From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Mon, 3 Sep 2007 09:13:27 +0000 (+0000)
Subject: cname nxdomain fixup.
X-Git-Tag: release-0.5~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8351afe61a0ff0857bf5710a66294fe3a5d94505;p=thirdparty%2Funbound.git

cname nxdomain fixup.


git-svn-id: file:///svn/unbound/trunk@576 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index 8189b8dd5..32a75d3eb 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,9 @@
+3 September 2007: Wouter
+	- Fixed error in iterator that would cause assertion failure in 
+	  validator. CNAME to a NXDOMAIN response was collated into a response
+	  with both a CNAME and the NXDOMAIN rcode. Added a test that the
+	  rcode is changed to NOERROR (because of the CNAME).
+
 31 August 2007: Wouter
 	- can read bind trusted-keys { ... }; files, in a compatibility mode. 
 	- iterator should not detach target queries that it still could need.
diff --git a/iterator/iterator.c b/iterator/iterator.c
index f9b2cd423..f2a04f20e 100644
--- a/iterator/iterator.c
+++ b/iterator/iterator.c
@@ -244,6 +244,11 @@ iter_prepend(struct iter_qstate* iq, struct dns_msg* msg,
 	for(p = iq->prepend_list; p; p = p->next) {
 		sets[num++] = p->rrset;
 	}
+	/* if the rcode was NXDOMAIN, and we prepended DNAME/CNAMEs, then
+	 * it should now be NOERROR. */
+	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_NXDOMAIN) {
+		FLAGS_SET_RCODE(msg->rep->flags, LDNS_RCODE_NOERROR);
+	}
 	msg->rep->rrset_count += num;
 	msg->rep->an_numrrsets += num;
 	msg->rep->rrsets = sets;
diff --git a/testdata/iter_cname_nx.rpl b/testdata/iter_cname_nx.rpl
new file mode 100644
index 000000000..4f677a4d3
--- /dev/null
+++ b/testdata/iter_cname_nx.rpl
@@ -0,0 +1,118 @@
+; config options
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test cname followed by nxdomain reply rcode.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.next.com. IN A
+SECTION AUTHORITY
+next.com.	IN NS	ns.next.com.
+SECTION ADDITIONAL
+ns.next.com.		IN 	A	1.2.3.5
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME www.next.com.
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.next.com.
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.5
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+www.next.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com. IN CNAME	www.next.com.
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END
diff --git a/util/net_help.h b/util/net_help.h
index c25844502..097e586d1 100644
--- a/util/net_help.h
+++ b/util/net_help.h
@@ -66,6 +66,8 @@
 #define BIT_QR 0x8000
 /** get RCODE bits from uint16 flags */
 #define FLAGS_GET_RCODE(f) ((f) & 0xf)
+/** set RCODE bits in uint16 flags */
+#define FLAGS_SET_RCODE(f, r) (f = (((f) & 0xfff0) | (r)))
 
 /** timeout in seconds for UDP queries to auth servers. */
 #define UDP_QUERY_TIMEOUT 4
diff --git a/validator/val_utils.c b/validator/val_utils.c
index 0b39adcbf..d51959fb4 100644
--- a/validator/val_utils.c
+++ b/validator/val_utils.c
@@ -68,6 +68,9 @@ val_classify_response(uint16_t query_flags, struct query_info* qinf,
 	if(!(query_flags&BIT_RD))
 		return VAL_CLASS_REFERRAL;
 	
+	/* dump bad messages */
+	if(rcode != LDNS_RCODE_NOERROR)
+		return VAL_CLASS_UNKNOWN;
 	log_assert(rcode == LDNS_RCODE_NOERROR);
 	/* next check if the skip into the answer section shows no answer */
 	if(skip>0 && rep->an_numrrsets <= skip)