From: Ruben d'Arco Date: Tue, 21 May 2013 20:08:33 +0000 (+0200) Subject: Correctly add DS record and correctly set ordername to NULL in narrow mode X-Git-Tag: rec-3.6.0-rc1~556^2~3^2~8 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e70f2627cb4323a223a403e9edffa38cb33138ec;p=thirdparty%2Fpdns.git Correctly add DS record and correctly set ordername to NULL in narrow mode --- diff --git a/pdns/rfc2136handler.cc b/pdns/rfc2136handler.cc index e62c802900..72a8e5165c 100644 --- a/pdns/rfc2136handler.cc +++ b/pdns/rfc2136handler.cc @@ -226,8 +226,11 @@ uint16_t PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord * string hashed; if(! *narrow) hashed=toLower(toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, rrLabel))); - - di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rrLabel, hashed, auth); + + if (*narrow) + di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rrLabel, auth); + else + di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rrLabel, hashed, auth); if(!auth || rrType == QType::DS) { di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "NS"); di->backend->nullifyDNSSECOrderNameAndAuth(di->id, rrLabel, "A"); @@ -260,21 +263,22 @@ uint16_t PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord * bool auth=newRec.auth; if ( ! pdns_iequals(di->zone, shorter)) { - while(chopOff(shorter)) { - if (pdns_iequals(shorter, di->zone)) + do { + if (pdns_iequals(di->zone, shorter)) break; bool foundShorter = false; di->backend->lookup(QType(QType::ANY), shorter); while (di->backend->get(rec)) { - foundShorter = true; + if ( ! pdns_iequals(shorter, rrLabel) ) + foundShorter = true; if (rec.qtype == QType::NS) // are we inserting below a delegate? auth=false; } - if (!foundShorter) + if (!foundShorter && auth && !pdns_iequals(shorter, rrLabel)) // haven't found any record at current level, insert ENT. insnonterm.insert(shorter); - else + if (foundShorter) break; // if we find a shorter record, we can stop searching - } + } while(chopOff(shorter)); } if(*haveNSEC3) @@ -283,7 +287,11 @@ uint16_t PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord * if(! *narrow) hashed=toLower(toBase32Hex(hashQNameWithSalt(ns3pr->d_iterations, ns3pr->d_salt, rrLabel))); - di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rrLabel, hashed, auth); + if (*narrow) + di->backend->nullifyDNSSECOrderNameAndUpdateAuth(di->id, rrLabel, auth); + else + di->backend->updateDNSSECOrderAndAuthAbsolute(di->id, rrLabel, hashed, auth); + if (rrType == QType::DS) di->backend->setDNSSECAuthOnDsRecord(di->id, rrLabel); if(!auth) diff --git a/regression-tests/1dyndns-update-add-delete-ds/expected_result.narrow b/regression-tests/1dyndns-update-add-delete-ds/expected_result.narrow index 22a64c0f4e..dcdceb5d50 100644 --- a/regression-tests/1dyndns-update-add-delete-ds/expected_result.narrow +++ b/regression-tests/1dyndns-update-add-delete-ds/expected_result.narrow @@ -4,9 +4,11 @@ Answer: ;; ZONE SECTION: ;test.dyndns. IN SOA -Check if add-delete.test.dyndns. 3600 A 127.0.0.108 exists +Check delegate and DS added correctly --- Start: diff start step.1 --- -> add-delete.test.dyndns A 0 127.0.0.108 3600 '' 1 +> del.test.dyndns DS 0 39274 8 2 8e8a8cfb40fd0c30bfa82e53752e1c257dafb7b6206d12b9eda43af3eab2157d 3600 NULL 1 +> del.test.dyndns NS 0 ns1.del.test.dyndns 3600 NULL 0 +> ns1.del.test.dyndns A 0 127.0.0.1 3600 NULL 0 --- End: diff start step.1 --- Answer: @@ -16,7 +18,7 @@ Answer: ;test.dyndns. IN SOA Check if record is gone ---- Start: diff step.1 step.2 --- -< add-delete.test.dyndns A 0 127.0.0.108 3600 '' 1 ---- End: diff step.1 step.2 --- +--- Start: diff start step.2 --- +no difference +--- End: diff start step.2 --- diff --git a/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3 b/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3 index 6c68ba9de8..488aad2c1e 100644 --- a/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3 +++ b/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3 @@ -4,9 +4,11 @@ Answer: ;; ZONE SECTION: ;test.dyndns. IN SOA -Check if add-delete.test.dyndns. 3600 A 127.0.0.108 exists +Check delegate and DS added correctly --- Start: diff start step.1 --- -> add-delete.test.dyndns A 0 127.0.0.108 3600 'gkhs0ms64101fs1dj19h7no8vn2tp4fk' 1 +> del.test.dyndns DS 0 39274 8 2 8e8a8cfb40fd0c30bfa82e53752e1c257dafb7b6206d12b9eda43af3eab2157d 3600 'ott41kituq4b2adjpf8gs59se6liu8vh' 1 +> del.test.dyndns NS 0 ns1.del.test.dyndns 3600 'ott41kituq4b2adjpf8gs59se6liu8vh' 0 +> ns1.del.test.dyndns A 0 127.0.0.1 3600 NULL 0 --- End: diff start step.1 --- Answer: @@ -16,7 +18,7 @@ Answer: ;test.dyndns. IN SOA Check if record is gone ---- Start: diff step.1 step.2 --- -< add-delete.test.dyndns A 0 127.0.0.108 3600 'gkhs0ms64101fs1dj19h7no8vn2tp4fk' 1 ---- End: diff step.1 step.2 --- +--- Start: diff start step.2 --- +no difference +--- End: diff start step.2 --- diff --git a/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3-optout b/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3-optout new file mode 100644 index 0000000000..39087525cd --- /dev/null +++ b/regression-tests/1dyndns-update-add-delete-ds/expected_result.nsec3-optout @@ -0,0 +1,24 @@ +Answer: +;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: [id] +;; flags: qr aa; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 +;; ZONE SECTION: +;test.dyndns. IN SOA + +Check delegate and DS added correctly +--- Start: diff start step.1 --- +> del.test.dyndns DS 0 39274 8 2 8e8a8cfb40fd0c30bfa82e53752e1c257dafb7b6206d12b9eda43af3eab2157d 3600 'ott41kituq4b2adjpf8gs59se6liu8vh' 1 +> del.test.dyndns NS 0 ns1.del.test.dyndns 3600 NULL 0 +> ns1.del.test.dyndns A 0 127.0.0.1 3600 NULL 0 +--- End: diff start step.1 --- + +Answer: +;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: [id] +;; flags: qr aa; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 +;; ZONE SECTION: +;test.dyndns. IN SOA + +Check if record is gone +--- Start: diff start step.2 --- +no difference +--- End: diff start step.2 --- + diff --git a/regression-tests/1dyndns-update-add-delete/expected_result.narrow b/regression-tests/1dyndns-update-add-delete/expected_result.narrow index 22a64c0f4e..1ed6baf1c7 100644 --- a/regression-tests/1dyndns-update-add-delete/expected_result.narrow +++ b/regression-tests/1dyndns-update-add-delete/expected_result.narrow @@ -6,7 +6,7 @@ Answer: Check if add-delete.test.dyndns. 3600 A 127.0.0.108 exists --- Start: diff start step.1 --- -> add-delete.test.dyndns A 0 127.0.0.108 3600 '' 1 +> add-delete.test.dyndns A 0 127.0.0.108 3600 NULL 1 --- End: diff start step.1 --- Answer: @@ -17,6 +17,6 @@ Answer: Check if record is gone --- Start: diff step.1 step.2 --- -< add-delete.test.dyndns A 0 127.0.0.108 3600 '' 1 +< add-delete.test.dyndns A 0 127.0.0.108 3600 NULL 1 --- End: diff step.1 step.2 --- diff --git a/regression-tests/1dyndns-update-deep-add-delete/expected_result.narrow b/regression-tests/1dyndns-update-deep-add-delete/expected_result.narrow index c8064043f5..32828c43dd 100644 --- a/regression-tests/1dyndns-update-deep-add-delete/expected_result.narrow +++ b/regression-tests/1dyndns-update-deep-add-delete/expected_result.narrow @@ -60,8 +60,8 @@ Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='x.d.e.f.test.dyndns.', qtype=A Check if records are added --- Start: diff start step.1 --- -> a.b.c.d.e.f.test.dyndns A 0 127.0.0.1 3600 '' 1 -> a.b.d.e.f.test.dyndns A 0 127.0.0.1 3600 '' 1 +> a.b.c.d.e.f.test.dyndns A 0 127.0.0.1 3600 NULL 1 +> a.b.d.e.f.test.dyndns A 0 127.0.0.1 3600 NULL 1 > b.c.d.e.f.test.dyndns NULL NULL NULL NULL '' 1 > b.d.e.f.test.dyndns NULL NULL NULL NULL '' 1 > c.d.e.f.test.dyndns NULL NULL NULL NULL '' 1 @@ -105,7 +105,7 @@ Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='x.d.e.f.test.dyndns.', qtype=A Check if a.b.c.d.e.f is removed correctly --- Start: diff start step.2 --- -> a.b.d.e.f.test.dyndns A 0 127.0.0.1 3600 '' 1 +> a.b.d.e.f.test.dyndns A 0 127.0.0.1 3600 NULL 1 > b.d.e.f.test.dyndns NULL NULL NULL NULL '' 1 > d.e.f.test.dyndns NULL NULL NULL NULL '' 1 > e.f.test.dyndns NULL NULL NULL NULL '' 1