From: Willem Toorop <willem@NLnetLabs.nl>
Date: Tue, 15 Mar 2011 13:59:56 +0000 (+0000)
Subject: Fix to allow glue records with the same name as the delegation + allowing NSEC3 less... 
X-Git-Tag: release-1.6.10rc1~36
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bb427f186d2144b82ccccd948dc42306bdc096de;p=thirdparty%2Fldns.git

Fix to allow glue records with the same name as the delegation + allowing NSEC3 less records when they are NS or glue when the zone is opt-out.
Thanks to Vincent Levigneron (Bug #367)
---

diff --git a/Changelog b/Changelog
index 0a8d265c..6d810142 100644
--- a/Changelog
+++ b/Changelog
@@ -1,4 +1,8 @@
-1.6.9
+1.6.10	
+	* Serial-arithmetic for the inception and expiration fields of a RRSIG
+	  and correctly converting them to broken-out time information.
+
+1.6.9	2011-03-16
 	* Fix creating NSEC(3) bitmaps: make array size 65536,
 	  don't add doubles.
 	* Fix printout of escaped binary in TXT records.
diff --git a/examples/ldns-verify-zone.c b/examples/ldns-verify-zone.c
index 329f7421..742520db 100644
--- a/examples/ldns-verify-zone.c
+++ b/examples/ldns-verify-zone.c
@@ -21,21 +21,6 @@
 
 int verbosity = 3;
 
-/* returns 1 if the list is empty, or if there are only ns rrs in the
- * list, 0 otherwise */
-static int
-only_ns_in_rrsets(ldns_dnssec_rrsets *rrsets) {
-	ldns_dnssec_rrsets *cur_rrset = rrsets;
-
-	while (cur_rrset) {
-		if (cur_rrset->type != LDNS_RR_TYPE_NS) {
-			return 0;
-		}
-		cur_rrset = cur_rrset->next;
-	}
-	return 1;
-}
-
 static int
 zone_is_nsec3_optout(ldns_rbtree_t *zone_nodes)
 {
@@ -74,6 +59,26 @@ ldns_rr_list_contains_name(const ldns_rr_list *rr_list,
 	return false;
 }
 
+/* returns 1 if the list is empty, or if there are only ns or glue rrs in the
+ * list, 0 otherwise */
+static int
+only_ns_and_glues_in_rrsets(ldns_dnssec_name *name,
+                            ldns_rr_list *glue_rrs
+)
+{
+	ldns_dnssec_rrsets *cur_rrset = name->rrsets;
+
+	while (cur_rrset) {
+		if (cur_rrset->type != LDNS_RR_TYPE_NS &&
+                    !ldns_rr_list_contains_name(glue_rrs, name->name)
+		) {
+			return 0;
+		}
+		cur_rrset = cur_rrset->next;
+	}
+	return 1;
+}
+
 static void
 print_type(ldns_rr_type type)
 {
@@ -442,7 +447,7 @@ verify_nsec(ldns_rbtree_t *zone_nodes,
 	} else {
 		/* todo; do this once and cache result? */
 		if (zone_is_nsec3_optout(zone_nodes) &&
-		    only_ns_in_rrsets(name->rrsets)) {
+		    only_ns_and_glues_in_rrsets(name, glue_rrs)) {
 			/* ok, no problem, but we need to remember to check
 			 * whether the chain does not actually point to this
 			 * name later */
diff --git a/zone.c b/zone.c
index 917af8be..0616a141 100644
--- a/zone.c
+++ b/zone.c
@@ -228,7 +228,8 @@ ldns_zone_glue_rr_list(const ldns_zone *z)
 			a = ldns_rr_list_rr(addr, j);
 			dname_a = ldns_rr_owner(a);
 
-			if (ldns_dname_is_subdomain(dname_a, ns_owner)) {
+			if (ldns_dname_is_subdomain(dname_a, ns_owner) ||
+				ldns_dname_compare(dname_a, ns_owner) == 0) {
 				/* GLUE! */
 				if (!ldns_rr_list_push_rr(glue, a)) goto memory_error;
 			}