mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Ensure delegations inside mirror zones are properly handled for non-recursive queries

Browse Source 
When a resolver is a regular slave (i.e. not a mirror) for some zone,
non-recursive queries for names below that slaved zone will return a
delegation sourced from it.  This behavior is suboptimal for mirror
zones as their contents should rather be treated as validated, cached
DNS responses.  Modify query_delegation() and query_zone_delegation() to
permit clients allowed cache access to check its contents for a better
answer when responding to non-recursive queries.
This commit is contained in:
Michał Kępień
2018-06-28 13:38:39 +02:00
parent c9accfde28
commit 179d5faa28
6 changed files with 60 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/ns/query.c
View File

@@ -7765,7 +7765,10 @@ query_zone_delegation(query_ctx_t *qctx) {
}
}
if (USECACHE(qctx->client) && RECURSIONOK(qctx->client)) {
if (USECACHE(qctx->client) &&
(RECURSIONOK(qctx->client) ||
(qctx->zone != NULL && dns_zone_ismirror(qctx->zone))))
{
/*
* We might have a better answer or delegation in the
* cache. We'll remember the current values of fname,
@@ -7983,7 +7986,9 @@ query_delegation(query_ctx_t *qctx) {
qctx->client->query.attributes |= NS_QUERYATTR_CACHEGLUEOK;
qctx->client->query.isreferral = ISC_TRUE;
if (qctx->zdb != NULL && qctx->client->query.gluedb == NULL) {
if (qctx->zdb != NULL && qctx->client->query.gluedb == NULL &&
!(qctx->zone != NULL && dns_zone_ismirror(qctx->zone)))
{
dns_db_attach(qctx->zdb, &qctx->client->query.gluedb);
detach = ISC_TRUE;
}