && flag) | |
72 | + { | |
73 | intr = NULL; | |
74 | ||
75 | if (flag == F_IPV4) | |
76 | @@ -243,14 +246,20 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n | |
77 | } | |
78 | ||
79 | cname_restart: | |
80 | - for (zone = daemon->auth_zones; zone; zone = zone->next) | |
81 | - if (in_zone(zone, name, &cut)) | |
82 | - break; | |
83 | - | |
84 | - if (!zone) | |
85 | + if (found) | |
86 | + /* NS and SOA .arpa requests have set found above. */ | |
87 | + cut = NULL; | |
88 | + else | |
89 | { | |
90 | - auth = 0; | |
91 | - continue; | |
92 | + for (zone = daemon->auth_zones; zone; zone = zone->next) | |
93 | + if (in_zone(zone, name, &cut)) | |
94 | + break; | |
95 | + | |
96 | + if (!zone) | |
97 | + { | |
98 | + auth = 0; | |
99 | + continue; | |
100 | + } | |
101 | } | |
102 | ||
103 | for (rec = daemon->mxnames; rec; rec = rec->next) | |
104 | -- | |
105 | 2.1.0 | |
106 |