From: Wouter Wijngaards Date: Fri, 14 Jan 2011 13:56:25 +0000 (+0000) Subject: - Fix so a changed NS RRset does not get moved name stuck on old X-Git-Tag: release-1.4.8rc1~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5a97a3e8fcfa31039ffb4d3394fbe571a83a595;p=thirdparty%2Funbound.git - Fix so a changed NS RRset does not get moved name stuck on old server, for type NS the TTL is not increased. git-svn-id: file:///svn/unbound/trunk@2373 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 5c44621e5..e993a963d 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,3 +1,7 @@ +14 January 2011: Wouter + - Fix so a changed NS RRset does not get moved name stuck on old + server, for type NS the TTL is not increased. + 13 January 2011: Wouter - Fix prefetch so it does not get stuck on old server for moved names. diff --git a/services/cache/rrset.c b/services/cache/rrset.c index 721599096..c42a741ea 100644 --- a/services/cache/rrset.c +++ b/services/cache/rrset.c @@ -120,7 +120,7 @@ rrset_cache_touch(struct rrset_cache* r, struct ub_packed_rrset_key* key, /** see if rrset needs to be updated in the cache */ static int -need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal) +need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal, int ns) { struct packed_rrset_data* newd = (struct packed_rrset_data*)nd; struct packed_rrset_data* cached = (struct packed_rrset_data*)cd; @@ -146,8 +146,20 @@ need_to_update_rrset(void* nd, void* cd, uint32_t timenow, int equal) if( cached->ttl < timenow ) return 1; /* o same trust, but different in data - insert it */ - if( newd->trust == cached->trust && !equal ) + if( newd->trust == cached->trust && !equal ) { + /* if this is type NS, do not 'stick' to owner that changes + * the NS RRset, but use the old TTL for the new data, and + * update to fetch the latest data. ttl is not expired, because + * that check was before this one. */ + if(ns) { + size_t i; + newd->ttl = cached->ttl; + for(i=0; i<(newd->count+newd->rrsig_count); i++) + if(newd->rr_ttl[i] > newd->ttl) + newd->rr_ttl[i] = newd->ttl; + } return 1; + } return 0; } @@ -191,7 +203,7 @@ rrset_cache_update(struct rrset_cache* r, struct rrset_ref* ref, equal = rrsetdata_equal((struct packed_rrset_data*)k->entry. data, (struct packed_rrset_data*)e->data); if(!need_to_update_rrset(k->entry.data, e->data, timenow, - equal)) { + equal, (rrset_type==LDNS_RR_TYPE_NS))) { /* cache is superior, return that value */ lock_rw_unlock(&e->lock); ub_packed_rrset_parsedelete(k, alloc); @@ -338,9 +350,13 @@ rrset_update_sec_status(struct rrset_cache* r, if(updata->trust > cachedata->trust) cachedata->trust = updata->trust; cachedata->security = updata->security; - cachedata->ttl = updata->ttl + now; - for(i=0; icount+cachedata->rrsig_count; i++) - cachedata->rr_ttl[i] = updata->rr_ttl[i]+now; + /* for NS records only shorter TTLs, other types: update it */ + if(ntohs(rrset->rk.type) != LDNS_RR_TYPE_NS || + updata->ttl+now < cachedata->ttl) { + cachedata->ttl = updata->ttl + now; + for(i=0; icount+cachedata->rrsig_count; i++) + cachedata->rr_ttl[i] = updata->rr_ttl[i]+now; + } } lock_rw_unlock(&e->lock); } diff --git a/testdata/iter_domain_sale.rpl b/testdata/iter_domain_sale.rpl new file mode 100644 index 000000000..cc46bce99 --- /dev/null +++ b/testdata/iter_domain_sale.rpl @@ -0,0 +1,272 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test resolver with a domain sale +; and the old operator is nasty, keeps running his server with the old data. +; and lots of lookups keep going towards the domain. +; eventually, the NS record has to timeout. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. (before sale of domain) +RANGE_BEGIN 0 20 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. (after sale of domain) +RANGE_BEGIN 30 200 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 8.8.8.8 +ENTRY_END +RANGE_END + +; ns.example.com. first owner +RANGE_BEGIN 0 200 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; nxdomains for any name,type +; last in RANGE so that it matches everything left over. +; it includes the NS record. +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA a. b. 1 2 3 4 5 +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. new owner +RANGE_BEGIN 0 200 + ADDRESS 8.8.8.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 8.8.8.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 88.88.88.88 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 8.8.8.8 +ENTRY_END +RANGE_END + +; Fetch the old record from the old owner. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 5 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; the domain is sold (right at this time). +; but the information stays in the cache. + +; after 1800 secs still the cached answer +STEP 20 TIME_PASSES ELAPSE 1800 + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 1800 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 1800 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 1800 IN A 1.2.3.4 +ENTRY_END + +; and ask another query +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nx1.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +nx1.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA a. b. 1 2 3 4 5 +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; after another 1900 seconds the domain must have timed out. +STEP 70 TIME_PASSES ELAPSE 1900 + +; the NS record should have timed out. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 88.88.88.88 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 8.8.8.8 +ENTRY_END + +SCENARIO_END diff --git a/testdata/iter_domain_sale_nschange.rpl b/testdata/iter_domain_sale_nschange.rpl new file mode 100644 index 000000000..a7d9f11b8 --- /dev/null +++ b/testdata/iter_domain_sale_nschange.rpl @@ -0,0 +1,340 @@ +; config options +server: + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test resolver with a domain sale and NS changes +; and the old operator is nasty, keeps running his server with the old data. +; and lots of lookups keep going towards the domain. +; and the old server is changing the NS record of the old domain. + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. (before sale of domain) +RANGE_BEGIN 0 20 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. (after sale of domain) +RANGE_BEGIN 30 200 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode subdomain +ADJUST copy_id copy_query +REPLY QR NOERROR +SECTION QUESTION +example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 8.8.8.8 +ENTRY_END +RANGE_END + +; ns.example.com. first owner +RANGE_BEGIN 0 30 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; nxdomains for any name,type +; last in RANGE so that it matches everything left over. +; it includes the NS record. +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA a. b. 1 2 3 4 5 +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. first owner, NS changed +RANGE_BEGIN 40 200 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS nsb.example.com. +SECTION ADDITIONAL +nsb.example.com. IN A 1.2.3.4 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qname +ADJUST copy_id copy_query +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3600 IN NS nsb.example.com. +SECTION ADDITIONAL +nsb.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; nxdomains for any name,type +; last in RANGE so that it matches everything left over. +; it includes the NS record. +ENTRY_BEGIN +MATCH opcode +ADJUST copy_id copy_query +REPLY QR AA NXDOMAIN +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA a. b. 1 2 3 4 5 +example.com. 3600 IN NS nsb.example.com. +SECTION ADDITIONAL +nsb.example.com. 3600 IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. new owner +RANGE_BEGIN 0 200 + ADDRESS 8.8.8.8 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 8.8.8.8 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR AA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 88.88.88.88 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 8.8.8.8 +ENTRY_END +RANGE_END + +; Fetch the old record from the old owner. +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 5 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; the domain is sold (right at this time). +; but the information stays in the cache. + +; after 1800 secs still the cached answer +STEP 20 TIME_PASSES ELAPSE 1800 + +STEP 30 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 40 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 1800 IN A 10.20.30.40 +SECTION AUTHORITY +example.com. 1800 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 1800 IN A 1.2.3.4 +ENTRY_END + +; and ask another query +STEP 50 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nx1.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 60 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +nx1.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA a. b. 1 2 3 4 5 +example.com. 3600 IN NS nsb.example.com. +SECTION ADDITIONAL +nsb.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +STEP 62 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +nx1.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 63 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NXDOMAIN +SECTION QUESTION +nx1.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA a. b. 1 2 3 4 5 +example.com. 1800 IN NS nsb.example.com. +SECTION ADDITIONAL +nsb.example.com. 3600 IN A 1.2.3.4 +ENTRY_END + +; after another 1900 seconds the domain must have timed out. +STEP 70 TIME_PASSES ELAPSE 1900 + +; the NS record should have timed out. +STEP 80 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.example.com. IN A +ENTRY_END +; recursion happens here. +STEP 90 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA NOERROR +SECTION QUESTION +www.example.com. IN A +SECTION ANSWER +www.example.com. 3600 IN A 88.88.88.88 +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. 3600 IN A 8.8.8.8 +ENTRY_END + +SCENARIO_END