From: Mark Andrews Date: Thu, 18 Jul 2024 03:35:41 +0000 (+1000) Subject: Fix gratuitious DNS protocol errors in the ANS servers X-Git-Tag: v9.21.5~7^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0680eb6f64c13bcf8239b263b12f651d47bb91f8;p=thirdparty%2Fbind9.git Fix gratuitious DNS protocol errors in the ANS servers The ANS servers were not to written to handle NS queries at the QNAME resulting in gratuitious protocol errors that will break tests when NS requests are made for the QNAME. --- diff --git a/bin/tests/system/cookie/ans9/ans.py b/bin/tests/system/cookie/ans9/ans.py index c3430024aa6..a107e938dda 100644 --- a/bin/tests/system/cookie/ans9/ans.py +++ b/bin/tests/system/cookie/ans9/ans.py @@ -104,22 +104,35 @@ def create_response(msg, tcp, first, ns10): r.answer.append(dns.rrset.from_text(qname, 1, IN, A, "10.53.0.10")) dopass2 = True elif rrtype == NS: - r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, ".")) + length = len(labels) + if length == 2: + r.answer.append(dns.rrset.from_text(qname, 1, IN, NS, "ns." + qname)) + if ns10: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.10") + ) + else: + r.additional.append( + dns.rrset.from_text("ns." + qname, 1, IN, A, "10.53.0.9") + ) + else: + tld = ".".join(labels[length - 2 :]) + r.authority.append(dns.rrset.from_text(tld, 2, IN, SOA, ". . 0 0 0 0 2")) elif rrtype == SOA: - r.answer.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.answer.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) else: - r.authority.append(dns.rrset.from_text(qname, 1, IN, SOA, ". . 0 0 0 0 0")) + r.authority.append(dns.rrset.from_text(qname, 2, IN, SOA, ". . 0 0 0 0 2")) # Add a server cookie to the response - if labels[0] != "nocookie": + if labels[0] != "nocookie" or rrtype != A: for o in m.options: if o.otype == 10: # Use 10 instead of COOKIE - if first and labels[0] == "withtsig" and not tcp: + if first and labels[0] == "withtsig" and not tcp and rrtype == A: r.use_tsig( keyring=keyring, keyname=dns.name.from_text("fake"), algorithm=HMAC_SHA256, ) - elif labels[0] != "tcponly" or tcp: + elif labels[0] != "tcponly" or tcp or rrtype != A: cookie = o try: if len(o.server) == 0: diff --git a/bin/tests/system/qmin/ans2/ans.py b/bin/tests/system/qmin/ans2/ans.py index 1994ff35db7..d372c2003b2 100755 --- a/bin/tests/system/qmin/ans2/ans.py +++ b/bin/tests/system/qmin/ans2/ans.py @@ -212,6 +212,19 @@ def create_response(msg): "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" ) ) + r.flags |= dns.flags.AA + elif lqname == "ns2.stale.": + if rrtype == A: + r.additional.append( + dns.rrset.from_text("ns.b.stale.", 2, IN, A, "10.53.0.2") + ) + else: + r.authority.append( + dns.rrset.from_text( + "stale.", 2, IN, SOA, "ns2.stale. hostmaster.arpa. 1 2 3 4 5" + ) + ) + r.flags |= dns.flags.AA else: # NXDOMAIN r.authority.append( @@ -257,30 +270,72 @@ def create_response(msg): elif lqname == "" and rrtype == NS: r.answer.append(dns.rrset.from_text(suffix, 30, IN, NS, "ns2." + suffix)) r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2")) - r.flags |= dns.flags.AA - elif lqname == "ns2." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2") - ) - r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3")) + elif lqname == "ns2.": r.flags |= dns.flags.AA - elif lqname == "ns3." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3") - ) - r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == A: - r.answer.append(dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4")) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns2." + suffix, 30, IN, A, "10.53.0.2") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns2." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::2" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns3.": r.flags |= dns.flags.AA - elif lqname == "ns4." and rrtype == AAAA: - r.answer.append( - dns.rrset.from_text("ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4") - ) + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns3." + suffix, 30, IN, A, "10.53.0.3") + ) + elif lqname == "ns3." and rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns3." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::3" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) + elif lqname == "ns4.": r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns4." + suffix, 30, IN, A, "10.53.0.4") + ) + elif rrtype == AAAA: + r.answer.append( + dns.rrset.from_text( + "ns4." + suffix, 30, IN, AAAA, "fd92:7065:b8e:ffff::4" + ) + ) + else: + r.authority.append( + dns.rrset.from_text( + suffix, + 30, + IN, + SOA, + "ns2." + suffix + " hostmaster.arpa. 2018050100 1 1 1 1", + ) + ) elif lqname == "a.bit.longer.ns.name." and rrtype == A: r.answer.append( dns.rrset.from_text("a.bit.longer.ns.name." + suffix, 1, IN, A, "10.53.0.4") diff --git a/bin/tests/system/qmin/ans3/ans.py b/bin/tests/system/qmin/ans3/ans.py index 079c3d2cdac..b5ae73c3fa5 100755 --- a/bin/tests/system/qmin/ans3/ans.py +++ b/bin/tests/system/qmin/ans3/ans.py @@ -97,17 +97,16 @@ def create_response(msg): ip6req = True elif endswith(lqname, "a.b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "peekaboo")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -115,7 +114,6 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA else: # NODATA. r.authority.append( @@ -123,7 +121,20 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) + else: + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) else: + r.flags |= dns.flags.AA r.authority.append( dns.rrset.from_text( lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" diff --git a/bin/tests/system/qmin/ans4/ans.py b/bin/tests/system/qmin/ans4/ans.py index f3d00c35140..517217aec11 100755 --- a/bin/tests/system/qmin/ans4/ans.py +++ b/bin/tests/system/qmin/ans4/ans.py @@ -98,17 +98,16 @@ def create_response(msg): ip6req = True elif endswith(lqname, "b.stale."): if lqname == "a.b.stale.": + r.flags |= dns.flags.AA if rrtype == TXT: # Direct query. r.answer.append(dns.rrset.from_text(lqname, 1, IN, TXT, "hooray")) - r.flags |= dns.flags.AA elif rrtype == NS: # NS a.b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.a.b.stale.")) r.additional.append( dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA a.b. r.answer.append( @@ -116,7 +115,19 @@ def create_response(msg): lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "a.b.stale. hostmaster.a.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.a.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.3") + ) else: # NODATA. r.authority.append( @@ -125,13 +136,13 @@ def create_response(msg): ) ) elif lqname == "b.stale.": + r.flags |= dns.flags.AA if rrtype == NS: # NS b. r.answer.append(dns.rrset.from_text(lqname, 1, IN, NS, "ns.b.stale.")) r.additional.append( dns.rrset.from_text("ns.b.stale.", 1, IN, A, "10.53.0.4") ) - r.flags |= dns.flags.AA elif rrtype == SOA: # SOA b. r.answer.append( @@ -139,7 +150,20 @@ def create_response(msg): lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" ) ) - r.flags |= dns.flags.AA + else: + # NODATA. + r.authority.append( + dns.rrset.from_text( + lqname, 1, IN, SOA, "b.stale. hostmaster.b.stale. 1 2 3 4 5" + ) + ) + elif lqname == "ns.b.stale.": + r.flags |= dns.flags.AA + if rrtype == A: + # SOA a.b. + r.answer.append( + dns.rrset.from_text("ns.a.b.stale.", 1, IN, A, "10.53.0.4") + ) else: # NODATA. r.authority.append( diff --git a/bin/tests/system/serve-stale/ans2/ans.pl b/bin/tests/system/serve-stale/ans2/ans.pl index 3fdc1fc9aac..fed26967fe9 100644 --- a/bin/tests/system/serve-stale/ans2/ans.pl +++ b/bin/tests/system/serve-stale/ans2/ans.pl @@ -185,13 +185,8 @@ sub reply_handler { } $rcode = "NOERROR"; } elsif ($qname eq "shortttl.cname.example") { - if ($qtype eq "A") { - my $rr = new Net::DNS::RR($SHORTCNAME); - push @ans, $rr; - } else { - my $rr = new Net::DNS::RR($negSOA); - push @auth, $rr; - } + my $rr = new Net::DNS::RR($SHORTCNAME); + push @ans, $rr; $rcode = "NOERROR"; } elsif ($qname eq "longttl.target.example") { if ($slow_response) {