[master] handle servfail at DLZ zone apex

3522.	[bug]		DLZ lookups could fail to return SERVFAIL when
			they ought to. [RT #32685]

diff --git a/CHANGES b/CHANGES
index 82a83fe1f3abb9f21a8f2aaae265e41022587a71..d66584e5f5dd4e96657ed1be8fb48898350849c5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3522.  [bug]           DLZ lookups could fail to return SERVFAIL when
+                       they ought to. [RT #32685]
+
 3521.  [bug]           Address memory leak in opensslecdsa_link.c. [RT #32249]
 
 3520.  [bug]           'mctx' was not being referenced counted in some places

diff --git a/bin/tests/system/dlzexternal/driver.c b/bin/tests/system/dlzexternal/driver.c
index 765f32fad111d4223e6a4b45082a2237c5693fa8..fa0021cdaa622edf5f66dfd0024d053d3ff49584 100644 (file)
--- a/bin/tests/system/dlzexternal/driver.c
+++ b/bin/tests/system/dlzexternal/driver.c
@@ -233,7 +233,7 @@ dlz_create(const char *dlzname, unsigned int argc, char *argv[],
        struct dlz_example_data *state;
        const char *helper_name;
        va_list ap;
-       char soa_data[200];
+       char soa_data[1024];
        const char *extra;
        isc_result_t result;
        int n;
@@ -359,6 +359,18 @@ dlz_findzonedb(void *dbdata, const char *name,
            strncmp(addrbuf, "10.53.0.1", 9) == 0)
                return (ISC_R_NOMORE);
 
+       /*
+        * For bigcname.domain, return success so it appears to be
+        * the zone origin; this regression tests a bug in which
+        * zone origin nodes could fail to return SERVFAIL to the client.
+        */
+       if (strcasecmp(name, "bigcname.domain") == 0)
+               return (ISC_R_SUCCESS);
+
+       /*
+        * Return success if we have an exact match between the
+        * zone name and the qname
+        */
        if (strcasecmp(state->zone_name, name) == 0)
                return (ISC_R_SUCCESS);
 
@@ -418,7 +430,9 @@ dlz_lookup(const char *zone, const char *name, void *dbdata,
                        return (result);
        }
 
-       if (strcmp(name, "too-long") == 0) {
+       if (strcmp(name, "too-long") == 0 ||
+           strcmp(zone, "bigcname.domain") == 0)
+       {
                for (i = 0; i < 511; i++)
                        buf[i] = 'x';
                buf[i] = '\0';

diff --git a/bin/tests/system/dlzexternal/tests.sh b/bin/tests/system/dlzexternal/tests.sh
index c8beb537ffc084df727ef986baf3b8738d0cca96..5cc9348671601d061fdbec708d877c2d1f2e264d 100644 (file)
--- a/bin/tests/system/dlzexternal/tests.sh
+++ b/bin/tests/system/dlzexternal/tests.sh
@@ -143,4 +143,11 @@ grep "status: SERVFAIL" dig.out.ns1.6 > /dev/null || ret=1
 [ "$ret" -eq 0 ] || echo "I:failed"
 status=`expr $status + $ret`
 
+ret=0
+echo "I:testing zone returning oversized data at zone origin"
+$DIG $DIGOPTS txt bigcname.domain > dig.out.ns1.7 2>&1 || ret=1
+grep "status: SERVFAIL" dig.out.ns1.7 > /dev/null || ret=1
+[ "$ret" -eq 0 ] || echo "I:failed"
+status=`expr $status + $ret`
+
 exit $status

diff --git a/lib/dns/sdlz.c b/lib/dns/sdlz.c
index 555605c3199d63d975ab44cf67a7132fd43bb290..9197f923ef4ab779a8e898d792004f4bba671b8b 100644 (file)
--- a/lib/dns/sdlz.c
+++ b/lib/dns/sdlz.c
@@ -613,7 +613,10 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
 
        MAYBE_UNLOCK(sdlz->dlzimp);
 
-       if (result != ISC_R_SUCCESS && !isorigin && !create) {
+       if (result == ISC_R_NOTFOUND && (isorigin || create))
+               result = ISC_R_SUCCESS;
+
+       if (result != ISC_R_SUCCESS) {
                destroynode(node);
                return (result);
        }
@@ -625,7 +628,8 @@ findnodeext(dns_db_t *db, dns_name_t *name, isc_boolean_t create,
                                      sdlz->dbdata, node);
                MAYBE_UNLOCK(sdlz->dlzimp);
                if (result != ISC_R_SUCCESS &&
-                   result != ISC_R_NOTIMPLEMENTED) {
+                   result != ISC_R_NOTIMPLEMENTED)
+               {
                        destroynode(node);
                        return (result);
                }