From: Peter van Dijk Date: Thu, 25 Apr 2013 08:30:49 +0000 (+0000) Subject: always lowercase next name in NSEC to avoid interop troubles with validators, thanks... X-Git-Tag: auth-3.3-rc1~166 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4b153d8c39b6eb523e61978c303fc4baa4935d9c;p=thirdparty%2Fpdns.git always lowercase next name in NSEC to avoid interop troubles with validators, thanks Marco Davids&Matthijs Mekking git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@3175 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/dnsbackend.cc b/pdns/dnsbackend.cc index 6d737a6483..910bc8d6b1 100644 --- a/pdns/dnsbackend.cc +++ b/pdns/dnsbackend.cc @@ -258,14 +258,15 @@ bool DNSBackend::getSOA(const string &domain, SOAData &sd, DNSPacket *p) bool DNSBackend::getBeforeAndAfterNames(uint32_t id, const std::string& zonename, const std::string& qname, std::string& before, std::string& after) { string lcqname=toLower(qname); - lcqname=makeRelative(qname, zonename); + string lczonename=toLower(zonename); + lcqname=makeRelative(lcqname, lczonename); lcqname=labelReverse(lcqname); string dnc; bool ret = this->getBeforeAndAfterNamesAbsolute(id, lcqname, dnc, before, after); - before=dotConcat(labelReverse(before), zonename); - after=dotConcat(labelReverse(after), zonename); + before=dotConcat(labelReverse(before), lczonename); + after=dotConcat(labelReverse(after), lczonename); return ret; } diff --git a/regression-tests/uppercase-nsec/command b/regression-tests/uppercase-nsec/command new file mode 100755 index 0000000000..71e149192c --- /dev/null +++ b/regression-tests/uppercase-nsec/command @@ -0,0 +1,2 @@ +#!/bin/sh +cleandig z.Test.com A dnssec diff --git a/regression-tests/uppercase-nsec/description b/regression-tests/uppercase-nsec/description new file mode 100644 index 0000000000..3c0fcd94fd --- /dev/null +++ b/regression-tests/uppercase-nsec/description @@ -0,0 +1,2 @@ +Make sure we lowercase the next name in an NSEC because validators +do not (RFC6840 5.1). diff --git a/regression-tests/uppercase-nsec/expected_result b/regression-tests/uppercase-nsec/expected_result new file mode 100644 index 0000000000..085c4d6a3a --- /dev/null +++ b/regression-tests/uppercase-nsec/expected_result @@ -0,0 +1,9 @@ +1 Test.com. IN NSEC 86400 _underscore.test.com. NS SOA MX RRSIG NSEC DNSKEY +1 Test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... +1 Test.com. IN RRSIG 86400 NSEC 8 2 86400 [expiry] [inception] [keytag] test.com. ... +1 Test.com. IN SOA 3600 ns1.Test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 +1 www.Test.com. IN NSEC 86400 test.com. CNAME RRSIG NSEC +1 www.Test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ... +2 . IN OPT 32768 +Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='z.Test.com.', qtype=A diff --git a/regression-tests/uppercase-nsec/expected_result.nsec3 b/regression-tests/uppercase-nsec/expected_result.nsec3 new file mode 100644 index 0000000000..eeead1cbde --- /dev/null +++ b/regression-tests/uppercase-nsec/expected_result.nsec3 @@ -0,0 +1,9 @@ +1 2eu2gulbu53h9uvhfalshpbo2a83t6l2.Test.com. IN NSEC3 86400 1 1 1 abcd 2GKS2N3JPQF62QOHAVFQ1PHOLM3HR7RA NS SOA MX RRSIG +1 2eu2gulbu53h9uvhfalshpbo2a83t6l2.Test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ... +1 Test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ... +1 Test.com. IN SOA 3600 ns1.Test.com. ahu.example.com. 2005092501 28800 7200 604800 86400 +1 igf4m7otecach14p0a6ingi7dbuas5b2.Test.com. IN NSEC3 86400 1 1 1 abcd O1L0FB73HI3QP4A3FNQJSLEANLC883I3 A RP RRSIG +1 igf4m7otecach14p0a6ingi7dbuas5b2.Test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ... +2 . IN OPT 32768 +Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='z.Test.com.', qtype=A diff --git a/regression-tests/uppercase-nsec/skip.nodnssec b/regression-tests/uppercase-nsec/skip.nodnssec new file mode 100644 index 0000000000..e69de29bb2