mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-04 16:45:24 +00:00
Code Issues Releases Wiki Activity

only return DNS_R_ZONECUT from secure zones

Browse Source
This commit is contained in:
Bob Halley
2001-05-14 19:25:59 +00:00
parent ecf4962155
commit 751aa24c98
3 changed files with 18 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@@ -1,4 +1,8 @@
829. [bug] The DNS_R_ZONECUT result code is only meaningful
for secure zone databases. Queries at zone cut points
in non-secure zones should always return a delegation.
828. [bug] The errno value from recvfrom() could be overwritten 828. [bug] The errno value from recvfrom() could be overwritten
by logging code. [RT #1293] by logging code. [RT #1293]

6
lib/dns/include/dns/db.h
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: db.h,v 1.64 2001/01/09 21:52:42 bwelling Exp $ */ /* $Id: db.h,v 1.65 2001/05/14 19:25:59 halley Exp $ */
#ifndef DNS_DB_H #ifndef DNS_DB_H
#define DNS_DB_H 1 #define DNS_DB_H 1
@@ -712,8 +712,8 @@ dns_db_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
* The caller must take care not * The caller must take care not
* to return inappropriate glue * to return inappropriate glue
* to a client. This result can * to a client. This result can
* only occur if 'db' is a zone * only occur if 'db' is a
* database. * secure zone database.
* *
* DNS_R_DNAME The data requested is beneath * DNS_R_DNAME The data requested is beneath
* a DNAME. node, foundname, * a DNAME. node, foundname,

15
lib/dns/rbtdb.c
View File

@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: rbtdb.c,v 1.162 2001/05/10 16:26:07 gson Exp $ */ /* $Id: rbtdb.c,v 1.163 2001/05/14 19:25:57 halley Exp $ */
/* /*
* Principal Author: Bob Halley * Principal Author: Bob Halley
@@ -2053,7 +2053,8 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
if (type == dns_rdatatype_nxt || if (type == dns_rdatatype_nxt ||
type == dns_rdatatype_key) type == dns_rdatatype_key)
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;
else if (type == dns_rdatatype_any) else if (type == dns_rdatatype_any &&
search.rbtdb->secure)
result = DNS_R_ZONECUT; result = DNS_R_ZONECUT;
else else
result = DNS_R_GLUE; result = DNS_R_GLUE;
@@ -2067,8 +2068,14 @@ zone_find(dns_db_t *db, dns_name_t *name, dns_dbversion_t *version,
* XXX We should cache the glue validity state! * XXX We should cache the glue validity state!
*/ */
if (result == DNS_R_GLUE && if (result == DNS_R_GLUE &&
(search.options & DNS_DBFIND_VALIDATEGLUE) != 0 && ((search.options & DNS_DBFIND_VALIDATEGLUE) == 0 ||
!valid_glue(&search, foundname, type, node)) { !valid_glue(&search, foundname, type, node))) {
/*
* Either we're not validating glue (the usual
* case), or we are and this isn't valid glue. In
* any event, the thing to do is to return a
* delegation.
*/
UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock)); UNLOCK(&(search.rbtdb->node_locks[node->locknum].lock));
result = setup_delegation(&search, nodep, foundname, result = setup_delegation(&search, nodep, foundname,
rdataset, sigrdataset); rdataset, sigrdataset);