diff --git a/CHANGES b/CHANGES index c858ca5164..35abb47810 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5350. [bug] When a view was configured with class CHAOS, the + server could crash while processing a query for a + non-existent record. [GL #1540] + 5349. [bug] Fix a race in task_pause/unpause. [GL #1571] 5348. [bug] dnssec-settime -Psync was not being honoured. diff --git a/bin/tests/system/resolver/ns1/chaostest.db b/bin/tests/system/resolver/ns1/chaostest.db new file mode 100644 index 0000000000..4c967b90dd --- /dev/null +++ b/bin/tests/system/resolver/ns1/chaostest.db @@ -0,0 +1,5 @@ +$TTL 3600 +@ CHAOS SOA @ @ 1970010100 86400 600 86400 300 +@ CHAOS NS @ +version CHAOS TXT "CH 1.0" +hostname CHAOS TXT "unknown" diff --git a/bin/tests/system/resolver/ns1/named.conf.in b/bin/tests/system/resolver/ns1/named.conf.in index c7d5d14ce5..b26a156601 100644 --- a/bin/tests/system/resolver/ns1/named.conf.in +++ b/bin/tests/system/resolver/ns1/named.conf.in @@ -46,7 +46,10 @@ server fd92:7065:b8e:ffff::1000 { * "globalcache" before the recursive "default"/IN view is configured. */ view "class" chaos { - match-clients { none; }; + zone "chaostest" CHAOS { + type master; + file "chaostest.db"; + }; }; /* diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 788e082528..5604236f5a 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -805,5 +805,13 @@ grep "running as: .* -m record,size,mctx " ns1/named.run > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "checking NXDOMAIN is returned when querying non existing domain in CH class ($n)" +ret=0 +$DIG $DIGOPTS @10.53.0.1 id.hostname txt ch > dig.ns1.out.${n} || ret=1 +grep "status: NXDOMAIN" dig.ns1.out.${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/lib/dns/view.c b/lib/dns/view.c index f21d065cfc..38c6634a36 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -1245,8 +1245,9 @@ dns_view_findzonecut(dns_view_t *view, const dns_name_t *name, ztoptions |= DNS_ZTFIND_NOEXACT; result = dns_zt_find(view->zonetable, name, ztoptions, NULL, &zone); - } else + } else { result = ISC_R_NOTFOUND; + } UNLOCK(&view->lock); if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) result = dns_zone_getdb(zone, &db); @@ -1261,12 +1262,15 @@ dns_view_findzonecut(dns_view_t *view, const dns_name_t *name, * We have a cache; try it. */ dns_db_attach(view->cachedb, &db); - } else { + } else if (use_hints && view->hints != NULL) { /* * Maybe we have hints... */ try_hints = true; goto finish; + } else { + result = DNS_R_NXDOMAIN; + goto cleanup; } } else if (result != ISC_R_SUCCESS) { /* @@ -1287,6 +1291,7 @@ dns_view_findzonecut(dns_view_t *view, const dns_name_t *name, result = ISC_R_SUCCESS; else if (result != ISC_R_SUCCESS) goto cleanup; + if (use_cache && view->cachedb != NULL && db != view->hints) { /* * We found an answer, but the cache may be better. @@ -1327,13 +1332,16 @@ dns_view_findzonecut(dns_view_t *view, const dns_name_t *name, * have a zone delegation, so use it. */ use_zone = true; - } else { + result = ISC_R_SUCCESS; + } else if (use_hints && view->hints != NULL) { /* * Maybe we have hints... */ try_hints = true; + result = ISC_R_SUCCESS; + } else { + result = DNS_R_NXDOMAIN; } - result = ISC_R_SUCCESS; } else { /* * Something bad happened. @@ -1358,7 +1366,7 @@ dns_view_findzonecut(dns_view_t *view, const dns_name_t *name, if (sigrdataset != NULL && dns_rdataset_isassociated(&zrdataset)) dns_rdataset_clone(&zsigrdataset, sigrdataset); - } else if (try_hints && use_hints && view->hints != NULL) { + } else if (try_hints) { /* * We've found nothing so far, but we have hints. */