+3282. [bug] Restrict the TTL of NS RRset to no more than that
+ of the old NS RRset when replacing it. [RT #27792]
+
3281. [bug] SOA refresh queries could be treated as cancelled
despite succeeding over the loopback interface.
[RT #27782]
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: clean.sh,v 1.3.142.5 2011/03/13 23:46:42 tbox Exp $
+# $Id: clean.sh,v 1.3.142.6 2012/02/09 21:02:46 marka Exp $
#
# Clean up after resolver tests.
rm -f dig.out dig.*.out.*
rm -f dig.*.foo.*
rm -f dig.*.bar.*
+rm -f dig.*.prime.*
+rm -f ns4/tld.db
rm -f ns6/K*
rm -f ns6/example.net.db.signed ns6/example.net.db
rm -f ns6/dsset-example.net. ns6/example.net.db.signed.jnl
+rm -r ns6/to-be-removed.tld.db ns6/to-be-removed.tld.db.jnl
rm -f ns7/server.db ns7/server.db.jnl
rm -f random.data
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.2.2.4 2011/03/13 23:46:42 tbox Exp $ */
+/* $Id: named.conf,v 1.2.2.5 2012/02/09 21:02:46 marka Exp $ */
// NS4
type master;
file "child.server.db";
};
+
+zone "tld" {
+ type master;
+ file "tld.db";
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-md5;
+};
+
+controls {
+ inet 10.53.0.4 port 9953 allow { any; } keys { rndc_key; };
+};
--- /dev/null
+; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: tld1.db,v 1.2.6.2 2012/02/09 21:02:47 marka Exp $
+
+$TTL 300
+@ IN SOA marka.isc.org. ns.server. (
+ 2010 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+@ NS ns.tld.
+ns A 10.53.0.4
+$TTL 5
+to-be-removed NS ns.to-be-removed
+ns.to-be-removed A 10.53.0.6
--- /dev/null
+; Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: tld2.db,v 1.2.6.2 2012/02/09 21:02:47 marka Exp $
+
+$TTL 300
+@ IN SOA marka.isc.org. ns.server. (
+ 2010 ; serial
+ 600 ; refresh
+ 600 ; retry
+ 1200 ; expire
+ 600 ; minimum
+ )
+@ NS ns.tld.
+ns A 10.53.0.4
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.2.4.2 2010/11/16 07:28:37 marka Exp $ */
+/* $Id: named.conf,v 1.2.4.3 2012/02/09 21:02:47 marka Exp $ */
// NS4
file "example.net.db.signed";
allow-update { any; };
};
+
+zone "to-be-removed.tld" {
+ type master;
+ file "to-be-removed.tld.db";
+ allow-update { any; };
+};
--- /dev/null
+; Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: to-be-removed.tld.db.in,v 1.2.6.2 2012/02/09 21:02:47 marka Exp $
+
+$TTL 600
+@ IN SOA ns hostmaster 1 1800 900 604800 600
+@ IN NS ns
+ns IN A 10.53.0.6
+ns0 IN A 10.53.0.6
+ns1 IN A 10.53.0.6
+ns2 IN A 10.53.0.6
+ns3 IN A 10.53.0.6
+ns4 IN A 10.53.0.6
+ns5 IN A 10.53.0.6
+ns6 IN A 10.53.0.6
+ns7 IN A 10.53.0.6
+ns8 IN A 10.53.0.6
+ns9 IN A 10.53.0.6
+$TTL 1
+@ IN A 10.53.0.6
+www IN A 10.53.0.6
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: setup.sh,v 1.2.4.5 2011/03/13 23:46:42 tbox Exp $
+# $Id: setup.sh,v 1.2.4.6 2012/02/09 21:02:46 marka Exp $
../../../tools/genrandom 400 random.data
+cp ns4/tld1.db ns4/tld.db
+cp ns6/to-be-removed.tld.db.in ns6/to-be-removed.tld.db
cp ns7/server.db.in ns7/server.db
(cd ns6 && sh keygen.sh)
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.11.142.9 2011/08/02 04:57:54 each Exp $
+# $Id: tests.sh,v 1.11.142.10 2012/02/09 21:02:46 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
grep 'flags: qr rd ra;' dig.ns4.out.19.${n} > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
+n=`expr $n + 1`
+echo "I:checking that removal of a delegation is honoured ($n)"
+ret=0
+$DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.prime.${n}
+grep "status: NOERROR" dig.ns5.prime.${n} > /dev/null || { ret=1; echo "I: priming failed"; }
+cp ns4/tld2.db ns4/tld.db
+($RNDC -c ../common/rndc.conf -s 10.53.0.4 -p 9953 reload tld 2>&1 ) |
+sed -e '/reload queued/d' -e 's/^/I:ns4 /'
+old=
+for i in 0 1 2 3 4 5 6 7 8 9
+do
+ foo=0
+ $DIG -p 5300 @10.53.0.5 ns$i.to-be-removed.tld A > /dev/null
+ $DIG -p 5300 @10.53.0.5 www.to-be-removed.tld A > dig.ns5.out.${n}
+ grep "status: NXDOMAIN" dig.ns5.out.${n} > /dev/null || foo=1
+ [ $foo = 0 ] && break
+ $NSUPDATE << EOF
+server 10.53.0.6 5300
+zone to-be-removed.tld
+update add to-be-removed.tld 100 NS ns${i}.to-be-removed.tld
+update delete to-be-removed.tld NS ns${old}.to-be-removed.tld
+send
+EOF
+ old=$i
+ sleep 1
+done
+[ $ret = 0 ] && ret=$foo;
+if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
+
echo "I:exit status: $status"
exit $status
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: rbtdb.c,v 1.292.8.29 2012/01/04 23:45:53 tbox Exp $ */
+/* $Id: rbtdb.c,v 1.292.8.30 2012/02/09 21:02:47 marka Exp $ */
/*! \file */
addedrdataset);
return (ISC_R_SUCCESS);
}
+ /*
+ * If we have will be replacing a NS RRset force its TTL
+ * to be no more than the current NS RRset's TTL. This
+ * ensures the delegations that are withdrawn are honoured.
+ */
+ if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
+ header->type == dns_rdatatype_ns &&
+ !header_nx && !newheader_nx &&
+ header->trust <= newheader->trust) {
+ if (newheader->rdh_ttl > header->rdh_ttl) {
+ newheader->rdh_ttl = header->rdh_ttl;
+ }
+ }
if (IS_CACHE(rbtdb) && header->rdh_ttl > now &&
(header->type == dns_rdatatype_a ||
header->type == dns_rdatatype_aaaa) &&
projects / thirdparty / bind9.git / commitdiff
