+4988. [bug] Don't synthesize NXDOMAIN from NSEC for records under
+ a DNAME.
+
--- 9.13.2 released ---
4987. [cleanup] dns_rdataslab_tordataset() and its related
rm -f ns1/dsset-*
rm -f ns1/example.db
rm -f ns1/example.db.signed
+rm -f ns1/dnamed.db
+rm -f ns1/dnamed.db.signed
rm -f ns1/root.db
rm -f ns1/root.db.signed
rm -f ns1/trusted.conf
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+@ SOA ns1 hostmaster 1 3600 1200 604800 3600
+@ NS ns1
+ns1 A 10.53.0.1
+a A 10.53.0.1
nodata TXT nodata
*.wild-a A 1.2.3.4
*.wild-cname CNAME ns1
+dnamed DNAME dnamed.
file "example.db.signed";
};
+zone "dnamed" {
+ type master;
+ file "dnamed.db.signed";
+};
+
include "trusted.conf";
ns1 A 10.53.0.1
example NS ns1.example
ns1.example A 10.53.0.1
+dnamed NS ns1.dnamed
+ns1.dnamed A 10.53.0.1
$SIGNER -P -o $zone $zonefile > /dev/null
+zone=dnamed
+infile=dnamed.db.in
+zonefile=dnamed.db
+
+keyname=`$KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone`
+cat $infile $keyname.key > $zonefile
+
+$SIGNER -P -o $zone $zonefile > /dev/null
+
zone=.
infile=root.db.in
zonefile=root.db
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+
+echo_i "check DNAME handling (synth-from-dnssec yes;) ($n)"
+ret=0
+$DIG $DIGOPTS dnamed.example. ns @10.53.0.5 > dig.out.ns5.test$n || ret=1
+$DIG $DIGOPTS a.dnamed.example. a @10.53.0.5 > dig.out.ns5-1.test$n || ret=1
+grep "status: NOERROR," dig.out.ns5-1.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
}
if (relation == dns_namereln_subdomain &&
- dns_nsec_typepresent(&rdata, dns_rdatatype_ns) &&
+ (dns_nsec_typepresent(&rdata, dns_rdatatype_dname) ||
+ dns_nsec_typepresent(&rdata, dns_rdatatype_ns)) &&
!dns_nsec_typepresent(&rdata, dns_rdatatype_soa))
{
/*
* This NSEC record is from somewhere higher in
- * the DNS, and at the parent of a delegation.
+ * the DNS, and at the parent of a delegation or
+ * at a DNAME.
* It can not be legitimately used here.
*/
(*logit)(arg, ISC_LOG_DEBUG(3), "ignoring parent nsec");
./bin/tests/system/stub/setup.sh SH 2018
./bin/tests/system/stub/tests.sh SH 2000,2001,2004,2007,2011,2012,2013,2016,2018
./bin/tests/system/synthfromdnssec/clean.sh SH 2017,2018
+./bin/tests/system/synthfromdnssec/ns1/dnamed.db.in ZONE 2018
./bin/tests/system/synthfromdnssec/ns1/example.db.in ZONE 2017,2018
./bin/tests/system/synthfromdnssec/ns1/named.conf.in CONF-C 2017,2018
./bin/tests/system/synthfromdnssec/ns1/root.db.in ZONE 2017,2018