rec: DNAME redirects DNS names subordinate to its owner name

author Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 5 Mar 2021 22:35:09 +0000 (23:35 +0100)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 5 Mar 2021 22:35:09 +0000 (23:35 +0100)
author Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 5 Mar 2021 22:35:09 +0000 (23:35 +0100)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 5 Mar 2021 22:35:09 +0000 (23:35 +0100)
diff --git a/pdns/validate.cc b/pdns/validate.cc

index bf37dbe9fef8c61b23cd863c9589304e7a97baa4..3e91cf5ea57af1ae02c7671a6ed1adf295a33070 100644 (file)
--- a/pdns/validate.cc
+++ b/pdns/validate.cc
@@ -308,7 +308,7 @@ static bool provesNoWildCard(const DNSName& qname, const uint16_t qtype, const D
          const DNSName owner = getNSECOwnerName(v.first.first, v.second.signatures);
          LOG("Comparing owner: "<<owner<<" with target: "<<wildcard<<endl);
  
-        if (qname.isPartOf(owner) && nsec->isSet(QType::DNAME)) {
+        if (qname != owner && qname.isPartOf(owner) && nsec->isSet(QType::DNAME)) {
            /* rfc6672 section 5.3.2: DNAME Bit in NSEC Type Map
  
               In any negative response, the NSEC or NSEC3 [RFC5155] record type
diff --git a/pdns/validate.hh b/pdns/validate.hh

index daafe962c5e6967e62e3be3962134ff0dbd6f7a5..ec11f0b27b36b4a66f76bebab2dd27ea1c103708 100644 (file)
--- a/pdns/validate.hh
+++ b/pdns/validate.hh
@@ -110,9 +110,5 @@ template <typename NSEC> bool isTypeDenied(const NSEC& nsec, const QType& type)
      return false;
    }
  
-  if (nsec->isSet(QType::DNAME)) {
-    return false;
-  }
-
    return true;
  }
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 5 Mar 2021 22:35:09 +0000 (23:35 +0100)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 5 Mar 2021 22:35:09 +0000 (23:35 +0100)
pdns/validate.cc		patch \| blob \| blame \| history
pdns/validate.hh		patch \| blob \| blame \| history