- Fix that looped DNAMEs do not cause unbound to spend effort.

git-svn-id: file:///svn/unbound/trunk@4055 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 184300fbb6fb27924b6eb44aebddaeadfad5cecd..54ac22d34468dc83bb1c0696f07e17f2d91faf83 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
        - Add trustanchor.unbound CH TXT that gets a response with a number
          of TXT RRs with a string like "example.com. 2345 1234" with
          the trust anchors and their keytags.
+       - Fix that looped DNAMEs do not cause unbound to spend effort.
 
 13 March 2017: Wouter
        - testbound understands Deckard MATCH rcode question answer commands.

diff --git a/iterator/iterator.c b/iterator/iterator.c
index ce03fbd542a02dc3b8b82d427fc2525d5f3325ee..a8447775af1a91a83eceaed2cf45cb9956e227fc 100644 (file)
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -2263,6 +2263,17 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq,
                /* YXDOMAIN is a permanent error, no need to retry */
                type = RESPONSE_TYPE_ANSWER;
        }
+       if(type == RESPONSE_TYPE_CNAME && iq->response->rep->an_numrrsets >= 1
+               && ntohs(iq->response->rep->rrsets[0]->rk.type) == LDNS_RR_TYPE_DNAME) {
+               uint8_t* sname = NULL;
+               size_t snamelen = 0;
+               get_cname_target(iq->response->rep->rrsets[0], &sname,
+                       &snamelen);
+               if(snamelen && dname_subdomain_c(sname, iq->response->rep->rrsets[0]->rk.dname)) {
+                       /* DNAME to a subdomain loop; do not recurse */
+                       type = RESPONSE_TYPE_ANSWER;
+               }
+       }
 
        /* handle each of the type cases */
        if(type == RESPONSE_TYPE_ANSWER) {

diff --git a/testdata/iter_dname_insec.rpl b/testdata/iter_dname_insec.rpl
index ba2d18dd542d77ec9b95a7302f3f7a855f90fed5..8f4a29c79e19f24f3148d2799ff276e8ad70934e 100644 (file)
--- a/testdata/iter_dname_insec.rpl
+++ b/testdata/iter_dname_insec.rpl
@@ -691,9 +691,12 @@ STEP 220902 CHECK_ANSWER
 ENTRY_BEGIN
 MATCH all
 REPLY QR RD RA DO
-REPLY SERVFAIL
+REPLY NOERROR
 SECTION QUESTION
 cyc.example.com. IN A
+SECTION ANSWER
+example.com.   0       IN      DNAME   example.com.
+cyc.example.com.       0       IN      CNAME   cyc.example.com.
 ENTRY_END
 
 ; ns1.example.com.