mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-02 15:45:25 +00:00
Code Issues Releases Wiki Activity

3422. [bug] Added a clear error message for when the SOA does not

Browse Source 
match the referral. [RT #31281]
This commit is contained in:
ckb
2012-11-21 16:44:34 -06:00
parent 20b95f5ff6
commit 2786b6c53f
8 changed files with 115 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
3422. [bug] Added a clear error message for when the SOA does not
match the referral. [RT #31281]
3421. [bug] Named loops when re-signing if all keys are offline. 3421. [bug] Named loops when re-signing if all keys are offline.
[RT #31916] [RT #31916]

4
bin/tests/system/resolver/ans2/ans.pl
View File

@@ -94,6 +94,10 @@ for (;;) {
# expected to be accepted regardless of the filter setting. # expected to be accepted regardless of the filter setting.
$packet->push("authority", new Net::DNS::RR("sub.example.org 300 NS ns.sub.example.org")); $packet->push("authority", new Net::DNS::RR("sub.example.org 300 NS ns.sub.example.org"));
$packet->push("additional", new Net::DNS::RR("ns.sub.example.org 300 A 10.53.0.3")); $packet->push("additional", new Net::DNS::RR("ns.sub.example.org 300 A 10.53.0.3"));
} elsif ($qname =~ /\.broken/) {
# Delegation to broken TLD.
$packet->push("authority", new Net::DNS::RR("broken 300 NS ns.broken"));
$packet->push("additional", new Net::DNS::RR("ns.broken 300 A 10.53.0.4"));
} else { } else {
# Data for the "bogus referrals" test # Data for the "bogus referrals" test
$packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com")); $packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com"));

29
bin/tests/system/resolver/ns4/broken.db Normal file
View File

@@ -0,0 +1,29 @@
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: tld1.db,v 1.3 2012/02/09 23:47:18 tbox Exp $
$TTL 300
@ IN SOA marka.isc.org. ns.server. (
2010 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
@ NS ns.tld.
ns A 10.53.0.4
$TTL 5
sub.broken. NS ns.sub.broken.
ns.sub.broken. A 10.53.0.6

5
bin/tests/system/resolver/ns4/named.conf
View File

@@ -52,6 +52,11 @@ zone "tld" {
file "tld.db"; file "tld.db";
}; };
zone "broken" {
type master;
file "broken.db";
};
key rndc_key { key rndc_key {
secret "1234abcd8765"; secret "1234abcd8765";
algorithm hmac-md5; algorithm hmac-md5;

33
bin/tests/system/resolver/ns6/broken.db Normal file
View File

@@ -0,0 +1,33 @@
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: to-be-removed.tld.db.in,v 1.3 2012/02/09 23:47:18 tbox Exp $
$TTL 600
@ IN SOA ns hostmaster 1 1800 900 604800 600
@ IN NS ns
ns IN A 10.53.0.6
ns0 IN A 10.53.0.6
ns1 IN A 10.53.0.6
ns2 IN A 10.53.0.6
ns3 IN A 10.53.0.6
ns4 IN A 10.53.0.6
ns5 IN A 10.53.0.6
ns6 IN A 10.53.0.6
ns7 IN A 10.53.0.6
ns8 IN A 10.53.0.6
ns9 IN A 10.53.0.6
$TTL 1
@ IN A 10.53.0.6
www.sub IN A 10.53.0.6

6
bin/tests/system/resolver/ns6/named.conf
View File

@@ -48,3 +48,9 @@ zone "to-be-removed.tld" {
file "to-be-removed.tld.db"; file "to-be-removed.tld.db";
allow-update { any; }; allow-update { any; };
}; };
zone "broken" {
type master;
file "broken.db";
allow-update { any; };
};

7
bin/tests/system/resolver/tests.sh
View File

@@ -293,6 +293,13 @@ done
[ $ret = 0 ] && ret=$foo; [ $ret = 0 ] && ret=$foo;
if [ $ret != 0 ]; then echo "I:failed"; status=1; fi if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
echo "I:check for improved error message with SOA mismatch"
ret=0
$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status" echo "I:exit status: $status"
exit $status exit $status

31
lib/dns/resolver.c
View File

@@ -5402,10 +5402,10 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
{ {
isc_result_t result; isc_result_t result;
dns_message_t *message; dns_message_t *message;
dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name; dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name, *save_name;
dns_rdataset_t *rdataset, *ns_rdataset; dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t aa, negative_response; isc_boolean_t aa, negative_response;
dns_rdatatype_t type; dns_rdatatype_t type, save_type;
dns_section_t section; dns_section_t section;
FCTXTRACE("noanswer_response"); FCTXTRACE("noanswer_response");
@@ -5472,6 +5472,8 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
ns_rdataset = NULL; ns_rdataset = NULL;
soa_name = NULL; soa_name = NULL;
ds_name = NULL; ds_name = NULL;
save_name = NULL;
save_type = dns_rdatatype_none;
result = dns_message_firstname(message, section); result = dns_message_firstname(message, section);
while (result == ISC_R_SUCCESS) { while (result == ISC_R_SUCCESS) {
name = NULL; name = NULL;
@@ -5670,6 +5672,9 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
dns_trust_additional; dns_trust_additional;
} }
} }
} else {
save_name = name;
save_type = ISC_LIST_HEAD(name->list)->type;
} }
result = dns_message_nextname(message, section); result = dns_message_nextname(message, section);
if (result == ISC_R_NOMORE) if (result == ISC_R_NOMORE)
@@ -5705,7 +5710,27 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
/* /*
* The responder is insane. * The responder is insane.
*/ */
log_formerr(fctx, "invalid response"); if (save_name == NULL) {
log_formerr(fctx, "invalid response");
return (DNS_R_FORMERR);
}
if (!dns_name_issubdomain(save_name, &fctx->domain)) {
char nbuf[DNS_NAME_FORMATSIZE];
char dbuf[DNS_NAME_FORMATSIZE];
char tbuf[DNS_RDATATYPE_FORMATSIZE];
dns_rdatatype_format(save_type, tbuf,
sizeof(tbuf));
dns_name_format(save_name, nbuf, sizeof(nbuf));
dns_name_format(&fctx->domain, dbuf,
sizeof(dbuf));
log_formerr(fctx, "Name %s (%s) not subdomain"
" of zone %s -- invalid response",
nbuf, tbuf, dbuf);
} else {
log_formerr(fctx, "invalid response");
}
return (DNS_R_FORMERR); return (DNS_R_FORMERR);
} }
} }