mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 21:47:59 +00:00
Merge branch '3607-apex-in-name_external-may-be-invalid-when-using-dual-stack-servers' into 'main'
Resolve "apex in name_external may be invalid when using dual stack servers" Closes #3607 See merge request isc-projects/bind9!6924
This commit is contained in:
commit
2001a0cdeb
3
CHANGES
3
CHANGES
@ -1,3 +1,6 @@
|
||||
6021. [bug] Use the current domain name when checking answers from
|
||||
a dual-stack-server. [GL #3607]
|
||||
|
||||
6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard
|
||||
option when loading a zone. [GL #1905]
|
||||
|
||||
|
@ -57,6 +57,11 @@ zone "sourcens" {
|
||||
file "sourcens.db";
|
||||
};
|
||||
|
||||
zone "v4only.net" {
|
||||
type primary;
|
||||
file "v4only.net.db";
|
||||
};
|
||||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
|
22
bin/tests/system/resolver/ns4/v4only.net.db
Normal file
22
bin/tests/system/resolver/ns4/v4only.net.db
Normal file
@ -0,0 +1,22 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; SPDX-License-Identifier: MPL-2.0
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 300
|
||||
@ IN SOA marka.isc.org. ns.server. (
|
||||
2010 ; serial
|
||||
600 ; refresh
|
||||
600 ; retry
|
||||
1200 ; expire
|
||||
600 ; minimum
|
||||
)
|
||||
@ NS v4.nameserver.
|
||||
A 10.0.0.1
|
||||
* CNAME @
|
@ -20,7 +20,7 @@ options {
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.6; };
|
||||
listen-on-v6 { none; };
|
||||
listen-on-v6 { fd92:7065:b8e:ffff::6; };
|
||||
recursion no;
|
||||
dnssec-validation no;
|
||||
querylog yes;
|
||||
|
@ -19,6 +19,7 @@ $TTL 300
|
||||
)
|
||||
. NS a.root-servers.nil.
|
||||
a.root-servers.nil. A 10.53.0.6
|
||||
a.root-servers.nil. AAAA fd92:7065:b8e:ffff::6
|
||||
moves. NS ns.server.
|
||||
server. NS ns7.server.
|
||||
ns7.server. A 10.53.0.7
|
||||
@ -31,3 +32,5 @@ no-edns-version.tld. NS ns.no-edns-version.tld.
|
||||
ns.no-edns-version.tld. A 10.53.0.6
|
||||
edns-version.tld. NS ns.edns-version.tld.
|
||||
ns.edns-version.tld. A 10.53.0.7
|
||||
v4only.net. NS v4.nameserver.
|
||||
v4.nameserver. A 10.53.0.4
|
||||
|
@ -20,7 +20,7 @@ options {
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.7; };
|
||||
listen-on-v6 { none; };
|
||||
listen-on-v6 { fd92:7065:b8e:ffff::7; };
|
||||
recursion yes;
|
||||
dnssec-validation yes;
|
||||
empty-zones-enable yes;
|
||||
|
@ -20,7 +20,7 @@ options {
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.7; };
|
||||
listen-on-v6 { none; };
|
||||
listen-on-v6 { fd92:7065:b8e:ffff::7; };
|
||||
recursion yes;
|
||||
dnssec-validation yes;
|
||||
empty-zones-enable yes;
|
||||
|
2
bin/tests/system/resolver/ns9/named.args
Normal file
2
bin/tests/system/resolver/ns9/named.args
Normal file
@ -0,0 +1,2 @@
|
||||
# this server is IPv6 only
|
||||
-6 -m record -c named.conf -d 99 -D resolver-ns9 -X named.lock -g -T maxcachesize=2097152
|
39
bin/tests/system/resolver/ns9/named.conf.in
Normal file
39
bin/tests/system/resolver/ns9/named.conf.in
Normal file
@ -0,0 +1,39 @@
|
||||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* SPDX-License-Identifier: MPL-2.0
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
// NS9
|
||||
|
||||
options {
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { none; };
|
||||
listen-on-v6 { fd92:7065:b8e:ffff::9; };
|
||||
recursion yes;
|
||||
dnssec-validation yes;
|
||||
dual-stack-servers { fd92:7065:b8e:ffff::7; };
|
||||
qname-minimization off;
|
||||
};
|
||||
|
||||
key rndc_key {
|
||||
secret "1234abcd8765";
|
||||
algorithm @DEFAULT_HMAC@;
|
||||
};
|
||||
|
||||
controls {
|
||||
inet fd92:7065:b8e:ffff::9 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
||||
};
|
||||
|
||||
zone "." {
|
||||
type hint;
|
||||
file "root.hint";
|
||||
};
|
0
bin/tests/system/resolver/ns9/named.ipv6-only
Normal file
0
bin/tests/system/resolver/ns9/named.ipv6-only
Normal file
15
bin/tests/system/resolver/ns9/root.hint
Normal file
15
bin/tests/system/resolver/ns9/root.hint
Normal file
@ -0,0 +1,15 @@
|
||||
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
;
|
||||
; SPDX-License-Identifier: MPL-2.0
|
||||
;
|
||||
; This Source Code Form is subject to the terms of the Mozilla Public
|
||||
; License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
||||
;
|
||||
; See the COPYRIGHT file distributed with this work for additional
|
||||
; information regarding copyright ownership.
|
||||
|
||||
$TTL 999999
|
||||
. IN NS a.root-servers.nil.
|
||||
a.root-servers.nil. IN A 10.53.0.6
|
||||
a.root-servers.nil. IN AAAA fd92:7065:b8e:ffff::6;
|
@ -23,5 +23,6 @@ copy_setports ns4/named.conf.in ns4/named.conf
|
||||
copy_setports ns5/named.conf.in ns5/named.conf
|
||||
copy_setports ns6/named.conf.in ns6/named.conf
|
||||
copy_setports ns7/named1.conf.in ns7/named.conf
|
||||
copy_setports ns9/named.conf.in ns9/named.conf
|
||||
|
||||
(cd ns6 && $SHELL keygen.sh)
|
||||
|
@ -847,5 +847,18 @@ grep "IN.*TXT.*baz" dig.out.ns1.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
n=$((n+1))
|
||||
echo_i "check that correct namespace is chosen for dual-stack-servers ($n)"
|
||||
ret=0
|
||||
#
|
||||
# The two priming queries are needed until we fix dual-stack-servers fully
|
||||
#
|
||||
dig_with_opts @fd92:7065:b8e:ffff::9 v4.nameserver A > dig.out.prime1.${n} || ret=1
|
||||
dig_with_opts @fd92:7065:b8e:ffff::9 v4.nameserver AAAA > dig.out.prime2.${n} || ret=1
|
||||
dig_with_opts @fd92:7065:b8e:ffff::9 foo.v4only.net A > dig.out.ns9.${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns9.${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo_i "failed"; fi
|
||||
status=$((status + ret))
|
||||
|
||||
echo_i "exit status: $status"
|
||||
[ $status -eq 0 ] || exit 1
|
||||
|
@ -426,8 +426,13 @@ sub verify_ns_server {
|
||||
$tcp = "";
|
||||
}
|
||||
|
||||
my $ip = "10.53.0.$n";
|
||||
if (-e "$testdir/$server/named.ipv6-only") {
|
||||
$ip = "fd92:7065:b8e:ffff::$n";
|
||||
}
|
||||
|
||||
while (1) {
|
||||
my $return = system("$DIG $tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noedns -p $port version.bind. chaos txt \@10.53.0.$n > /dev/null");
|
||||
my $return = system("$DIG $tcp +noadd +nosea +nostat +noquest +nocomm +nocmd +noedns -p $port version.bind. chaos txt \@$ip > /dev/null");
|
||||
|
||||
last if ($return == 0);
|
||||
|
||||
|
@ -182,6 +182,10 @@ sub stop_rndc {
|
||||
}
|
||||
|
||||
my $ip = "10.53.0.$n";
|
||||
if (-e "$testdir/$server/named.ipv6-only") {
|
||||
$ip = "fd92:7065:b8e:ffff::$n";
|
||||
}
|
||||
|
||||
my $how = $halt ? "halt" : "stop";
|
||||
|
||||
# Ugly, but should work.
|
||||
|
@ -375,6 +375,11 @@ struct fetchctx {
|
||||
ISC_LIST(resquery_t) queries;
|
||||
dns_adbfindlist_t finds;
|
||||
dns_adbfind_t *find;
|
||||
/*
|
||||
* altfinds are names and/or addresses of dual stack servers that
|
||||
* should be used when iterative resolution to a server is not
|
||||
* possible because the address family of that server is not usable.
|
||||
*/
|
||||
dns_adbfindlist_t altfinds;
|
||||
dns_adbfind_t *altfind;
|
||||
dns_adbaddrinfolist_t forwaddrs;
|
||||
@ -609,12 +614,14 @@ struct dns_resolver {
|
||||
#define FCTX_ADDRINFO_EDNSOK 0x04000
|
||||
#define FCTX_ADDRINFO_NOCOOKIE 0x08000
|
||||
#define FCTX_ADDRINFO_BADCOOKIE 0x10000
|
||||
#define FCTX_ADDRINFO_DUALSTACK 0x20000
|
||||
|
||||
#define UNMARKED(a) (((a)->flags & FCTX_ADDRINFO_MARK) == 0)
|
||||
#define ISFORWARDER(a) (((a)->flags & FCTX_ADDRINFO_FORWARDER) != 0)
|
||||
#define NOCOOKIE(a) (((a)->flags & FCTX_ADDRINFO_NOCOOKIE) != 0)
|
||||
#define EDNSOK(a) (((a)->flags & FCTX_ADDRINFO_EDNSOK) != 0)
|
||||
#define BADCOOKIE(a) (((a)->flags & FCTX_ADDRINFO_BADCOOKIE) != 0)
|
||||
#define ISDUALSTACK(a) (((a)->flags & FCTX_ADDRINFO_DUALSTACK) != 0)
|
||||
|
||||
#define NXDOMAIN(r) (((r)->attributes & DNS_RDATASETATTR_NXDOMAIN) != 0)
|
||||
#define NEGATIVE(r) (((r)->attributes & DNS_RDATASETATTR_NEGATIVE) != 0)
|
||||
@ -3477,7 +3484,7 @@ findname(fetchctx_t *fctx, const dns_name_t *name, in_port_t port,
|
||||
}
|
||||
}
|
||||
}
|
||||
if ((flags & FCTX_ADDRINFO_FORWARDER) != 0) {
|
||||
if ((flags & FCTX_ADDRINFO_DUALSTACK) != 0) {
|
||||
ISC_LIST_APPEND(fctx->altfinds, find, publink);
|
||||
} else {
|
||||
ISC_LIST_APPEND(fctx->finds, find, publink);
|
||||
@ -3797,7 +3804,7 @@ normal_nses:
|
||||
a = ISC_LIST_NEXT(a, link)) {
|
||||
if (!a->isaddress) {
|
||||
findname(fctx, &a->_u._n.name, a->_u._n.port,
|
||||
stdoptions, FCTX_ADDRINFO_FORWARDER,
|
||||
stdoptions, FCTX_ADDRINFO_DUALSTACK,
|
||||
now, NULL, NULL, NULL);
|
||||
continue;
|
||||
}
|
||||
@ -3810,6 +3817,7 @@ normal_nses:
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
dns_adbaddrinfo_t *cur;
|
||||
ai->flags |= FCTX_ADDRINFO_FORWARDER;
|
||||
ai->flags |= FCTX_ADDRINFO_DUALSTACK;
|
||||
cur = ISC_LIST_HEAD(fctx->altaddrs);
|
||||
while (cur != NULL && cur->srtt < ai->srtt) {
|
||||
cur = ISC_LIST_NEXT(cur, publink);
|
||||
@ -6832,7 +6840,9 @@ name_external(const dns_name_t *name, dns_rdatatype_t type, fetchctx_t *fctx) {
|
||||
unsigned int labels;
|
||||
dns_namereln_t rel;
|
||||
|
||||
apex = ISFORWARDER(fctx->addrinfo) ? fctx->fwdname : fctx->domain;
|
||||
apex = (ISDUALSTACK(fctx->addrinfo) || !ISFORWARDER(fctx->addrinfo))
|
||||
? fctx->domain
|
||||
: fctx->fwdname;
|
||||
|
||||
/*
|
||||
* The name is outside the queried namespace.
|
||||
|
Loading…
x
Reference in New Issue
Block a user