+2925. [bug] Named failed to accept uncachable negative responses
+ from insecure zones. [RT# 21555]
+
2924. [func] 'rndc secroots' dump a combined summary of the
current managed keys combined with trusted keys.
[RT #20904]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: globals.h,v 1.86 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: globals.h,v 1.86.60.1 2010/06/25 23:52:08 marka Exp $ */
#ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1
EXTERN isc_time_t ns_g_boottime;
EXTERN isc_boolean_t ns_g_memstatistics INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_clienttest INIT(ISC_FALSE);
+EXTERN isc_boolean_t ns_g_nosoa INIT(ISC_FALSE);
#undef EXTERN
#undef INIT
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: main.c,v 1.175 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: main.c,v 1.175.60.1 2010/06/25 23:52:08 marka Exp $ */
/*! \file */
*/
if (!strcmp(isc_commandline_argument, "clienttest"))
ns_g_clienttest = ISC_TRUE;
+ else if (!strcmp(isc_commandline_argument, "nosoa"))
+ ns_g_nosoa = ISC_TRUE;
else if (!strcmp(isc_commandline_argument, "maxudp512"))
maxudp = 512;
else if (!strcmp(isc_commandline_argument, "maxudp1460"))
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.335.8.5 2010/06/22 23:46:34 tbox Exp $ */
+/* $Id: query.c,v 1.335.8.6 2010/06/25 23:52:08 marka Exp $ */
/*! \file */
#include <dns/zt.h>
#include <named/client.h>
+#include <named/globals.h>
#include <named/log.h>
#include <named/server.h>
#include <named/sortlist.h>
static inline isc_result_t
query_addsoa(ns_client_t *client, dns_db_t *db, dns_dbversion_t *version,
- isc_boolean_t zero_ttl)
+ isc_boolean_t zero_ttl, isc_boolean_t isassociated)
{
dns_name_t *name;
dns_dbnode_t *node;
rdataset = NULL;
node = NULL;
+ /*
+ * Don't add the SOA record for test which set "-T nosoa".
+ */
+ if (ns_g_nosoa && (!WANTDNSSEC(client) || !isassociated))
+ return (ISC_R_SUCCESS);
+
/*
* Get resources and make 'name' be the database origin.
*/
/*
* Add SOA.
*/
- result = query_addsoa(client, db, version, ISC_FALSE);
+ result = query_addsoa(client, db, version, ISC_FALSE,
+ dns_rdataset_isassociated(rdataset));
if (result != ISC_R_SUCCESS) {
QUERY_ERROR(result);
goto cleanup;
zone != NULL &&
#endif
dns_zone_getzeronosoattl(zone))
- result = query_addsoa(client, db, version, ISC_TRUE);
+ result = query_addsoa(client, db, version, ISC_TRUE,
+ dns_rdataset_isassociated(rdataset));
else
- result = query_addsoa(client, db, version, ISC_FALSE);
+ result = query_addsoa(client, db, version, ISC_FALSE,
+ dns_rdataset_isassociated(rdataset));
if (result != ISC_R_SUCCESS) {
QUERY_ERROR(result);
goto cleanup;
* Add SOA.
*/
result = query_addsoa(client, db, version,
- ISC_FALSE);
+ ISC_FALSE, ISC_FALSE);
if (result == ISC_R_SUCCESS)
result = ISC_R_NOMORE;
} else {
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: secure.example.db.in,v 1.13 2008/09/25 04:02:38 tbox Exp $
+; $Id: secure.example.db.in,v 1.13.268.1 2010/06/25 23:52:09 marka Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
insecure NS ns.insecure
ns.insecure A 10.53.0.2
+nosoa NS ns.nosoa
+ns.nosoa A 10.53.0.7
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.3 2008/09/25 04:02:38 tbox Exp $ */
+/* $Id: named.conf,v 1.3.268.1 2010/06/25 23:52:09 marka Exp $ */
// NS3
notify yes;
dnssec-enable yes;
dnssec-validation yes;
+ minimal-responses yes;
};
zone "." {
file "multiple.example.bk";
};
+zone "nosoa.secure.example" {
+ type master;
+ file "nosoa.secure.example.db";
+};
+
include "trusted.conf";
--- /dev/null
+Add -T nosoa.
--- /dev/null
+; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: nosoa.secure.example.db,v 1.2.2.2 2010/06/25 23:52:09 marka Exp $
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 2010062400 ; serial
+ 20 ; refresh (20 seconds)
+ 20 ; retry (20 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+@ IN NS ns
+ns IN A 10.53.0.7
+a IN A 1.2.3.4
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.55.32.8 2010/06/25 07:27:19 marka Exp $
+# $Id: tests.sh,v 1.55.32.9 2010/06/25 23:52:08 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:checking a non-cachable NODATA works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth a.nosoa.secure.example. txt @10.53.0.7 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth a.nosoa.secure.example. txt @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+grep "status: NOERROR" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:checking a non-cachable NXDOMAIN works ($n)"
+ret=0
+$DIG $DIGOPTS +noauth b.nosoa.secure.example. txt @10.53.0.7 \
+ > dig.out.ns2.test$n || ret=1
+$DIG $DIGOPTS +noauth b.nosoa.secure.example. txt @10.53.0.4 \
+ > dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
#
# private.secure.example is served by the same server as its
# grand parent and there is not a secure delegation from secure.example
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: start.pl,v 1.13 2008/01/02 23:47:01 tbox Exp $
+# $Id: start.pl,v 1.13.396.1 2010/06/25 23:52:08 marka Exp $
# Framework for starting test servers.
# Based on the type of server specified, check for port availability, remove
} else {
$command .= "-m record,size,mctx ";
$command .= "-T clienttest ";
+ $command .= "-T nosoa "
+ if (-e "$testdir/$server/named.nosoa");
$command .= "-c named.conf -d 99 -g";
}
$command .= " >named.run 2>&1 &";
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: validator.c,v 1.182.16.12 2010/05/26 06:30:43 marka Exp $ */
+/* $Id: validator.c,v 1.182.16.13 2010/06/25 23:52:09 marka Exp $ */
#include <config.h>
dns_message_t *message = val->event->message;
isc_result_t result;
- if (!resume) {
+ if (!resume)
result = dns_message_firstname(message, DNS_SECTION_AUTHORITY);
- if (result != ISC_R_SUCCESS)
- return (result);
- } else
+ else
result = ISC_R_SUCCESS;
for (;
dns_name_t *name;
isc_result_t result;
- if (!resume) {
+ if (!resume)
result = dns_rdataset_first(val->event->rdataset);
- if (result != ISC_R_SUCCESS)
- return (result);
- } else
+ else
result = dns_rdataset_next(val->event->rdataset);
for (;
projects / thirdparty / bind9.git / commitdiff
