+3690. [bug] Iterative responses could be missed when the source
+ port for an upstream query was the same as the
+ listener port (53). [RT #34925]
+
3689. [bug] Fixed a bug causing an insecure delegation from one
static-stub zone to another to fail with a broken
trust chain. [RT #35081]
rm -f ns6/example.net.db.signed ns6/example.net.db
rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
rm -f ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
-rm -f ns7/server.db ns7/server.db.jnl
+rm -f ns7/server.db ns7/server.db.jnl ns7/named.conf
rm -f random.data
rm -f resolve.out
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.5 2011/07/28 03:18:17 each Exp $ */
-
// NS4
controls { /* empty */ };
disable-empty-zone 20.172.in-addr.arpa;
};
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; };
+};
+
zone "." {
type hint;
file "root.hint";
--- /dev/null
+/*
+ * Copyright (C) 2010, 2011, 2013 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+// NS4
+
+controls { /* empty */ };
+
+options {
+ query-source address 10.53.0.7 port 5300 dscp 13;
+ notify-source 10.53.0.7 dscp 14;
+ transfer-source 10.53.0.7 dscp 15;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.7; };
+ listen-on-v6 { none; };
+ recursion yes;
+ empty-zones-enable yes;
+ disable-empty-zone 20.172.in-addr.arpa;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.7 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+ type hint;
+ file "root.hint";
+};
+
+zone "server" {
+ type master;
+ file "server.db";
+ allow-update { any; };
+};
cp ns4/tld1.db ns4/tld.db
cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
cp ns7/server.db.in ns7/server.db
+cp ns7/named1.conf ns7/named.conf
(cd ns6 && sh keygen.sh)
[ $ret = 0 ] && ret=$foo;
if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
-echo "I:check for improved error message with SOA mismatch"
+n=`expr $n + 1`
+echo "I:check for improved error message with SOA mismatch ($n)"
ret=0
$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
-echo "I:exit status: $status"
+#HERE <<<
+cp ns7/named2.conf ns7/named.conf
+$RNDC -c ../common/rndc.conf -s 10.53.0.7 -p 9953 reconfig 2>&1 | sed 's/^/I:ns7 /'
+n=`expr $n + 1`
+echo "I:check resolution on the listening port ($n)"
+ret=0
+$DIG +tcp +tries=2 +time=5 mx example.net @10.53.0.7 -p 5300 > dig.ns7.out.${n} || ret=2
+grep "status: NOERROR" dig.ns7.out.${n} > /dev/null || ret=1
+grep "ANSWER: 1" dig.ns7.out.${n} > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi
+status=`expr $status + $ret`
+#HERE >>>
+
+echo "I:exit status: $status"
exit $status
}
/*
- * If both dispatches are bound to an address then fail as
- * the addresses can't be equal (enforced by the IP stack).
+ * If each dispatch is bound to a different address
+ * then fail.
*
* Note under Linux a packet can be sent out via IPv4 socket
* and the response be received via a IPv6 socket.
}
isc_sockaddr_anyofpf(&a1, isc_sockaddr_pf(&resp->disp->local));
isc_sockaddr_anyofpf(&a2, isc_sockaddr_pf(&disp->local));
- if (!isc_sockaddr_eqaddr(&a1, &resp->disp->local) &&
+ if (!isc_sockaddr_eqaddr(&disp->local, &resp->disp->local) &&
+ !isc_sockaddr_eqaddr(&a1, &resp->disp->local) &&
!isc_sockaddr_eqaddr(&a2, &disp->local)) {
free_buffer(disp, ev->region.base, ev->region.length);
goto unlock;
projects / thirdparty / bind9.git / commitdiff
