The DNS64 state information stored in client->query.dns64_aaaaok
could cause an assertion failure in query_respond() if the server
was configured in such a way as to trigger a new recursion before
the query had been reset - for example, by using the filter-aaaa
plugin, which may need to recurse to find out whether an A record
exists.
This has been addressed by clearing DNS64 state information
immediately after the call to query_filter64().
(cherry picked from commit
7213b038f0beb2f4750b858113af1f9e18ae0520)
dual AAAA 2001:db8::6
mx A 1.0.0.3
mx AAAA 2001:db8::3
+
+; one of these AAAA addresses is excluded in named.conf
+excludeone A 1.0.0.6
+excludeone AAAA ::1
+excludeone AAAA 2001:db8::6
dual AAAA 2001:db8::6
mx A 1.0.0.3
mx AAAA 2001:db8::3
+
+; one of these AAAA addresses is excluded in named.conf
+excludeone A 1.0.0.6
+excludeone AAAA ::1
+excludeone AAAA 2001:db8::6
dnssec-validation no;
notify yes;
dns64 64:ff9b::/96 {
- clients { any; };
- exclude { any; };
- mapped { any; };
+ clients { any; };
+ exclude { ::1/128; };
+ mapped { any; };
};
minimal-responses no;
};
msg = isctest.query.create("aaaa-only.unsigned", "aaaa")
res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.noerror(res)
+
+ msg = isctest.query.create("excludeone.unsigned", "aaaa")
+ res = isctest.query.tcp(msg, "10.53.0.5")
+ isctest.check.noerror(res)
} else if (qctx->client->query.dns64_aaaaok != NULL) {
query_filter64(qctx);
ns_client_putrdataset(qctx->client, &qctx->rdataset);
+ isc_mem_cput(qctx->client->manager->mctx,
+ qctx->client->query.dns64_aaaaok,
+ qctx->client->query.dns64_aaaaoklen, sizeof(bool));
+ qctx->client->query.dns64_aaaaoklen = 0;
} else {
if (!qctx->is_zone && RECURSIONOK(qctx->client)) {
query_prefetch(qctx->client, qctx->fname,
projects / thirdparty / bind9.git / commitdiff
