+3125. [security] Using wildcard CNAME records as a replacement with
+ RPZ caused named to exit with a assertion failure.
+ [RT #24715]
+
3123. [security] Change #2912 exposed a latent flaw in
dns_rdataset_totext() that could cause named to
crash with an assertion failure. [RT #24777]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: query.c,v 1.353.8.2.2.3 2011/06/08 23:52:50 marka Exp $ */
+/* $Id: query.c,v 1.353.8.2.2.4 2011/06/09 00:56:10 marka Exp $ */
/*! \file */
break;
case DNS_RPZ_POLICY_RECORD:
if (type == dns_rdatatype_any &&
+ result != DNS_R_CNAME &&
dns_rdataset_isassociated(rdataset))
dns_rdataset_disassociate(rdataset);
break;
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
-; $Id: base.db,v 1.3.130.1 2011/04/27 17:06:28 each Exp $
+; $Id: base.db,v 1.3.130.2 2011/06/09 00:56:09 marka Exp $
; RPZ test
; for testing rrset replacement
redirect IN A 127.0.0.1
*.redirect IN A 127.0.0.1
+*.cname-redirect IN CNAME google.com.
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.3.130.1 2011/04/27 17:06:27 each Exp $
+# $Id: tests.sh,v 1.3.130.2 2011/06/09 00:56:09 marka Exp $
# test response policy zones (RPZ)
$DIGCMD a3-2.tld2 -trrsig @$s3 > /dev/null 2>&1
$DIGCMD a3-5.tld2 -trrsig @$s3 > /dev/null 2>&1
$DIGCMD www.redirect -trrsig @$s3 > /dev/null 2>&1
+$DIGCMD www.cname-redirect -trrsig @$s3 > /dev/null 2>&1
$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then
$DIGCMD a3-2.tld2 -tsig @$s3 > /dev/null 2>&1
$DIGCMD a3-5.tld2 -tsig @$s3 > /dev/null 2>&1
$DIGCMD www.redirect -tsig @$s3 > /dev/null 2>&1
+$DIGCMD www.cname-redirect -tsig @$s3 > /dev/null 2>&1
+
+$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1
+if [ $ret != 0 ]; then
+ echo "I:failed";
+ (cd ..; $PERL start.pl --noclean --restart rpz ns3)
+fi
+status=`expr $status + $ret`
+
+ret=0
+echo "I:checking ANY queries"
+# We don't actually care about the query results; the important
+# thing is the server handles SIG queries okay
+$DIGCMD a3-1.tld2 -tany @$s3 > /dev/null 2>&1
+$DIGCMD a3-2.tld2 -tany @$s3 > /dev/null 2>&1
+$DIGCMD a3-5.tld2 -tany @$s3 > /dev/null 2>&1
+$DIGCMD www.redirect -tany @$s3 > /dev/null 2>&1
+$DIGCMD www.cname-redirect -tany @$s3 > /dev/null 2>&1
$RNDC -c ../common/rndc.conf -s $s3 -p 9953 status > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then
projects / thirdparty / bind9.git / commitdiff
