From: Marek Vavruša <mvavrusa@cloudflare.com>
Date: Wed, 1 Aug 2018 23:16:30 +0000 (-0700)
Subject: layer/iterate: do not change delegation on qname minimization failure
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0d6e7d9d31dcb56d2f596ae0774ae0a09bc27349;p=thirdparty%2Fknot-resolver.git

layer/iterate: do not change delegation on qname minimization failure

Before a server could change delegation when there was an NS record
for different name in the answer section. e.g.:

```
QNAME: test.example.com
ANSWER: else.example.com NS somewhere
```

The zone cut would change to else.example.com.
---

diff --git a/daemon/network.h b/daemon/network.h
index a47564fbc..548d61a23 100644
--- a/daemon/network.h
+++ b/daemon/network.h
@@ -55,7 +55,6 @@ struct network {
 	struct tls_session_ticket_ctx *tls_session_ticket_ctx;
 	struct net_tcp_param tcp;
     int tcp_backlog;
-	struct net_tcp_param tcp;
 };
 
 void network_init(struct network *net, uv_loop_t *loop, int tcp_backlog);
diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index 0f032957f..02b17855a 100644
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -453,7 +453,8 @@ static int process_authority(knot_pkt_t *pkt, struct kr_request *req)
 		for (unsigned i = 0; i < an->count; ++i) {
 			const knot_rrset_t *rr = knot_pkt_rr(an, i);
 			if (rr->type == KNOT_RRTYPE_NS
-			    && knot_dname_in_bailiwick(rr->owner, qry->zone_cut.name) > 0) {
+			    && knot_dname_in_bailiwick(rr->owner, qry->zone_cut.name) > 0
+			    && knot_dname_in_bailiwick(rr->owner, qry->sname) >= 0) {
 				/* NS below cut in authority indicates different authority,
 				 * but same NS set. */
 				qry->zone_cut.name = knot_dname_copy(rr->owner, &req->pool);