From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 2 Aug 2007 11:44:17 +0000 (+0000)
Subject: Fixup scrubber and lameness.
X-Git-Tag: release-0.5~163
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=947bd1ab91ed2cbdd0ec9d4e24837438a9d5e2d6;p=thirdparty%2Funbound.git

Fixup scrubber and lameness.


git-svn-id: file:///svn/unbound/trunk@478 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index e328f1f27..dfbe1b0c9 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -2,6 +2,8 @@
 	- configure change for latest libevent trunk version (needs -lrt).
 	- query_done and walk_supers are moved out of module interface.
 	- fixup delegation point duplicates.
+	- fixup iterator scrubber; lame NS set is let through the scrubber
+	  so that the classification is lame.
 
 1 August 2007: Wouter
 	- set version to 0.5
diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c
index e9b7bf16f..3f24e2b70 100644
--- a/iterator/iter_scrub.c
+++ b/iterator/iter_scrub.c
@@ -515,17 +515,26 @@ scrub_sanitize(ldns_buffer* pkt, struct msg_parse* msg, uint8_t* zonename,
 		 * same check can be used */
 
 		if(!pkt_sub(pkt, rrset->dname, zonename)) {
-			if(!env->cfg->harden_glue) {
+			if(msg->an_rrsets == 0 && 
+				rrset->type == LDNS_RR_TYPE_NS && 
+				FLAGS_GET_RCODE(msg->flags) == 
+				LDNS_RCODE_NOERROR) {
+				/* noerror, nodata and this NS rrset is above
+				 * the zone. This is LAME! 
+				 * Leave in the NS for lame classification. */
+			} else if(!env->cfg->harden_glue) {
 				/* store in cache! Since it is relevant
 				 * (from normalize) it will be picked up 
 				 * from the cache to be used later */
 				store_rrset(pkt, msg, env, rrset);
 				remove_rrset("sanitize: storing potential "
 				"poison RRset:", pkt, msg, prev, &rrset);
-			} else
+				continue;
+			} else {
 				remove_rrset("sanitize: removing potential "
 				"poison RRset:", pkt, msg, prev, &rrset);
-			continue;
+				continue;
+			}
 		}
 		prev = rrset;
 		rrset = rrset->rrset_all_next;
diff --git a/testdata/iter_lamescrub.rpl b/testdata/iter_lamescrub.rpl
new file mode 100644
index 000000000..dba2b0e25
--- /dev/null
+++ b/testdata/iter_lamescrub.rpl
@@ -0,0 +1,118 @@
+; config options
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+CONFIG_END
+
+SCENARIO_BEGIN Test lameness detection after scrubber.
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+com.	IN NS	a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.	IN 	A	192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION AUTHORITY
+example.com.	IN NS	ns.example.com.
+SECTION ADDITIONAL
+ns.example.com.		IN 	A	1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.
+; This server is Lame!
+RANGE_BEGIN 0 100
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR RD NOERROR
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+com.                    155182  IN      NS      a.gtld-servers.net.
+com.                    155182  IN      NS      b.gtld-servers.net.
+com.                    155182  IN      NS      c.gtld-servers.net.
+com.                    155182  IN      NS      d.gtld-servers.net.
+com.                    155182  IN      NS      e.gtld-servers.net.
+com.                    155182  IN      NS      f.gtld-servers.net.
+com.                    155182  IN      NS      g.gtld-servers.net.
+com.                    155182  IN      NS      h.gtld-servers.net.
+com.                    155182  IN      NS      i.gtld-servers.net.
+com.                    155182  IN      NS      j.gtld-servers.net.
+com.                    155182  IN      NS      k.gtld-servers.net.
+com.                    155182  IN      NS      l.gtld-servers.net.
+com.                    155182  IN      NS      m.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net.     155182  IN      A       192.5.6.30
+b.gtld-servers.net.     155182  IN      A       192.33.14.30
+c.gtld-servers.net.     155182  IN      A       192.26.92.30
+d.gtld-servers.net.     155182  IN      A       192.31.80.30
+e.gtld-servers.net.     155182  IN      A       192.12.94.30
+f.gtld-servers.net.     155182  IN      A       192.35.51.30
+g.gtld-servers.net.     155182  IN      A       192.42.93.30
+h.gtld-servers.net.     155182  IN      A       192.54.112.30
+i.gtld-servers.net.     155182  IN      A       192.43.172.30
+j.gtld-servers.net.     155182  IN      A       192.48.79.30
+k.gtld-servers.net.     155182  IN      A       192.52.178.30
+l.gtld-servers.net.     155182  IN      A       192.41.162.30
+m.gtld-servers.net.     155182  IN      A       192.55.83.30
+a.gtld-servers.net.     155182  IN      AAAA    2001:503:a83e::2:30
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+www.example.com. IN A
+ENTRY_END
+
+; recursin happens here
+
+; check that the answer is a failure (lame server)
+; and not a nodata-noerror message (false answer classification).
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA SERVFAIL
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+SECTION AUTHORITY
+SECTION ADDITIONAL
+ENTRY_END
+
+SCENARIO_END