if(rep->an_numrrsets > 0 && (rep->rrsets[0]->rk.type ==
htons(LDNS_RR_TYPE_CNAME) || rep->rrsets[0]->rk.type ==
htons(LDNS_RR_TYPE_DNAME))) {
- if(!reply_check_cname_chain(rep)) {
+ if(!reply_check_cname_chain(qinfo, rep)) {
/* cname chain invalid, redo iterator steps */
verbose(VERB_ALGO, "Cache reply: cname chain broken");
bail_out:
+26 June 2015: Wouter
+ - Fix #677 Fix DNAME responses from cache that failed internal chain
+ test.
+
22 June 2015: Wouter
- Fix #677 Fix CNAME corresponding to a DNAME was checked incorrectly
and was therefore always synthesized (thanks to Valentin Dietrich).
return NULL;
if(r->an_numrrsets > 0 && (r->rrsets[0]->rk.type == htons(
LDNS_RR_TYPE_CNAME) || r->rrsets[0]->rk.type == htons(
- LDNS_RR_TYPE_DNAME)) && !reply_check_cname_chain(r)) {
+ LDNS_RR_TYPE_DNAME)) && !reply_check_cname_chain(q, r)) {
/* cname chain is now invalid, reconstruct msg */
rrset_array_unlock(r->ref, r->rrset_count);
return NULL;
SECTION ADDITIONAL
ENTRY_END
+; Check cache response for DNAME
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD DO
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA AD DO NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+example.com. 3600 IN DNAME example.net.
+example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854}
+www.example.com. 0 IN CNAME www.example.net.
+www.example.net. 3600 IN A 11.12.13.14
+www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899}
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
SCENARIO_END
}
int
-reply_check_cname_chain(struct reply_info* rep)
+reply_check_cname_chain(struct query_info* qinfo, struct reply_info* rep)
{
/* check only answer section rrs for matching cname chain.
* the cache may return changed rdata, but owner names are untouched.*/
size_t i;
- uint8_t* sname = rep->rrsets[0]->rk.dname;
- size_t snamelen = rep->rrsets[0]->rk.dname_len;
+ uint8_t* sname = qinfo->qname;
+ size_t snamelen = qinfo->qname_len;
for(i=0; i<rep->an_numrrsets; i++) {
uint16_t t = ntohs(rep->rrsets[i]->rk.type);
if(t == LDNS_RR_TYPE_DNAME)
/**
* Check if cname chain in cached reply is still valid.
+ * @param qinfo: query info with query name.
* @param rep: reply to check.
* @return: true if valid, false if invalid.
*/
-int reply_check_cname_chain(struct reply_info* rep);
+int reply_check_cname_chain(struct query_info* qinfo, struct reply_info* rep);
/**
* Check security status of all RRs in the message.
projects / thirdparty / unbound.git / commitdiff
