From: Yorgos Thessalonikefs Date: Wed, 6 Dec 2023 22:40:01 +0000 (+0100) Subject: - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. X-Git-Tag: release-1.19.3rc1~52^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F973%2Fhead;p=thirdparty%2Funbound.git - Use the origin (DNAME) TTL for syntesized CNAMEs as per RFC 6672. --- diff --git a/iterator/iter_scrub.c b/iterator/iter_scrub.c index 5f2e30337..48867e50c 100644 --- a/iterator/iter_scrub.c +++ b/iterator/iter_scrub.c @@ -283,7 +283,8 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias, sizeof(uint32_t)+sizeof(uint16_t)+aliaslen); if(!cn->rr_first->ttl_data) return NULL; - sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */ + memmove(cn->rr_first->ttl_data, rrset->rr_first->ttl_data, + sizeof(uint32_t)); /* RFC6672: synth CNAME TTL == DNAME TTL */ sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen); memmove(cn->rr_first->ttl_data+6, alias, aliaslen); cn->rr_first->size = sizeof(uint16_t)+aliaslen; diff --git a/services/authzone.c b/services/authzone.c index a1b3d2278..3ae8668c5 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -2702,7 +2702,7 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region, if(!d) return 0; /* out of memory */ (*cname)->entry.data = d; - d->ttl = 0; /* 0 for synthesized CNAME TTL */ + d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */ d->count = 1; d->rrsig_count = 0; d->trust = rrset_trust_ans_noAA; diff --git a/services/cache/dns.c b/services/cache/dns.c index 9b4ad5888..fa57697a4 100644 --- a/services/cache/dns.c +++ b/services/cache/dns.c @@ -796,7 +796,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region, if(!newd) return NULL; ck->entry.data = newd; - newd->ttl = 0; /* 0 for synthesized CNAME TTL */ + newd->ttl = d->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */ newd->count = 1; newd->rrsig_count = 0; newd->trust = rrset_trust_ans_noAA; diff --git a/services/localzone.c b/services/localzone.c index 44da22d78..9c8e3c7ac 100644 --- a/services/localzone.c +++ b/services/localzone.c @@ -1532,7 +1532,7 @@ local_data_answer(struct local_zone* z, struct module_env* env, return 0; /* invalid cname */ if(dname_is_wild(ctarget)) { /* synthesize cname target */ - struct packed_rrset_data* d; + struct packed_rrset_data* d, *lr_d; /* -3 for wildcard label and root label from qname */ size_t newtargetlen = qinfo->qname_len + ctargetlen - 3; @@ -1560,8 +1560,10 @@ local_data_answer(struct local_zone* z, struct module_env* env, + newtargetlen); if(!d) return 0; /* out of memory */ + lr_d = (struct packed_rrset_data*)lr->rrset->entry.data; qinfo->local_alias->rrset->entry.data = d; - d->ttl = 0; /* 0 for synthesized CNAME TTL */ + d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior: + synth CNAME TTL uses original TTL*/ d->count = 1; d->rrsig_count = 0; d->trust = rrset_trust_ans_noAA; diff --git a/testcode/unitauth.c b/testcode/unitauth.c index 11eeb43b2..23c57e095 100644 --- a/testcode/unitauth.c +++ b/testcode/unitauth.c @@ -279,14 +279,14 @@ static struct q_ans example_com_queries[] = { ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir.example.com. 3600 IN DNAME redir.example.org.\n" -"abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n" +"abc.redir.example.com. 3600 IN CNAME abc.redir.example.org.\n" }, { "example.com", "foo.abc.redir.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir.example.com. 3600 IN DNAME redir.example.org.\n" -"foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n" +"foo.abc.redir.example.com. 3600 IN CNAME foo.abc.redir.example.org.\n" }, { "example.com", "redir2.example.com. DNAME", "", @@ -299,42 +299,42 @@ static struct q_ans example_com_queries[] = { ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir2.example.com. 3600 IN DNAME redir2.example.org.\n" -"abc.redir2.example.com. 0 IN CNAME abc.redir2.example.org.\n" +"abc.redir2.example.com. 3600 IN CNAME abc.redir2.example.org.\n" }, { "example.com", "obscured.redir2.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir2.example.com. 3600 IN DNAME redir2.example.org.\n" -"obscured.redir2.example.com. 0 IN CNAME obscured.redir2.example.org.\n" +"obscured.redir2.example.com. 3600 IN CNAME obscured.redir2.example.org.\n" }, { "example.com", "under2.redir2.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir2.example.com. 3600 IN DNAME redir2.example.org.\n" -"under2.redir2.example.com. 0 IN CNAME under2.redir2.example.org.\n" +"under2.redir2.example.com. 3600 IN CNAME under2.redir2.example.org.\n" }, { "example.com", "doubleobscured.under2.redir2.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir2.example.com. 3600 IN DNAME redir2.example.org.\n" -"doubleobscured.under2.redir2.example.com. 0 IN CNAME doubleobscured.under2.redir2.example.org.\n" +"doubleobscured.under2.redir2.example.com. 3600 IN CNAME doubleobscured.under2.redir2.example.org.\n" }, { "example.com", "foo.doubleobscured.under2.redir2.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir2.example.com. 3600 IN DNAME redir2.example.org.\n" -"foo.doubleobscured.under2.redir2.example.com. 0 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n" +"foo.doubleobscured.under2.redir2.example.com. 3600 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n" }, { "example.com", "foo.under2.redir2.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "redir2.example.com. 3600 IN DNAME redir2.example.org.\n" -"foo.under2.redir2.example.com. 0 IN CNAME foo.under2.redir2.example.org.\n" +"foo.under2.redir2.example.com. 3600 IN CNAME foo.under2.redir2.example.org.\n" }, { "example.com", "sub.example.com. NS", "", diff --git a/testdata/iter_dname_insec.rpl b/testdata/iter_dname_insec.rpl index ce593ba5c..051363bd2 100644 --- a/testdata/iter_dname_insec.rpl +++ b/testdata/iter_dname_insec.rpl @@ -397,7 +397,7 @@ ENTRY_END STEP 220302 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION a.example.com. IN A @@ -420,7 +420,7 @@ ENTRY_END STEP 220402 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION a.b.example.com. IN A @@ -523,7 +523,7 @@ ENTRY_END STEP 220702 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION a.x.example.com. IN A @@ -607,7 +607,7 @@ ENTRY_END STEP 220802 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION a2.example.com. IN A @@ -691,14 +691,14 @@ ENTRY_END ; CNAME chains should be followed and CNAME loops signalled as an error STEP 220902 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO REPLY NOERROR SECTION QUESTION cyc.example.com. IN A SECTION ANSWER -example.com. 0 IN DNAME example.com. -cyc.example.com. 0 IN CNAME cyc.example.com. +example.com. 3600 IN DNAME example.com. +cyc.example.com. 3600 IN CNAME cyc.example.com. ENTRY_END ; ns1.example.com. @@ -857,7 +857,7 @@ ENTRY_END STEP 221102 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION shortloop.x.x. IN TXT @@ -885,7 +885,7 @@ ENTRY_END STEP 221202 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION shortloop.x. IN TXT @@ -999,7 +999,7 @@ ENTRY_END ; query returning maximal permissible length - should work STEP 229002 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA DO SECTION QUESTION x.long. IN A diff --git a/testdata/iter_dname_yx.rpl b/testdata/iter_dname_yx.rpl index 18b9725cc..00d77de04 100644 --- a/testdata/iter_dname_yx.rpl +++ b/testdata/iter_dname_yx.rpl @@ -2,6 +2,8 @@ server: harden-referral-path: no target-fetch-policy: "0 0 0 0 0" + qname-minimisation: "no" + minimal-responses: no stub-zone: name: "." @@ -321,680 +323,6 @@ ENTRY_END RANGE_END ; end of a.gtld-servers.net. -; RFC 6672 section 2.2. The DNAME Substitution table tests -;# QNAME owner DNAME target result -;-- ---------------- -------------- -------------- ----------------- -;1 com. example.com. example.net. -;2 example.com. example.com. example.net. [0] -;3 a.example.com. example.com. example.net. a.example.net. -;4 a.b.example.com. example.com. example.net. a.b.example.net. -;5 ab.example.com. b.example.com. example.net. -;6 foo.example.com. example.com. example.net. foo.example.net. -;7 a.x.example.com. x.example.com. example.net. a.example.net. -;8 a.example.com. example.com. y.example.net. a.y.example.net. -;9 cyc.example.com. example.com. example.com. cyc.example.com. -;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. -;11 shortloop.x.x. x. . shortloop.x. -;12 shortloop.x. x. . shortloop. -; -; [0] The result depends on the QTYPE. If the QTYPE = DNAME, then -; the result is "example.com.", else "". -; -; Table 1. DNAME Substitution Examples - -; ; line no. 1 is mostly for authoritative server -; ; line no. 2 QTYPE != DNAME -; STEP 220201 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; example.com. IN NS -; ENTRY_END -; -; STEP 220202 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode answer -; REPLY QR RD RA DO -; SECTION QUESTION -; example.com. IN NS -; SECTION ANSWER -; example.com. IN NS ns1.example.com. -; ENTRY_END -; -; ; line no. 2 QTYPE == DNAME -; STEP 220203 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; example.com. IN DNAME -; ENTRY_END -; -; STEP 220204 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; REPLY QR RD RA DO -; SECTION QUESTION -; example.com. IN DNAME -; SECTION ANSWER -; example.com. IN DNAME example.net. -; ENTRY_END -; -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;3 a.example.com. example.com. example.net. a.example.net. -; -; STEP 220301 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; a.example.com. IN A -; ENTRY_END -; -; STEP 220302 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; a.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME example.net. -; a.example.com. IN CNAME a.example.net. -; a.example.net. IN A 10.0.0.97 -; ENTRY_END -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;4 a.b.example.com. example.com. example.net. a.b.example.net. -; -; STEP 220401 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; a.b.example.com. IN A -; ENTRY_END -; -; STEP 220402 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; a.b.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME example.net. -; a.b.example.com. IN CNAME a.b.example.net. -; a.b.example.net. IN A 10.0.97.98 -; ENTRY_END -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;5 ab.example.com. b.example.com. example.net. -; ;6 foo.example.com. example.com. example.net. foo.example.net. -; -; ; line no. 5 is mostly for authoritative server -; ; line no. 6 is basically the same as line no. 3 -; -; ; ns1.example.com. -; RANGE_BEGIN 220000 220699 -; ADDRESS 168.192.2.2 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN NS -; SECTION ANSWER -; example.com. IN NS ns1.example.com. -; SECTION ADDITIONAL -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN A -; SECTION ANSWER -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN AAAA -; SECTION ANSWER -; ENTRY_END -; -; ; line 2 DNAME -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN DNAME -; SECTION ANSWER -; example.com. IN DNAME example.net. -; ENTRY_END -; -; ; line 3 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME example.net. -; a.example.com. IN CNAME a.example.net. -; ENTRY_END -; -; ; line 4 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a.b.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME example.net. -; a.b.example.com. IN CNAME a.b.example.net. -; ENTRY_END -; RANGE_END -; ; end of ns1.example.com. -; -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;7 a.x.example.com. x.example.com. example.net. a.example.net. -; -; STEP 220701 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; a.x.example.com. IN A -; ENTRY_END -; -; STEP 220702 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; a.x.example.com. IN A -; SECTION ANSWER -; x.example.com. IN DNAME example.net. -; a.x.example.com. IN CNAME a.example.net. -; a.example.net. IN A 10.0.0.97 -; ENTRY_END -; -; ; ns1.example.com. -; RANGE_BEGIN 220700 220799 -; ADDRESS 168.192.2.2 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN NS -; SECTION ANSWER -; example.com. IN NS ns1.example.com. -; SECTION ADDITIONAL -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN A -; SECTION ANSWER -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN AAAA -; SECTION ANSWER -; ENTRY_END -; -; ; line 7 DNAME -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN DNAME -; SECTION ANSWER -; x.example.com. IN DNAME example.net. -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a.x.example.com. IN A -; SECTION ANSWER -; x.example.com. IN DNAME example.net. -; a.x.example.com. IN CNAME a.example.net. -; ENTRY_END -; RANGE_END -; ; end of ns1.example.com. -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;8 a.example.com. example.com. y.example.net. a.y.example.net. -; ; -; ; a.example.com. was renamed to a2.example.com. to avoid cache clashes -; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) -; -; STEP 220801 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; a2.example.com. IN A -; ENTRY_END -; -; STEP 220802 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; a2.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME y.example.net. -; a2.example.com. IN CNAME a2.y.example.net. -; a2.y.example.net. IN A 10.97.50.121 -; ENTRY_END -; -; ; ns1.example.com. -; RANGE_BEGIN 220800 220899 -; ADDRESS 168.192.2.2 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN NS -; SECTION ANSWER -; example.com. IN NS ns1.example.com. -; SECTION ADDITIONAL -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN A -; SECTION ANSWER -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN AAAA -; SECTION ANSWER -; ENTRY_END -; -; ; line 8 DNAME -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN DNAME -; SECTION ANSWER -; example.com. IN DNAME y.example.net. -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a2.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME y.example.net. -; a2.example.com. IN CNAME a2.y.example.net. -; ENTRY_END -; RANGE_END -; ; end of ns1.example.com. -; -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;9 cyc.example.com. example.com. example.com. cyc.example.com. -; -; STEP 220901 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; cyc.example.com. IN A -; ENTRY_END -; -; ; Expected result is defined by RFC 1034 section 3.6.2: -; ; CNAME chains should be followed and CNAME loops signalled as an error -; STEP 220902 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; REPLY SERVFAIL -; SECTION QUESTION -; cyc.example.com. IN A -; ENTRY_END -; -; ; ns1.example.com. -; RANGE_BEGIN 220900 220999 -; ADDRESS 168.192.2.2 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN NS -; SECTION ANSWER -; example.com. IN NS ns1.example.com. -; SECTION ADDITIONAL -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN A -; SECTION ANSWER -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN AAAA -; SECTION ANSWER -; ENTRY_END -; -; ; line 9 DNAME -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN DNAME -; SECTION ANSWER -; example.com. IN DNAME example.com. -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; cyc.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME example.com. -; cyc.example.com. IN CNAME cyc.example.com. -; ENTRY_END -; RANGE_END -; ; end of ns1.example.com. -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;10 cyc.example.com. example.com. c.example.com. cyc.c.example.com. -; ; -; ; cyc.example.com. was renamed to cyc2.example.com. to avoid cache clashes -; ; on the synthetized CNAME (caching CNAMEs is allowed by RFC 6672 section 3.4) -; ; -; ; target c.example.com. was renamed to cyc2.example.net. -; ; to limit number of pre-canned answers required for the test -; -; STEP 221001 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; cyc2.example.com. IN A -; ENTRY_END -; -; ; Expected result is defined by RFC 1034 section 3.6.2: -; ; CNAME chains should be followed and CNAME loops signalled as an error -; STEP 221002 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; REPLY SERVFAIL -; SECTION QUESTION -; cyc2.example.com. IN A -; ENTRY_END -; -; ; ns1.example.com. -; RANGE_BEGIN 221000 221099 -; ADDRESS 168.192.2.2 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN NS -; SECTION ANSWER -; example.com. IN NS ns1.example.com. -; SECTION ADDITIONAL -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN A -; SECTION ANSWER -; ns1.example.com. IN A 168.192.2.2 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.com. IN AAAA -; SECTION ANSWER -; ENTRY_END -; -; ; line 10 DNAME -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.com. IN DNAME -; SECTION ANSWER -; example.com. IN DNAME cyc2.example.net. -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; cyc2.example.com. IN A -; SECTION ANSWER -; example.com. IN DNAME cyc2.example.net. -; cyc2.example.com. IN CNAME cyc2.cyc2.example.net. -; ENTRY_END -; RANGE_END -; ; end of ns1.example.com. -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;11 shortloop.x.x. x. . shortloop.x. -; -; STEP 221101 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; shortloop.x.x. TXT -; ENTRY_END -; -; STEP 221102 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; shortloop.x.x. IN TXT -; SECTION ANSWER -; x. IN DNAME . -; ; unbound hack -; x. IN DNAME . -; shortloop.x.x. IN CNAME shortloop.x. -; shortloop.x. IN CNAME shortloop. -; shortloop. IN TXT "shortloop end" -; ENTRY_END -; -; ;# QNAME owner DNAME target result -; ;-- ---------------- -------------- -------------- ----------------- -; ;12 shortloop.x. x. . shortloop. -; -; ; expire potentically cached CNAMEs for shortloop.x. from cache -; STEP 221200 TIME_PASSES ELAPSE 10000 -; -; STEP 221201 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; shortloop.x. TXT -; ENTRY_END -; -; STEP 221202 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; shortloop.x. IN TXT -; SECTION ANSWER -; x. IN DNAME . -; shortloop.x. IN CNAME shortloop. -; shortloop. IN TXT "shortloop end" -; ENTRY_END -; -; -; ; ns1.example.net. (data shared by whole 22xxxx range) -; RANGE_BEGIN 220000 229999 -; ADDRESS 168.192.3.3 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; example.net. IN NS -; SECTION ANSWER -; example.net. IN NS ns1.example.net. -; SECTION ADDITIONAL -; example.net. IN A 168.192.3.3 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.net. IN A -; SECTION ANSWER -; ns1.example.net. IN A 168.192.3.3 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; ns1.example.net. IN AAAA -; SECTION ANSWER -; ENTRY_END -; -; ; line 3 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a.example.net. IN A -; SECTION ANSWER -; a.example.net. IN A 10.0.0.97 -; ENTRY_END -; -; ; line 4 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a.b.example.net. IN A -; SECTION ANSWER -; a.b.example.net. IN A 10.0.97.98 -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; a2.y.example.net. IN A -; SECTION ANSWER -; a2.y.example.net. IN A 10.97.50.121 -; ENTRY_END -; -; ; line 10 -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; cyc2.example.net. IN DNAME -; SECTION ANSWER -; cyc2.example.net. IN DNAME example.com. -; ENTRY_END -; -; ENTRY_BEGIN -; MATCH opcode qtype qname -; ADJUST copy_id -; REPLY QR AA NOERROR -; SECTION QUESTION -; cyc2.cyc2.example.net. IN A -; SECTION ANSWER -; cyc2.example.net. IN DNAME example.com. -; cyc2.cyc2.example.com. IN CNAME cyc2.example.com. -; ENTRY_END -; RANGE_END -; ; end of ns1.example.net. -; -; -; ; RFC 6672 section 2.2: YXDOMAIN answers for too long results for substitution -; ; RFC 6672 section 2.3: DNAME can be at zone apex: zone apex = long. -; STEP 229001 QUERY -; ENTRY_BEGIN -; REPLY RD DO -; SECTION QUESTION -; x.long. IN A -; ENTRY_END -; -; ; query returning maximal permissible length - should work -; STEP 229002 CHECK_ANSWER -; ENTRY_BEGIN -; MATCH rcode question answer -; SECTION QUESTION -; x.long. IN A -; SECTION ANSWER -; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. -; x.long. 3600 IN CNAME x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. -; x.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. 3600 IN A 192.0.2.1 -; ENTRY_END - ; result of substitution has too long name ; YXDOMAIN should be propagated to the client ; Unbound SEVFAILs: https://www.ietf.org/mail-archive/web/dnsext/current/msg11282.html @@ -1015,27 +343,4 @@ SECTION ANSWER long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. ENTRY_END - ; ; YXDOMAIN should work even if the cache is empty - ; STEP 229005 TIME_PASSES ELAPSE 4000 - ; - ; STEP 229006 QUERY - ; ENTRY_BEGIN - ; REPLY RD DO - ; SECTION QUESTION - ; too.long. IN A - ; ENTRY_END - ; - ; STEP 229007 CHECK_ANSWER - ; ENTRY_BEGIN - ; MATCH rcode question answer - ; REPLY QR YXDOMAIN - ; SECTION QUESTION - ; x.long. IN A - ; SECTION ANSWER - ; long. 3600 IN DNAME 63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.63o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.60o-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx. - ; ENTRY_END - - - - SCENARIO_END diff --git a/testdata/iter_scrub_dname_insec.rpl b/testdata/iter_scrub_dname_insec.rpl index 921abe628..826d89e29 100644 --- a/testdata/iter_scrub_dname_insec.rpl +++ b/testdata/iter_scrub_dname_insec.rpl @@ -166,7 +166,7 @@ ENTRY_END ; answer to first query (simply puts DNAME in cache) STEP 120 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA SECTION QUESTION x.y.example.com. IN A @@ -235,7 +235,7 @@ ENTRY_END STEP 250 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA SECTION QUESTION other.y.example.com. IN A diff --git a/testdata/local_cname.rpl b/testdata/local_cname.rpl index b8c4a5601..d68a2c40e 100644 --- a/testdata/local_cname.rpl +++ b/testdata/local_cname.rpl @@ -52,6 +52,10 @@ server: local-zone: example.net redirect local-data: "example.net. IN CNAME cname.example.org." + # Test setup for synthesized CNAMEs + local-zone: synth.cname redirect + local-data: "synth.cname. IN CNAME *.from.resolution." + ### template zone and tag intended to be used for tests with CNAME and ### other data. ##local-zone: ambiguous.example.com redirect @@ -133,6 +137,18 @@ SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +www.synth.cname.from.resolution. IN A +SECTION ANSWER +www.synth.cname.from.resolution. IN A 192.0.2.3 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END + ENTRY_BEGIN MATCH opcode qtype qname ADJUST copy_id @@ -396,6 +412,26 @@ SECTION AUTHORITY SECTION ADDITIONAL ENTRY_END +; Check CNAME synthesis +STEP 201 QUERY +ENTRY_BEGIN +REPLY RD +SECTION QUESTION +www.synth.cname. IN A +ENTRY_END + +STEP 202 CHECK_ANSWER +ENTRY_BEGIN +MATCH all ttl +REPLY QR RD RA AA NOERROR +SECTION QUESTION +www.synth.cname. IN A +SECTION ANSWER +www.synth.cname. IN CNAME www.synth.cname.from.resolution. +www.synth.cname.from.resolution. IN A 192.0.2.3 +SECTION AUTHORITY +SECTION ADDITIONAL +ENTRY_END ; Relatively minor cases follow diff --git a/testdata/val_cnametodnametocnametopos.rpl b/testdata/val_cnametodnametocnametopos.rpl index 280e557b8..b8a1159ac 100644 --- a/testdata/val_cnametodnametocnametopos.rpl +++ b/testdata/val_cnametodnametocnametopos.rpl @@ -400,7 +400,7 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION www.example.com. IN A @@ -409,7 +409,7 @@ www.example.com. 3600 IN CNAME www.sub.example.net. www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFEv1gOb7KEskzkJNtFKKVBxY+Hb2AhUAqKJDIZJvNl+AdzqAt+JgdvnYAF0= ;{id = 2854} sub.example.net. 3600 IN DNAME sub.example.com. sub.example.net. 3600 IN RRSIG DNAME 5 3 3600 20070926134150 20070829134150 30899 example.net. G/UmcL1VmCF2mjB1O9IeNM2DnvayxEy6vOrvA+Ic/Gqcsgnq/f4VTCV9soQQIAWEir2v5Vt8hqPDP8rCRbMnyA== ;{id = 30899} -www.sub.example.net. 0 IN CNAME www.sub.example.com. +www.sub.example.net. 3600 IN CNAME www.sub.example.com. www.sub.example.com. 3600 IN CNAME www.example.org. www.sub.example.com. 3600 IN RRSIG CNAME 5 4 3600 20070926134150 20070829134150 30899 sub.example.com. ZE6A4pkyeUpNCscu2oeBv/3JbbirdwUaAMgmQ/ighzacUJCC6Lh8vAL5aYDEyTk7oktb8uS7gmYan171aM9/tg== ;{id = 30899} www.example.org. 3600 IN A 11.11.11.11 diff --git a/testdata/val_dnametopos.rpl b/testdata/val_dnametopos.rpl index c0ccc5977..f314f3d9e 100644 --- a/testdata/val_dnametopos.rpl +++ b/testdata/val_dnametopos.rpl @@ -220,14 +220,14 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER example.com. 3600 IN DNAME example.net. example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} -www.example.com. 0 IN CNAME www.example.net. +www.example.com. 3600 IN CNAME www.example.net. www.example.net. 3600 IN A 11.12.13.14 www.example.net. 3600 IN RRSIG A 5 3 3600 20070926134150 20070829134150 30899 example.net. CPxF5hK9Kg5eT7W6LgZwr0ePYEm9HMcSY4vvqCS6gDWB4X9jvXLCfBkCLhsNybPBpGWlsLi5wM6MTdJXuPpsRA== ;{id = 30899} SECTION AUTHORITY diff --git a/testdata/val_dnametoposwc.rpl b/testdata/val_dnametoposwc.rpl index 16481d17f..3132e9ad1 100644 --- a/testdata/val_dnametoposwc.rpl +++ b/testdata/val_dnametoposwc.rpl @@ -222,14 +222,14 @@ ENTRY_END ; recursion happens here. STEP 10 CHECK_ANSWER ENTRY_BEGIN -MATCH all +MATCH all ttl REPLY QR RD RA AD DO NOERROR SECTION QUESTION www.example.com. IN A SECTION ANSWER example.com. 3600 IN DNAME example.net. example.com. 3600 IN RRSIG DNAME 3 2 3600 20070926134150 20070829134150 2854 example.com. MCwCFH1xw24Hswia3g10AVL1yFUHUPdFAhQDrA+qZJwqXRPg2C1oiNPk9fosGg== ;{id = 2854} -www.example.com. 0 IN CNAME www.example.net. +www.example.com. 3600 IN CNAME www.example.net. www.example.net. 3600 IN A 11.12.13.14 www.example.net. 3600 IN RRSIG A 5 2 3600 20070926134150 20070829134150 30899 example.net. quSyDbSeHRvyMmanqq5rW+APC9MKOswbRLB5QP/G+C2iyokQFLuRTlX9Wmo/jo1Oo1MGBefJUmP9NdRd2EqABA== ;{id = 30899} SECTION AUTHORITY