- fixup packet-of-death when compiled with --enable-debug.
A malformed packet could cause an internal assertion failure.
- added test for HINFO canonicalisation behaviour.
+ - fixup reported problem with transparent local-zone data where
+ queries with different type could get nxdomain. Now queries
+ with a different name get resolved normally, with different type
+ get a correct NOERROR/NODATA answer.
5 January 2009: Wouter
- fixup getaddrinfo failure handling for remote control port.
o configure option to force use of builtin ldns tarball.
o include /etc/pki/dnssec-keys/production/*.conf with wildcard support.
o make so revoke bit keys cannot verify signatures
+o option to print UTC timestamps instead of epoch in seconds.
+o print querier IP address on high loglevels.
# o deny serves local data (if any), else, drops queries.
# o refuse serves local data (if any), else, replies with error.
# o static serves local data, else, nxdomain or nodata answer.
- # o transparent serves local data, else, resolves normally .
+ # o transparent gives local data, but resolves normally for other names
# o redirect serves the zone data for any subdomain in the zone.
# o nodefault can be used to normally resolve AS112 zones.
#
.TP 10
\h'5'\fItransparent\fR
If there is a match from local data, the query is answered.
-Otherwise, the query is resolved normally.
+Otherwise if the query has a different name, the query is resolved normally.
+If the query is for a name given in localdata but no such type of data is
+given in localdata, then a noerror nodata answer is returned.
If no local\-zone is given local\-data causes a transparent zone
to be created by default.
.TP 10
return 1;
}
/* else z->type == local_zone_transparent */
+
+ /* if the zone is transparent and the name exists, but the type
+ * does not, then we should make this noerror/nodata */
+ if(ld && ld->rrsets) {
+ int rcode = LDNS_RCODE_NOERROR;
+ if(z->soa)
+ return local_encode(qinfo, edns, buf, temp,
+ z->soa, 0, rcode);
+ error_encode(buf, (rcode|BIT_AA), qinfo,
+ *(uint16_t*)ldns_buffer_begin(buf),
+ ldns_buffer_read_u16_at(buf, 2), edns);
+ return 1;
+ }
+
/* stop here, and resolve further on */
return 0;
}
--- /dev/null
+; config options
+; The island of trust is at example.com
+server:
+ local-zone: "example.com." transparent
+ local-data: "mail.example.com. IN A 10.20.30.40"
+
+stub-zone:
+ name: "."
+ stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test local data with transparent zone queried for types
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+ ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET. IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+mail.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+. IN SOA invalid. invalid. 1 2 3 4 5
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+mail.example.com. IN A
+ENTRY_END
+; get straight answer from localdata
+
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR AA RD RA NOERROR
+SECTION QUESTION
+mail.example.com. IN A
+SECTION ANSWER
+mail.example.com. IN A 10.20.30.40
+SECTION AUTHORITY
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+mail.example.com. IN AAAA
+ENTRY_END
+; must be NOERROR/NODATA because of A record, not NXDOMAIN from internet.
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR AA RD RA NOERROR
+SECTION QUESTION
+mail.example.com. IN AAAA
+SECTION ANSWER
+SECTION AUTHORITY
+ENTRY_END
+
+SCENARIO_END
projects / thirdparty / unbound.git / commitdiff
