--- /dev/null
+#!/usr/bin/perl
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+use IO::File;
+use IO::Socket;
+use Net::DNS;
+use Net::DNS::Packet;
+
+my $localport = int($ENV{'PORT'});
+if (!$localport) { $localport = 5300; }
+
+my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.8",
+ LocalPort => $localport, Proto => "udp") or die "$!";
+
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
+print $pidf "$$\n" or die "cannot write pid file: $!";
+$pidf->close or die "cannot close pid file: $!";
+sub rmpid { unlink "ans.pid"; exit 1; };
+
+$SIG{INT} = \&rmpid;
+$SIG{TERM} = \&rmpid;
+
+for (;;) {
+ $sock->recv($buf, 512);
+
+ print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
+
+ my $packet;
+
+ if ($Net::DNS::VERSION > 0.68) {
+ $packet = new Net::DNS::Packet(\$buf, 0);
+ $@ and die $@;
+ } else {
+ my $err;
+ ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
+ $err and die $err;
+ }
+
+ print "REQUEST:\n";
+ $packet->print;
+
+ $packet->header->qr(1);
+ $packet->header->aa(1);
+
+ my @questions = $packet->question;
+ my $qname = $questions[0]->qname;
+
+ if ($qname eq "x.y.z.sub.apex-cname") {
+ $packet->push("answer", new Net::DNS::RR("$qname 300 A 1.2.3.4"));
+ } else {
+ $packet->push("answer",
+ new Net::DNS::RR("$qname 300 CNAME x.y.z.sub.apex-cname"));
+ }
+
+ $sock->send($packet->data);
+
+ print "RESPONSE:\n";
+ $packet->print;
+ print "\n";
+}
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
-; $Id: root.db.in,v 1.12 2010/11/17 23:47:08 tbox Exp $
-
$TTL 300
-. IN SOA gson.nominum.com. a.root.servers.nil. (
- 2000042100 ; serial
- 600 ; refresh
- 600 ; retry
- 1200 ; expire
- 600 ; minimum
+. IN SOA gson.nominum.com. a.root.servers.nil. (
+ 2000042100 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
optout-tld NS ns6.optout-tld.
ns6.optout-tld. A 10.53.0.6
in-addr.arpa. NS ns2.example.
+apex-cname. NS ns8.apex-cname.
+ns8.apex-cname. A 10.53.0.8
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+echo_i "check that apex CNAME in an insecure zone does not abort validation ($n)"
+ret=0
+$DIG $DIGOPTS apex-cname a @10.53.0.4 > dig.out.ns4.test$n || ret=1
+grep SERVFAIL dig.out.ns4.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
for (parent = val; parent != NULL; parent = parent->parent) {
if (parent->event != NULL &&
(parent->event->type == type ||
- parent->event->type == dns_rdatatype_cname) &&
+ (parent->event->type == dns_rdatatype_cname &&
+ !dns_rdatatype_atparent(type))) &&
dns_name_equal(parent->event->name, name) &&
/*
* As NSEC3 records are meta data you sometimes
projects / thirdparty / bind9.git / commitdiff
