+4780. [bug] When answering ANY queries, don't include the NS
+ RRset in the authority section if it was already
+ in the answer section. [RT #44543]
+
4779. [bug] Expire NTA at the start of the second. Don't update
the expiry value if the record has already expired
after a successful check. [RT #46368]
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
-
#
# Clean up after tests.
#
rm -f dig.out.*
rm -f */named.memstats
-rm -f */named.conf
+rm -f ns1/named.conf
rm -f */named.run
rm -f ns*/named.lock
--- /dev/null
+/*
+ * Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.3;
+ notify-source 10.53.0.3;
+ transfer-source 10.53.0.3;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.3; };
+ listen-on-v6 { none; };
+ recursion yes;
+};
+
+zone "." {
+ type hint;
+ file "root.hint";
+};
--- /dev/null
+; Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+. NS ns1.
+ns1. A 10.53.0.1
echo "I: failed"; status=1
fi
+echo "I:reconfiguring server: minimal-responses no"
+cp ns1/named2.conf ns1/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 reconfig 2>&1 | sed 's/^/I:ns1 /'
+sleep 2
+
+echo "I:testing NS handling in ANY responses (authoritative)"
+n=`expr $n + 1`
+ret=0
+$DIG -t ANY rt.example @10.53.0.1 -p 5300 > dig.out.$n || ret=1
+grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
+grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
+echo "I:testing NS handling in ANY responses (recursive)"
+n=`expr $n + 1`
+ret=0
+$DIG -t ANY rt.example @10.53.0.3 -p 5300 > dig.out.$n || ret=1
+grep "AUTHORITY: 0" dig.out.$n > /dev/null || ret=1
+grep "NS[ ]*ns" dig.out.$n > /dev/null || ret=1
+if [ $ret -eq 1 ] ; then
+ echo "I: failed"; status=1
+fi
+
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
isc_boolean_t nxrewrite; /* negative answer from RPZ */
isc_boolean_t findcoveringnsec; /* lookup covering NSEC */
isc_boolean_t want_stale; /* want stale records? */
+ isc_boolean_t answer_has_ns; /* NS is in answer */
dns_fixedname_t wildcardname; /* name needing wcard proof */
dns_fixedname_t dsname; /* name needing DS */
qctx->is_staticstub_zone = ISC_FALSE;
qctx->nxrewrite = ISC_FALSE;
qctx->want_stale = ISC_FALSE;
+ qctx->answer_has_ns = ISC_FALSE;
qctx->authoritative = ISC_FALSE;
}
have_a = ISC_TRUE;
}
#endif
+ /*
+ * We found an NS RRset; no need to add one later.
+ */
+ if (qctx->qtype == dns_rdatatype_any &&
+ qctx->rdataset->type == dns_rdatatype_ns)
+ {
+ qctx->answer_has_ns = ISC_TRUE;
+ }
+
+ /*
+ * Note: if we're in this function, then qctx->type
+ * is guaranteed to be ANY, but qctx->qtype (i.e. the
+ * original type requested) might have been RRSIG or
+ * SIG; we need to check for that.
+ */
if (qctx->is_zone && qctx->qtype == dns_rdatatype_any &&
!dns_db_issecure(qctx->db) &&
dns_rdatatype_isdnssec(qctx->rdataset->type))
*/
dns_rdataset_disassociate(qctx->rdataset);
}
+
result = dns_rdatasetiter_next(rdsiter);
}
}
/*
- * BIND 8 priming queries need the additional section.
+ * Special case NS handling
*/
- if (qctx->is_zone && qctx->qtype == dns_rdatatype_ns &&
- dns_name_equal(qctx->client->query.qname, dns_rootname))
- {
- qctx->client->query.attributes &= ~NS_QUERYATTR_NOADDITIONAL;
+ if (qctx->is_zone && qctx->qtype == dns_rdatatype_ns) {
+ /*
+ * We've already got an NS, no need to add one in
+ * the authority section
+ */
+ if (dns_name_equal(qctx->client->query.qname,
+ dns_db_origin(qctx->db)))
+ {
+ qctx->answer_has_ns = ISC_TRUE;
+ }
+
+ /*
+ * BIND 8 priming queries need the additional section.
+ */
+ if (dns_name_equal(qctx->client->query.qname, dns_rootname)) {
+ qctx->client->query.attributes &=
+ ~NS_QUERYATTR_NOADDITIONAL;
+ }
}
/*
*/
if (!qctx->want_restart && !NOAUTHORITY(qctx->client)) {
if (qctx->is_zone) {
- if (!((qctx->qtype == dns_rdatatype_ns ||
- qctx->qtype == dns_rdatatype_any) &&
- dns_name_equal(qctx->client->query.qname,
- dns_db_origin(qctx->db))))
- {
+ if (!qctx->answer_has_ns) {
(void)query_addns(qctx);
}
- } else if (qctx->qtype != dns_rdatatype_ns) {
+ } else if (!qctx->answer_has_ns &&
+ qctx->qtype != dns_rdatatype_ns)
+ {
if (qctx->fname != NULL) {
query_releasename(qctx->client, &qctx->fname);
}
projects / thirdparty / bind9.git / commitdiff
