3921. [bug] AD was inappopriately set on RPZ responses. [RT #36833]

author Mark Andrews <marka@isc.org>

Fri, 22 Aug 2014 05:45:40 +0000 (15:45 +1000)

committer Mark Andrews <marka@isc.org>

Fri, 22 Aug 2014 05:46:35 +0000 (15:46 +1000)
author Mark Andrews <marka@isc.org>
Fri, 22 Aug 2014 05:45:40 +0000 (15:45 +1000)
committer Mark Andrews <marka@isc.org>
Fri, 22 Aug 2014 05:46:35 +0000 (15:46 +1000)
diff --git a/CHANGES b/CHANGES

index 17c7ceb42ab5fc0ea50cccd621ad7d47d837eb5b..e3fbc9c603bb5404c757c82c65f692400a6b3b00 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3921.  [bug]           AD was inappopriately set on RPZ responses. [RT #36833]
+
  3919.  [bug]           dig: continue to next line if a address lookup fails
                         in batch mode. [RT #36755]
                         
diff --git a/bin/named/query.c b/bin/named/query.c

index 066fbd5542fa214109b410928ec21f8d66317e81..6fe77dfab640c19d2bbcc37369cd5938b638be7a 100644 (file)
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -5434,7 +5434,7 @@ rpz_add_cname(ns_client_t *client, dns_rpz_st_t *st,
          * response policy zone cannot verify.
          */
         client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-                               DNS_MESSAGEFLAG_AD);
+                               NS_CLIENTATTR_WANTAD);
         return (ISC_R_SUCCESS);
  }
  
@@ -6663,7 +6663,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
                          * response policy zone cannot verify.
                          */
                         client->attributes &= ~(NS_CLIENTATTR_WANTDNSSEC |
-                                               DNS_MESSAGEFLAG_AD);
+                                               NS_CLIENTATTR_WANTAD);
+                       client->message->flags &= ~DNS_MESSAGEFLAG_AD;
                         query_putrdataset(client, &sigrdataset);
                         rpz_st->q.is_zone = is_zone;
                         is_zone = ISC_TRUE;
diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh

index aea61c90b8503359b8ac31f6dcc9b62fffd67043..4d4978a229e0c6df3aa8f2278f2790d8c31f0377 100644 (file)
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -209,6 +209,11 @@ clean_result () {
  # $1=dig args $2=other dig output file
  ckresult () {
      #ckalive "$1" "I:server crashed by 'dig $1'" || return 1
+    if grep "flags:.* aa .*ad;" $DIGNM; then
+       setret "I:'dig $1' AA and AD set;"
+    elif grep "flags:.* aa .*ad;" $DIGNM; then
+       setret "I:'dig $1' AD set;"
+    fi
      if $PERL $SYSTEMTESTTOP/digcomp.pl $DIGNM $2 >/dev/null; then
         NEED_TCP=`echo "$1" | sed -n -e 's/[Tt][Cc][Pp].*/TCP/p'`
         RESULT_TCP=`sed -n -e 's/.*Truncated, retrying in TCP.*/TCP/p' $DIGNM`
author	Mark Andrews <marka@isc.org>
	Fri, 22 Aug 2014 05:45:40 +0000 (15:45 +1000)
committer	Mark Andrews <marka@isc.org>
	Fri, 22 Aug 2014 05:46:35 +0000 (15:46 +1000)
CHANGES		patch \| blob \| blame \| history
bin/named/query.c		patch \| blob \| blame \| history
bin/tests/system/rpz/tests.sh		patch \| blob \| blame \| history