3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833]

author Mark Andrews <marka@isc.org>

Fri, 22 Aug 2014 05:45:40 +0000 (15:45 +1000)

committer Mark Andrews <marka@isc.org>

Fri, 22 Aug 2014 05:47:09 +0000 (15:47 +1000)
author Mark Andrews <marka@isc.org>
Fri, 22 Aug 2014 05:45:40 +0000 (15:45 +1000)
committer Mark Andrews <marka@isc.org>
Fri, 22 Aug 2014 05:47:09 +0000 (15:47 +1000)
diff --git a/CHANGES b/CHANGES

index dd1fc43fe31dda53ecad7c62c5634e5aa29c44fb..28755cd24ef9ef7d5dd8bbb37b6e3dc0d4fd9941 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3921.  [bug]           AD was inappopriately set on RPZ responses. [RT #36833]
+
  3919.  [bug]           dig: continue to next line if a address lookup fails
                         in batch mode. [RT #36755]
                         
diff --git a/bin/named/query.c b/bin/named/query.c

index 5272ef9adb04549bf6e55fa091822c7e4c19cde4..85ca3a72a9fa806c6f8a1409f9643d77f932cb89 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -4868,7 +4868,7 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
          * response policy zone cannot verify.
          */
         client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-                               DNS_MESSAGEFLAG_AD);
+                               NS_CLIENTATTR_WANTAD);
         return (ISC_R_SUCCESS);
  }
  
@@ -5807,7 +5807,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                          * response policy zone cannot verify.
                          */
                         client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-                                               DNS_MESSAGEFLAG_AD);
+                                               NS_CLIENTATTR_WANTAD);
+                       client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                         query_putrdataset(client, &sigrdataset);
                         rpz_st->q.is_zone = is_zone;
                         is_zone = ISC_TRUE;
diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh

index 0443e5597c5cd1db4942efe9f769ae50e6015e11..3a1fe922b5f0c97f13f5e8ee9e7c4dfea6d68bf1 100644 (file)
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -181,6 +181,11 @@ clean_result () {
  # $1=dig args $2=other dig output file
  ckresult () {
      #ckalive "$1" "I:server crashed by 'dig $1'" || return 1
+    if grep "flags:.* aa .*ad;" $DIGNM; then
+       setret "I:'dig $1' AA and AD set;"
+    elif grep "flags:.* aa .*ad;" $DIGNM; then
+       setret "I:'dig $1' AD set;"
+    fi
      if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
         clean_result ${DIGNM}*
         return 0
author	Mark Andrews <marka@isc.org>
	Fri, 22 Aug 2014 05:45:40 +0000 (15:45 +1000)
committer	Mark Andrews <marka@isc.org>
	Fri, 22 Aug 2014 05:47:09 +0000 (15:47 +1000)
CHANGES		patch \| blob \| blame \| history
bin/named/query.c		patch \| blob \| blame \| history
bin/tests/system/rpz/tests.sh		patch \| blob \| blame \| history