- Return NXDOMAIN after chain of CNAMEs ends at name-not-found.

author Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 5 Aug 2010 14:31:52 +0000 (14:31 +0000)

committer Wouter Wijngaards <wouter@nlnetlabs.nl>

Thu, 5 Aug 2010 14:31:52 +0000 (14:31 +0000)
author Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 5 Aug 2010 14:31:52 +0000 (14:31 +0000)
committer Wouter Wijngaards <wouter@nlnetlabs.nl>
Thu, 5 Aug 2010 14:31:52 +0000 (14:31 +0000)
diff --git a/doc/Changelog b/doc/Changelog

index f524e1b486c3d735f5fe7c13421268016b25f085..8f087a5fd56cae1d2ae78bbd322db26af48fc9bc 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+5 August 2010: Wouter
+       - Return NXDOMAIN after chain of CNAMEs ends at name-not-found.
+
  4 August 2010: Wouter
         - Fix validation in case a trust anchor enters into a zone with
           unsupported algorithms.
diff --git a/iterator/iterator.c b/iterator/iterator.c

index f716be15a8b276108b82ca5ebc2548a5b5aac655..bd1fea1d7d78e959b0295902ef12067811af9f7e 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -323,11 +323,8 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg,
                 (msg->rep->ns_numrrsets + msg->rep->ar_numrrsets) *
                 sizeof(struct ub_packed_rrset_key*));
  
-       /* if the rcode was NXDOMAIN, and we prepended DNAME/CNAMEs, then
-        * it should now be NOERROR. */
-       if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) {
-               FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NOERROR);
-       }
+       /* NXDOMAIN rcode can stay if we prepended DNAME/CNAMEs, because
+        * this is what recursors should give. */
         msg->rep->rrset_count += num_an + num_ns;
         msg->rep->an_numrrsets += num_an;
         msg->rep->ns_numrrsets += num_ns;
diff --git a/testdata/iter_cname_nx.rpl b/testdata/iter_cname_nx.rpl

index 6a228606f699b234c031c943f241eb3a487f0db4..cb80aa5fc7a62df10698ad7574f050f38f00f335 100644 (file)
--- a/testdata/iter_cname_nx.rpl
+++ b/testdata/iter_cname_nx.rpl
@@ -145,7 +145,7 @@ ENTRY_END
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
-REPLY QR RD RA NOERROR
+REPLY QR RD RA NXDOMAIN
  SECTION QUESTION
  www.example.com. IN A
  SECTION ANSWER
diff --git a/testdata/ttl_msg.rpl b/testdata/ttl_msg.rpl

index 11c37123cfcbb4fccbd6d62c5e6d704595d99ce2..627f0614244de6163a6b7a8f2ac547b0afc1140a 100644 (file)
--- a/testdata/ttl_msg.rpl
+++ b/testdata/ttl_msg.rpl
@@ -420,7 +420,7 @@ ENTRY_END
  STEP 41 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all ttl
-REPLY QR RD RA NOERROR
+REPLY QR RD RA NXDOMAIN
  SECTION QUESTION
  www.foo.com. IN A
  SECTION ANSWER
diff --git a/testdata/val_cnamenx_dblnsec.rpl b/testdata/val_cnamenx_dblnsec.rpl

index f9e01b6602cf7c61d1dcd4c4be04fcd9d69fd083..0064ab58047d614a0c6674d9c36d03b66b96b15e 100644 (file)
--- a/testdata/val_cnamenx_dblnsec.rpl
+++ b/testdata/val_cnamenx_dblnsec.rpl
@@ -157,7 +157,7 @@ ENTRY_END
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
-REPLY QR RD RA AD NOERROR
+REPLY QR RD RA AD NXDOMAIN
  SECTION QUESTION
  cname.example.com. IN A
  SECTION ANSWER
diff --git a/testdata/val_cnamenx_rcodenx.rpl b/testdata/val_cnamenx_rcodenx.rpl

index f9f02b629a86345c46520815b0d0f6cdeec90363..6676b340f811e5d96f283aa3673dfadac0efb4c0 100644 (file)
--- a/testdata/val_cnamenx_rcodenx.rpl
+++ b/testdata/val_cnamenx_rcodenx.rpl
@@ -217,7 +217,7 @@ ENTRY_END
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
-REPLY QR RD RA AD NOERROR
+REPLY QR RD RA AD NXDOMAIN
  SECTION QUESTION
  www.example.com. IN A
  SECTION ANSWER
diff --git a/testdata/val_cnametonx.rpl b/testdata/val_cnametonx.rpl

index 2bcb62d0775bab86eb95d4732c1e4abdd64fa38d..6b041bbc71bd6dd2a28d69992256b684952cee83 100644 (file)
--- a/testdata/val_cnametonx.rpl
+++ b/testdata/val_cnametonx.rpl
@@ -217,7 +217,7 @@ ENTRY_END
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
-REPLY QR RD RA AD NOERROR
+REPLY QR RD RA AD NXDOMAIN
  SECTION QUESTION
  www.example.com. IN A
  SECTION ANSWER
diff --git a/testdata/val_cnamewctonx.rpl b/testdata/val_cnamewctonx.rpl

index c409a85316d127231196431d86dd549f4cbd5f2d..5675c42a5758a2a6b3fd245172b7251b59a9594e 100644 (file)
--- a/testdata/val_cnamewctonx.rpl
+++ b/testdata/val_cnamewctonx.rpl
@@ -219,7 +219,7 @@ ENTRY_END
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
-REPLY QR RD RA AD NOERROR
+REPLY QR RD RA AD NXDOMAIN
  SECTION QUESTION
  www.example.com. IN A
  SECTION ANSWER
diff --git a/testdata/val_nsec3_cname_sub.rpl b/testdata/val_nsec3_cname_sub.rpl

index 72fdb140ba4caa59c20402fb308d9ccd882760b8..8cc0ee7b15cd67638eb8d6609e8a5cd7021375d3 100644 (file)
--- a/testdata/val_nsec3_cname_sub.rpl
+++ b/testdata/val_nsec3_cname_sub.rpl
@@ -201,7 +201,7 @@ ENTRY_END
  STEP 10 CHECK_ANSWER
  ENTRY_BEGIN
  MATCH all
-REPLY QR RD RA AD NOERROR
+REPLY QR RD RA AD NXDOMAIN
  SECTION QUESTION
  www.example.com. IN A
  SECTION ANSWER
diff --git a/validator/val_utils.c b/validator/val_utils.c

index c915e3dfd81e11004d837d6ab984b120e07b84c8..7539b815f2d1f3129f40f361469a309d030b682b 100644 (file)
--- a/validator/val_utils.c
+++ b/validator/val_utils.c
@@ -95,15 +95,14 @@ val_classify_response(uint16_t query_flags, struct query_info* origqinf,
                 return VAL_CLASS_REFERRAL;
  
         /* dump bad messages */
-       if(rcode != LDNS_RCODE_NOERROR)
+       if(rcode != LDNS_RCODE_NOERROR && rcode != LDNS_RCODE_NXDOMAIN)
                 return VAL_CLASS_UNKNOWN;
-       log_assert(rcode == LDNS_RCODE_NOERROR);
         /* next check if the skip into the answer section shows no answer */
         if(skip>0 && rep->an_numrrsets <= skip)
                 return VAL_CLASS_CNAMENOANSWER;
  
         /* Next is NODATA */
-       if(rep->an_numrrsets == 0)
+       if(rcode == LDNS_RCODE_NOERROR && rep->an_numrrsets == 0)
                 return VAL_CLASS_NODATA;
         
         /* We distinguish between CNAME response and other positive/negative
@@ -111,13 +110,14 @@ val_classify_response(uint16_t query_flags, struct query_info* origqinf,
  
         /* We distinguish between ANY and CNAME or POSITIVE because 
          * ANY responses are validated differently. */
-       if(qinf->qtype == LDNS_RR_TYPE_ANY)
+       if(rcode == LDNS_RCODE_NOERROR && qinf->qtype == LDNS_RR_TYPE_ANY)
                 return VAL_CLASS_ANY;
         
         /* Note that DNAMEs will be ignored here, unless qtype=DNAME. Unless
          * qtype=CNAME, this will yield a CNAME response. */
         for(i=skip; i<rep->an_numrrsets; i++) {
-               if(ntohs(rep->rrsets[i]->rk.type) == qinf->qtype)
+               if(rcode == LDNS_RCODE_NOERROR &&
+                       ntohs(rep->rrsets[i]->rk.type) == qinf->qtype)
                         return VAL_CLASS_POSITIVE;
                 if(ntohs(rep->rrsets[i]->rk.type) == LDNS_RR_TYPE_CNAME)
                         return VAL_CLASS_CNAME;
author	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 5 Aug 2010 14:31:52 +0000 (14:31 +0000)
committer	Wouter Wijngaards <wouter@nlnetlabs.nl>
	Thu, 5 Aug 2010 14:31:52 +0000 (14:31 +0000)
doc/Changelog		patch \| blob \| blame \| history
iterator/iterator.c		patch \| blob \| blame \| history
testdata/iter_cname_nx.rpl		patch \| blob \| blame \| history
testdata/ttl_msg.rpl		patch \| blob \| blame \| history
testdata/val_cnamenx_dblnsec.rpl		patch \| blob \| blame \| history
testdata/val_cnamenx_rcodenx.rpl		patch \| blob \| blame \| history
testdata/val_cnametonx.rpl		patch \| blob \| blame \| history
testdata/val_cnamewctonx.rpl		patch \| blob \| blame \| history
testdata/val_nsec3_cname_sub.rpl		patch \| blob \| blame \| history
validator/val_utils.c		patch \| blob \| blame \| history