From d2323cd033d60b610afd40f051befd6e2b90dd91 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Tue, 30 Sep 2014 15:33:44 +0000 Subject: [PATCH] set AA on CNAME into referral, fixes #589 --- pdns/packethandler.cc | 17 +++++++++-------- pdns/packethandler.hh | 4 ++-- .../tests/cname-to-referral/expected_result | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 8089a97e1a..e5f6309a20 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -315,7 +315,7 @@ bool PacketHandler::getBestWildcard(DNSPacket *p, SOAData& sd, const string &tar } /** dangling is declared true if we were unable to resolve everything */ -int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, const SOAData& soadata) +int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, const SOAData& soadata, bool retargeted) { DNSResourceRecord rr; SOAData sd; @@ -335,7 +335,7 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c // we now have a copy, push_back on packet might reallocate! for(vector::const_iterator i=crrs.begin(); i!=crrs.end(); ++i) { - if(r->d.aa && !i->qname.empty() && i->qtype.getCode()==QType::NS && !B.getSOA(i->qname,sd,p)) { // drop AA in case of non-SOA-level NS answer, except for root referral + if(r->d.aa && !i->qname.empty() && i->qtype.getCode()==QType::NS && !B.getSOA(i->qname,sd,p) && !retargeted) { // drop AA in case of non-SOA-level NS answer, except for root referral r->setA(false); // i->d_place=DNSResourceRecord::AUTHORITY; // XXX FIXME } @@ -877,7 +877,7 @@ bool PacketHandler::addDSforNS(DNSPacket* p, DNSPacket* r, SOAData& sd, const st return gotOne; } -bool PacketHandler::tryReferral(DNSPacket *p, DNSPacket*r, SOAData& sd, const string &target) +bool PacketHandler::tryReferral(DNSPacket *p, DNSPacket*r, SOAData& sd, const string &target, bool retargeted) { vector rrset = getBestReferralNS(p, sd, target); if(rrset.empty()) @@ -889,7 +889,8 @@ bool PacketHandler::tryReferral(DNSPacket *p, DNSPacket*r, SOAData& sd, const st rr.d_place=DNSResourceRecord::AUTHORITY; r->addRecord(rr); } - r->setA(false); + if(!retargeted) + r->setA(false); if(d_dk.isSecuredZone(sd.qname) && !addDSforNS(p, r, sd, rrset.begin()->qname)) addNSECX(p, r, rrset.begin()->qname, "", sd.qname, 1); @@ -1158,7 +1159,7 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse) } DLOG(L<<"Checking for referrals first, unless this is a DS query"<qtype.getCode() != QType::DS && tryReferral(p, r, sd, target)) + if(p->qtype.getCode() != QType::DS && tryReferral(p, r, sd, target, retargetcount)) goto sendit; DLOG(L<<"Got no referrals, trying ANY"<qtype.getCode() == QType::DS) { DLOG(L<<"DS query found no direct result, trying referral now"< getBestReferralNS(DNSPacket *p, SOAData& sd, const string &target); vector getBestDNAMESynth(DNSPacket *p, SOAData& sd, string &target); bool tryDNAME(DNSPacket *p, DNSPacket*r, SOAData& sd, string &target); - bool tryReferral(DNSPacket *p, DNSPacket*r, SOAData& sd, const string &target); + bool tryReferral(DNSPacket *p, DNSPacket*r, SOAData& sd, const string &target, bool retargeted); bool getBestWildcard(DNSPacket *p, SOAData& sd, const string &target, string &wildcard, vector* ret); bool tryWildcard(DNSPacket *p, DNSPacket*r, SOAData& sd, string &target, string &wildcard, bool& retargeted, bool& nodata); diff --git a/regression-tests/tests/cname-to-referral/expected_result b/regression-tests/tests/cname-to-referral/expected_result index 2cd9f8fc51..173a04b584 100644 --- a/regression-tests/tests/cname-to-referral/expected_result +++ b/regression-tests/tests/cname-to-referral/expected_result @@ -1,5 +1,5 @@ 0 server1.example.com. IN CNAME 120 server1.france.example.com. 1 france.example.com. IN NS 120 ns1.otherprovider.net. 1 france.example.com. IN NS 120 ns2.otherprovider.net. -Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 0, opcode: 0 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='server1.example.com.', qtype=A -- 2.47.2