goto cleanup;
}
+ /*
+ * Check to see if the AAAA RRset has non-excluded addresses
+ * in it. If not look for a A RRset.
+ *
+ * Note: the order of dns64_aaaaok() and filter_aaaa check is
+ * important. Both result is fetches being called but the
+ * dns64 case goes to db_find while the filter_aaaa case
+ * adds the records now for later potential exclusion.
+ */
+ INSIST(client->query.dns64_aaaaok == NULL);
+
+ if (qtype == dns_rdatatype_aaaa && !dns64_exclude &&
+ !ISC_LIST_EMPTY(client->view->dns64) &&
+ client->message->rdclass == dns_rdataclass_in &&
+ !dns64_aaaaok(client, rdataset, sigrdataset)) {
+ /*
+ * Look to see if there are A records for this
+ * name.
+ */
+ client->query.dns64_ttl = rdataset->ttl;
+ SAVE(client->query.dns64_aaaa, rdataset);
+ SAVE(client->query.dns64_sigaaaa, sigrdataset);
+ query_releasename(client, &fname);
+ dns_db_detachnode(db, &node);
+ type = qtype = dns_rdatatype_a;
+ dns64_exclude = dns64 = true;
+ goto db_find;
+ }
+
#ifdef ALLOW_FILTER_AAAA
/*
* Optionally hide AAAAs from IPv4 clients if there is an A.
}
}
#endif
- /*
- * Check to see if the AAAA RRset has non-excluded addresses
- * in it. If not look for a A RRset.
- */
- INSIST(client->query.dns64_aaaaok == NULL);
-
- if (qtype == dns_rdatatype_aaaa && !dns64_exclude &&
- !ISC_LIST_EMPTY(client->view->dns64) &&
- client->message->rdclass == dns_rdataclass_in &&
- !dns64_aaaaok(client, rdataset, sigrdataset)) {
- /*
- * Look to see if there are A records for this
- * name.
- */
- client->query.dns64_ttl = rdataset->ttl;
- SAVE(client->query.dns64_aaaa, rdataset);
- SAVE(client->query.dns64_sigaaaa, sigrdataset);
- query_releasename(client, &fname);
- dns_db_detachnode(db, &node);
- type = qtype = dns_rdatatype_a;
- dns64_exclude = dns64 = true;
- goto db_find;
- }
if (sigrdataset != NULL)
sigrdatasetp = &sigrdataset;
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { fd92:7065:b8e:ffff::5; };
+ recursion yes;
+ dnssec-validation no;
+ notify yes;
+ dns64 64:ff9b::/96 {
+ clients { any; };
+ exclude { any; };
+ mapped { any; };
+ };
+ filter-aaaa-on-v4 break-dnssec;
+ filter-aaaa { any; };
+ minimal-responses no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "." { type hint; file "hints"; };
copy_setports ns2/named1.conf.in ns2/named.conf
copy_setports ns3/named1.conf.in ns3/named.conf
copy_setports ns4/named1.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
if $SHELL ../testcrypto.sh -q
then
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+# We don't check for the AAAA record here as configuration in ns5 does
+# not make sense. The AAAA record is wanted by filter-aaaa but discarded
+# by the dns64 configuration. We just want to ensure the server stays
+# running.
+n=`expr $n + 1`
+echo_i "checking filter-aaaa with dns64 ($n)"
+ret=0
+$DIG $DIGOPTS aaaa aaaa-only.unsigned @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
./bin/tests/system/filter-aaaa/ns4/signed.db.in ZONE 2010,2012,2016,2017,2018
./bin/tests/system/filter-aaaa/ns4/signed.db.presigned X 2014,2018
./bin/tests/system/filter-aaaa/ns4/unsigned.db ZONE 2010,2012,2016,2017,2018
+./bin/tests/system/filter-aaaa/ns5/hints ZONE 2018
+./bin/tests/system/filter-aaaa/ns5/named.conf.in CONF-C 2018
./bin/tests/system/filter-aaaa/prereq.sh SH 2010,2012,2014,2016,2018
./bin/tests/system/filter-aaaa/setup.sh SH 2010,2012,2014,2016,2018
./bin/tests/system/filter-aaaa/tests.sh SH 2010,2012,2015,2016,2017,2018
projects / thirdparty / bind9.git / commitdiff
