From: Ruben d'Arco Date: Wed, 15 May 2013 20:13:15 +0000 (+0200) Subject: Correctly remove NSEC3PARAM with delegate in zone X-Git-Tag: rec-3.6.0-rc1~556^2~3^2~28 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b1ca76193585e7c76a6a0a92ee8050567fb45e0e;p=thirdparty%2Fpdns.git Correctly remove NSEC3PARAM with delegate in zone --- diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index 9c1c4319c5..ce4222f2e0 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -329,13 +329,28 @@ uint16_t PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord * // Remove the Order and Aath field di->backend->list(di->zone, di->id); vector rrs; - while (di->backend->get(rec)) + vector delegates; + while (di->backend->get(rec)) { rrs.push_back(rec); + if (rec.qtype == QType::NS && rec.qname != di->zone) + delegates.push_back(rec.qname); + } for (vector::const_iterator i = rrs.begin(); i != rrs.end(); i++) { + bool isBelowDelegate = false; if (!i->qtype.getCode()) {// for ENT records, we want to reset things as they have ordername=NULL and auth=NULL di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, i->qname, i->auth); - } else // all other records are simply updated. - di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, i->qname, i->auth); + } else { // all other records are simply updated. + for (vector::const_iterator x = delegates.begin(); x != delegates.end(); x++) { + if (*x != i->qname && endsOn(i->qname, *x)) { + isBelowDelegate = true; + break; + } + } + if (isBelowDelegate) + di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, i->qname, i->auth); + else + di->backend->updateDNSSECOrderAndAuth(di->id, di->zone, i->qname, i->auth); + } } return 1; }