notify-source-v6 *;\n\
nsec3-test-zone no;\n\
provide-ixfr true;\n\
+ qname-minimization relaxed;\n\
query-source address *;\n\
query-source-v6 address *;\n\
- qname-minimization relaxed;\n\
recursion true;\n\
request-expire true;\n\
request-ixfr true;\n\
isc_dscp_t dscp4 = -1, dscp6 = -1;
dns_dyndbctx_t *dctx = NULL;
unsigned int resolver_param;
+ const char * qminmode = NULL;
REQUIRE(DNS_VIEW_VALID(view));
obj = NULL;
result = named_config_get(maps, "qname-minimization", &obj);
INSIST(result == ISC_R_SUCCESS);
- const char * qminmode = cfg_obj_asstring(obj);
+ qminmode = cfg_obj_asstring(obj);
INSIST(qminmode != NULL);
if (!strcmp(qminmode, "strict")) {
view->qminimization = ISC_TRUE;
fetchlimit filter-aaaa formerr forward geoip glue idna inline ixfr \
keepalive @KEYMGR@ legacy limits logfileconfig masterfile \
masterformat metadata mkeys names notify nslookup nsupdate \
- nzd2nzf padding pending pipelined @PKCS11_TEST@ qmin
- reclimit redirect resolver rndc rpz rrchecker rrl \
+ nzd2nzf padding pending pipelined @PKCS11_TEST@ qmin \
+ reclimit redirect resolver rndc rpz rrchecker rrl \
rrsetorder rsabigexponent runtime sfcache smartsign sortlist \
spf staticstub statistics statschannel stub tcp tkey tsig \
tsiggss unknown upforwd verify views wildcard xfer xferquota \
rm -f dig.out.*
rm -f ns*/named.lock
rm -f ans*/query.log
+rm -f query*.log
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.good." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.good." | diff ans4/query.log - > /dev/null || ret=1
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans4/query.log - > /dev/null || ret=1
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.slow." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.slow." | diff ans4/query.log - > /dev/null || ret=1
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
NS icky.icky.ptang.zoop.boing.good.
A icky.icky.icky.ptang.zoop.boing.good.
__EOF
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
$DIG $DIGOPTS icky.icky.icky.ptang.zoop.boing.bad. @10.53.0.6 > dig.out.test$n
grep "status: NXDOMAIN" dig.out.test$n > /dev/null || ret=1
echo "NS boing.bad." | diff ans2/query.log - > /dev/null || ret=1
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
__EOF
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans3/query.log - > /dev/null || ret=1
echo "A icky.icky.icky.ptang.zoop.boing.bad." | diff ans4/query.log - > /dev/null || ret=1
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
NS icky.icky.ptang.zoop.boing.slow.
A icky.icky.icky.ptang.zoop.boing.slow.
__EOF
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
NS 0.0.0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.
PTR 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.f.4.0.1.0.0.2.ip6.arpa.
__EOF
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
NS icky.icky.ptang.zoop.boing.good.
A more.icky.icky.icky.ptang.zoop.boing.good.
__EOF
+for ans in ans2 ans3 ans4; do mv -f $ans/query.log query-$ans-$n.log 2>/dev/null || true; done
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# expected to be accepted regardless of the filter setting.
$packet->push("authority", new Net::DNS::RR("sub.example.org 300 NS ns.sub.example.org"));
$packet->push("additional", new Net::DNS::RR("ns.sub.example.org 300 A 10.53.0.3"));
- } elsif ($qname =~ /broken/) {
+ } elsif ($qname =~ /\.broken/ || $qname =~ /^broken/) {
# Delegation to broken TLD.
$packet->push("authority", new Net::DNS::RR("broken 300 NS ns.broken"));
$packet->push("additional", new Net::DNS::RR("ns.broken 300 A 10.53.0.4"));
signatures covering DNSKEY RRsets. [GL #145]
</para>
</listitem>
+ <listitem>
+ <para>
+ Support for qname minimization was added and enabled by default in
+ <command>relaxed</command> mode - in which BIND will fall back to
+ normal resolution should the remote server return something
+ unexpected during query minimization process. This default setting
+ might change to <command>strict</command> in the future.
+ </para>
+ </listitem>
</itemizedlist>
</section>
/*
* Options that modify how a 'fetch' is done.
*/
-#define DNS_FETCHOPT_TCP 0x0001 /*%< Use TCP. */
-#define DNS_FETCHOPT_UNSHARED 0x0002 /*%< See below. */
-#define DNS_FETCHOPT_RECURSIVE 0x0004 /*%< Set RD? */
-#define DNS_FETCHOPT_NOEDNS0 0x0008 /*%< Do not use EDNS. */
-#define DNS_FETCHOPT_FORWARDONLY 0x0010 /*%< Only use forwarders. */
-#define DNS_FETCHOPT_NOVALIDATE 0x0020 /*%< Disable validation. */
-#define DNS_FETCHOPT_EDNS512 0x0040 /*%< Advertise a 512 byte
- UDP buffer. */
-#define DNS_FETCHOPT_WANTNSID 0x0080 /*%< Request NSID */
-#define DNS_FETCHOPT_PREFETCH 0x0100 /*%< Do prefetch */
-#define DNS_FETCHOPT_NOCDFLAG 0x0200 /*%< Don't set CD flag. */
-#define DNS_FETCHOPT_NONTA 0x0400 /*%< Ignore NTA table. */
-/* RESERVED ECS 0x0000 */
-/* RESERVED ECS 0x1000 */
-/* RESERVED ECS 0x2000 */
-/* RESERVED TCPCLIENT 0x4000 */
-#define DNS_FETCHOPT_NOCACHED 0x8000 /*%< Force cache update. */
-#define DNS_FETCHOPT_QMINIMIZE 0x00010000 /*%< Use qname
- minimization. */
-#define DNS_FETCHOPT_QMIN_STRICT 0x00020000 /*%< Do not work around
- servers that return
- errors on non-empty
- terminals. */
-#define DNS_FETCHOPT_QMIN_SKIP_IP6A 0x00040000 /*%< Skip some labels
- when doing qname
- minimization on
- ip6.arpa. */
+#define DNS_FETCHOPT_TCP 0x00000001 /*%< Use TCP. */
+#define DNS_FETCHOPT_UNSHARED 0x00000002 /*%< See below. */
+#define DNS_FETCHOPT_RECURSIVE 0x00000004 /*%< Set RD? */
+#define DNS_FETCHOPT_NOEDNS0 0x00000008 /*%< Do not use EDNS. */
+#define DNS_FETCHOPT_FORWARDONLY 0x00000010 /*%< Only use forwarders. */
+#define DNS_FETCHOPT_NOVALIDATE 0x00000020 /*%< Disable validation. */
+#define DNS_FETCHOPT_EDNS512 0x00000040 /*%< Advertise a 512 byte
+ UDP buffer. */
+#define DNS_FETCHOPT_WANTNSID 0x00000080 /*%< Request NSID */
+#define DNS_FETCHOPT_PREFETCH 0x00000100 /*%< Do prefetch */
+#define DNS_FETCHOPT_NOCDFLAG 0x00000200 /*%< Don't set CD flag. */
+#define DNS_FETCHOPT_NONTA 0x00000400 /*%< Ignore NTA table. */
+/* RESERVED ECS 0x00000000 */
+/* RESERVED ECS 0x00001000 */
+/* RESERVED ECS 0x00002000 */
+/* RESERVED TCPCLIENT 0x00004000 */
+#define DNS_FETCHOPT_NOCACHED 0x00008000 /*%< Force cache update. */
+#define DNS_FETCHOPT_QMINIMIZE 0x00010000 /*%< Use qname
+ minimization. */
+#define DNS_FETCHOPT_QMIN_STRICT 0x00020000 /*%< Do not work around
+ servers that return
+ errors on non-empty
+ terminals. */
+#define DNS_FETCHOPT_QMIN_SKIP_IP6A 0x00040000 /*%< Skip some labels
+ when doing qname
+ minimization on
+ ip6.arpa. */
/* Reserved in use by adb.c 0x00400000 */
#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000
isc_boolean_t all_bad = ISC_TRUE;
#ifdef ENABLE_AFL
- if (dns_fuzzing_resolver)
- return ISC_FALSE;
+ if (dns_fuzzing_resolver) {
+ return (ISC_FALSE);
+ }
#endif
/*
* the next label to query and restart it.
*/
if (fctx->minimized && fctx->rmessage->rcode == dns_rcode_noerror) {
- return rctx_answer_minimized(rctx);
+ return (rctx_answer_minimized(rctx));
}
/*
* Workaround for broken servers in relaxed mode - if we hit an
*/
if (fctx->minimized && !(fctx->options & DNS_FETCHOPT_QMIN_STRICT)) {
fctx->qmin_labels = DNS_MAX_LABELS + 1;
- return rctx_answer_minimized(rctx);
+ return (rctx_answer_minimized(rctx));
}
/*
* Since we're not doing a referral, we don't want to cache any
projects / thirdparty / bind9.git / commitdiff
