]>
Commit | Line | Data |
---|---|---|
e30ec7d4 | 1 | diff --git a/iterator/iterator.c b/iterator/iterator.c |
d970dbd1 | 2 | index 7f3c6573..33fb02dd 100644 |
e30ec7d4 AM |
3 | --- a/iterator/iterator.c |
4 | +++ b/iterator/iterator.c | |
5 | @@ -1157,6 +1157,13 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, | |
6 | if(iq->query_restart_count > MAX_RESTART_COUNT) { | |
7 | verbose(VERB_QUERY, "request has exceeded the maximum number" | |
8 | " of query restarts with %d", iq->query_restart_count); | |
9 | + if(iq->response) { | |
10 | + /* return the partial CNAME loop, i.e. with the | |
11 | + * actual packet in iq->response cleared of RRsets, | |
12 | + * the stored prepend RRsets contain the loop contents | |
13 | + * with duplicates removed */ | |
14 | + return next_state(iq, FINISHED_STATE); | |
15 | + } | |
16 | return error_response(qstate, id, LDNS_RCODE_SERVFAIL); | |
17 | } | |
18 | ||
d970dbd1 | 19 | @@ -1246,6 +1253,11 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, |
e30ec7d4 AM |
20 | iq->qchase.qname_len = slen; |
21 | /* This *is* a query restart, even if it is a cheap | |
22 | * one. */ | |
23 | + msg->rep->an_numrrsets = 0; | |
24 | + msg->rep->ns_numrrsets = 0; | |
25 | + msg->rep->ar_numrrsets = 0; | |
26 | + msg->rep->rrset_count = 0; | |
d970dbd1 | 27 | + iq->response = msg; |
e30ec7d4 AM |
28 | iq->dp = NULL; |
29 | iq->refetch_glue = 0; | |
30 | iq->query_restart_count++; | |
d970dbd1 | 31 | @@ -2739,6 +2751,10 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, |
e30ec7d4 AM |
32 | if (qstate->env->cfg->qname_minimisation) |
33 | iq->minimisation_state = INIT_MINIMISE_STATE; | |
34 | /* Clear the query state, since this is a query restart. */ | |
35 | + iq->response->rep->an_numrrsets = 0; | |
36 | + iq->response->rep->ns_numrrsets = 0; | |
37 | + iq->response->rep->ar_numrrsets = 0; | |
38 | + iq->response->rep->rrset_count = 0; | |
39 | iq->deleg_msg = NULL; | |
40 | iq->dp = NULL; | |
41 | iq->dsns_point = NULL; | |
d970dbd1 AM |
42 | diff --git a/testdata/iter_dname_insec.rpl b/testdata/iter_dname_insec.rpl |
43 | index 8f4a29c7..1ce8c2cb 100644 | |
44 | --- a/testdata/iter_dname_insec.rpl | |
45 | +++ b/testdata/iter_dname_insec.rpl | |
46 | @@ -776,12 +776,18 @@ ENTRY_END | |
47 | ||
48 | ; Expected result is defined by RFC 1034 section 3.6.2: | |
49 | ; CNAME chains should be followed and CNAME loops signalled as an error | |
50 | +; but bug#3512: return partial contents with NOERROR. | |
51 | STEP 221002 CHECK_ANSWER | |
52 | ENTRY_BEGIN | |
53 | MATCH all | |
54 | -REPLY QR RD RA DO SERVFAIL | |
55 | +REPLY QR RD RA DO NOERROR | |
56 | SECTION QUESTION | |
57 | cyc2.example.com. IN A | |
58 | +SECTION ANSWER | |
59 | +example.com. 0 IN DNAME cyc2.example.net. | |
60 | +cyc2.example.com. 0 IN CNAME cyc2.cyc2.example.net. | |
61 | +cyc2.example.net. 0 IN DNAME example.com. | |
62 | +cyc2.cyc2.example.net. 0 IN CNAME cyc2.example.com. | |
63 | ENTRY_END | |
64 | ||
65 | ; ns1.example.com. | |
66 | diff --git a/testdata/val_cname_loop1.rpl b/testdata/val_cname_loop1.rpl | |
67 | index 61fcdb70..b942cb26 100644 | |
68 | --- a/testdata/val_cname_loop1.rpl | |
69 | +++ b/testdata/val_cname_loop1.rpl | |
70 | @@ -5,6 +5,7 @@ server: | |
71 | val-override-date: "20070916134226" | |
72 | target-fetch-policy: "0 0 0 0 0" | |
73 | fake-sha1: yes | |
74 | + trust-anchor-signaling: no | |
75 | ||
76 | stub-zone: | |
77 | name: "." | |
78 | @@ -86,6 +87,17 @@ ns.example.com. IN A 1.2.3.4 | |
79 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
80 | ENTRY_END | |
81 | ||
82 | +ENTRY_BEGIN | |
83 | +MATCH opcode qtype qname | |
84 | +ADJUST copy_id | |
85 | +REPLY QR NOERROR | |
86 | +SECTION QUESTION | |
87 | +ns.example.com. IN AAAA | |
88 | +SECTION AUTHORITY | |
89 | +ns.example.com. IN NSEC www.example.com. A RRSIG NSEC | |
90 | +ns.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AE+zfHodyVCTnni/bur8IiUhTUtdac6ip/znrYYN0l1nqll1fon2+kQ= | |
91 | +ENTRY_END | |
92 | + | |
93 | ; response to DNSKEY priming query | |
94 | ENTRY_BEGIN | |
95 | MATCH opcode qtype qname | |
96 | @@ -104,6 +116,18 @@ ns.example.com. IN A 1.2.3.4 | |
97 | ns.example.com. 3600 IN RRSIG A 3 3 3600 20070926135752 20070829135752 2854 example.com. MC0CFQCMSWxVehgOQLoYclB9PIAbNP229AIUeH0vNNGJhjnZiqgIOKvs1EhzqAo= ;{id = 2854} | |
98 | ENTRY_END | |
99 | ||
100 | +; response to DNSKEY priming query | |
101 | +ENTRY_BEGIN | |
102 | +MATCH opcode qtype qname | |
103 | +ADJUST copy_id | |
104 | +REPLY QR NOERROR | |
105 | +SECTION QUESTION | |
106 | +www.example.com. IN DS | |
107 | +SECTION AUTHORITY | |
108 | +www.example.com. IN NSEC z.example.com. CNAME RRSIG NSEC | |
109 | +www.example.com. 3600 IN RRSIG NSEC 3 3 3600 20070926134150 20070829134150 2854 example.com. AJ8hqdeoKtvR094y+0KjO6LkCe1SCs6z5YhuY2YZCmzvUiYHP9wiMTw= | |
110 | +ENTRY_END | |
111 | + | |
112 | ; response to query of interest | |
113 | ENTRY_BEGIN | |
114 | MATCH opcode qtype qname | |
115 | @@ -134,10 +158,12 @@ ENTRY_END | |
116 | STEP 10 CHECK_ANSWER | |
117 | ENTRY_BEGIN | |
118 | MATCH all | |
119 | -REPLY QR RD RA DO SERVFAIL | |
120 | +REPLY QR RD RA DO AD NOERROR | |
121 | SECTION QUESTION | |
122 | www.example.com. IN A | |
123 | SECTION ANSWER | |
124 | +www.example.com. 3600 IN CNAME www.example.com. | |
125 | +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854} | |
126 | SECTION AUTHORITY | |
127 | SECTION ADDITIONAL | |
128 | ENTRY_END | |
129 | diff --git a/testdata/val_cname_loop2.rpl b/testdata/val_cname_loop2.rpl | |
130 | index 26644bc1..d42bbd2c 100644 | |
131 | --- a/testdata/val_cname_loop2.rpl | |
132 | +++ b/testdata/val_cname_loop2.rpl | |
133 | @@ -5,6 +5,7 @@ server: | |
134 | val-override-date: "20070916134226" | |
135 | target-fetch-policy: "0 0 0 0 0" | |
136 | fake-sha1: yes | |
137 | + trust-anchor-signaling: no | |
138 | ||
139 | stub-zone: | |
140 | name: "." | |
141 | @@ -113,7 +114,7 @@ SECTION QUESTION | |
142 | www.example.com. IN A | |
143 | SECTION ANSWER | |
144 | www.example.com. IN CNAME foo.example.com. | |
145 | -www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854} | |
146 | +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AD50yy1elnzRmjGCd7FBiWEkYlhQYXaZu0g1JoJMr/ONiXVnV2yiONg= | |
147 | SECTION AUTHORITY | |
148 | SECTION ADDITIONAL | |
149 | ENTRY_END | |
150 | @@ -126,7 +127,7 @@ SECTION QUESTION | |
151 | foo.example.com. IN A | |
152 | SECTION ANSWER | |
153 | foo.example.com. IN CNAME www.example.com. | |
154 | -foo.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFC7kcWPsMnGbjvzj5UNnxQzM0YvnAhUAgxIKgs1huJHvcAP2Xt3p8Adpy/c= ;{id = 2854} | |
155 | +foo.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AEEIVUwbtfcn2RP41l0PDO+Sk4YdJ0HyRVsgq20fJnrDDC6eFXFGqUg= | |
156 | SECTION AUTHORITY | |
157 | SECTION ADDITIONAL | |
158 | ENTRY_END | |
159 | @@ -143,10 +144,14 @@ ENTRY_END | |
160 | STEP 10 CHECK_ANSWER | |
161 | ENTRY_BEGIN | |
162 | MATCH all | |
163 | -REPLY QR RD RA DO SERVFAIL | |
164 | +REPLY QR RD RA DO AD NOERROR | |
165 | SECTION QUESTION | |
166 | www.example.com. IN A | |
167 | SECTION ANSWER | |
168 | +www.example.com. 3600 IN CNAME foo.example.com. | |
169 | +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AD50yy1elnzRmjGCd7FBiWEkYlhQYXaZu0g1JoJMr/ONiXVnV2yiONg= ;{id = 2854} | |
170 | +foo.example.com. 3600 IN CNAME www.example.com. | |
171 | +foo.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AEEIVUwbtfcn2RP41l0PDO+Sk4YdJ0HyRVsgq20fJnrDDC6eFXFGqUg= ;{id = 2854} | |
172 | SECTION AUTHORITY | |
173 | SECTION ADDITIONAL | |
174 | ENTRY_END | |
175 | diff --git a/testdata/val_cname_loop3.rpl b/testdata/val_cname_loop3.rpl | |
176 | index fbd0d8ab..30e6abfb 100644 | |
177 | --- a/testdata/val_cname_loop3.rpl | |
178 | +++ b/testdata/val_cname_loop3.rpl | |
179 | @@ -5,6 +5,7 @@ server: | |
180 | val-override-date: "20070916134226" | |
181 | target-fetch-policy: "0 0 0 0 0" | |
182 | fake-sha1: yes | |
183 | + trust-anchor-signaling: no | |
184 | ||
185 | stub-zone: | |
186 | name: "." | |
187 | @@ -113,7 +114,7 @@ SECTION QUESTION | |
188 | www.example.com. IN A | |
189 | SECTION ANSWER | |
190 | www.example.com. IN CNAME foo.example.com. | |
191 | -www.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFH0SwLHe7u56TshoVciFRHEl1KqbAhQ3zBOZMlL8bt1DqoDoM5ni8U/1UA== ;{id = 2854} | |
192 | +www.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AD50yy1elnzRmjGCd7FBiWEkYlhQYXaZu0g1JoJMr/ONiXVnV2yiONg= | |
193 | SECTION AUTHORITY | |
194 | SECTION ADDITIONAL | |
195 | ENTRY_END | |
196 | @@ -126,7 +127,7 @@ SECTION QUESTION | |
197 | foo.example.com. IN A | |
198 | SECTION ANSWER | |
199 | foo.example.com. IN CNAME bar.example.com. | |
200 | -foo.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MC0CFFMlXuWrNL/8aYOl9U9WYjgif8gAAhUAqsC/xOXakHP1SYxMSLANziOik94= ;{id = 2854} | |
201 | +foo.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AILRq+NAK+k+qCNJAmByoTAkGNveSHT+au0u360OeUa56b8zU7gi6+I= | |
202 | SECTION AUTHORITY | |
203 | SECTION ADDITIONAL | |
204 | ENTRY_END | |
205 | @@ -139,7 +140,7 @@ SECTION QUESTION | |
206 | bar.example.com. IN A | |
207 | SECTION ANSWER | |
208 | bar.example.com. IN CNAME www.example.com. | |
209 | -bar.example.com. 3600 IN RRSIG CNAME DSA 3 3600 20070926134150 20070829134150 2854 example.com. MCwCFAsalUJJSV86uPlfiGS3kKDc0JB7AhQ+qmHqagY/r36Re/J3Q1OfvcA1dA== ;{id = 2854} | |
210 | +bar.example.com. 3600 IN RRSIG CNAME 3 3 3600 20070926134150 20070829134150 2854 example.com. AKA7eO4DAGPB8vg/OdBLk41/2txpklOJrszT8Gvp+UOVSLYtddNGz+k= | |
211 | SECTION AUTHORITY | |
212 | SECTION ADDITIONAL | |
213 | ENTRY_END | |
214 | @@ -156,10 +157,13 @@ ENTRY_END | |
215 | STEP 10 CHECK_ANSWER | |
216 | ENTRY_BEGIN | |
217 | MATCH all | |
218 | -REPLY QR RD RA SERVFAIL | |
219 | +REPLY QR RD RA NOERROR | |
220 | SECTION QUESTION | |
221 | www.example.com. IN A | |
222 | SECTION ANSWER | |
223 | +www.example.com. 3600 IN CNAME foo.example.com. | |
224 | +foo.example.com. 3600 IN CNAME bar.example.com. | |
225 | +bar.example.com. 3600 IN CNAME www.example.com. | |
226 | SECTION AUTHORITY | |
227 | SECTION ADDITIONAL | |
228 | ENTRY_END | |
229 | diff --git a/validator/validator.c b/validator/validator.c | |
230 | index a924a3f8..81d67cd3 100644 | |
231 | --- a/validator/validator.c | |
232 | +++ b/validator/validator.c | |
233 | @@ -1529,6 +1529,22 @@ processInit(struct module_qstate* qstate, struct val_qstate* vq, | |
234 | if(verbosity >= VERB_ALGO) | |
235 | log_dns_msg("chased extract", &vq->qchase, | |
236 | vq->chase_reply); | |
237 | + /* we skipped cnames, and now the reply is empty, is this | |
238 | + * a CNAME loop? */ | |
239 | + if(vq->rrset_skip > 0 && vq->chase_reply->rrset_count == 0) { | |
240 | + if(reply_find_rrset_section_an(vq->orig_msg->rep, | |
241 | + lookup_name, lookup_len, LDNS_RR_TYPE_CNAME, | |
242 | + vq->qchase.qclass)) { | |
243 | + if(anchor) { | |
244 | + lock_basic_unlock(&anchor->lock); | |
245 | + } | |
246 | + verbose(VERB_ALGO, "validator: encountered " | |
247 | + "CNAME loop - terminating"); | |
248 | + vq->chase_reply->security = vq->orig_msg->rep->security; | |
249 | + vq->state = VAL_FINISHED_STATE; | |
250 | + return 1; | |
251 | + } | |
252 | + } | |
253 | } | |
254 | ||
255 | vq->key_entry = key_cache_obtain(ve->kcache, lookup_name, lookup_len, |