mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

[master] ignore cache when sending 5011 refresh queries

Browse Source 
4771.	[bug]		When sending RFC 5011 refresh queries, disregard
			cached DNSKEY rrsets. [RT #46251]
This commit is contained in:
Evan Hunt 2017-10-11 14:24:29 -07:00
parent 800fbdfc9c
commit b2597ce86b
4 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
4771. [bug] When sending RFC 5011 refresh queries, disregard
cached DNSKEY rrsets. [RT #46251]
4770. [bug] Cache additional data from priming queries as glue. 4770. [bug] Cache additional data from priming queries as glue.
Previously they were ignored as unsigned Previously they were ignored as unsigned
non-answer data from a secure zone, and never non-answer data from a secure zone, and never

1
lib/dns/include/dns/resolver.h
View File

@ -97,6 +97,7 @@ typedef enum {
#define DNS_FETCHOPT_PREFETCH 0x100 /*%< Do prefetch */ #define DNS_FETCHOPT_PREFETCH 0x100 /*%< Do prefetch */
#define DNS_FETCHOPT_NOCDFLAG 0x200 /*%< Don't set CD flag. */ #define DNS_FETCHOPT_NOCDFLAG 0x200 /*%< Don't set CD flag. */
#define DNS_FETCHOPT_NONTA 0x400 /*%< Ignore NTA table. */ #define DNS_FETCHOPT_NONTA 0x400 /*%< Ignore NTA table. */
#define DNS_FETCHOPT_NOCACHED 0x800 /*%< Force cache update. */
/* Reserved in use by adb.c 0x00400000 */ /* Reserved in use by adb.c 0x00400000 */
#define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000 #define DNS_FETCHOPT_EDNSVERSIONSET 0x00800000

5
lib/dns/resolver.c
View File

@ -5863,6 +5863,11 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns_adbaddrinfo_t *addrinfo,
{ {
options = DNS_DBADD_PREFETCH; options = DNS_DBADD_PREFETCH;
} }
if ((fctx->options &
DNS_FETCHOPT_NOCACHED) != 0)
{
options |= DNS_DBADD_FORCE;
}
addedrdataset = ardataset; addedrdataset = ardataset;
result = dns_db_addrdataset(fctx->cache, node, result = dns_db_addrdataset(fctx->cache, node,
NULL, now, rdataset, NULL, now, rdataset,

12
lib/dns/zone.c
View File

@ -9754,11 +9754,21 @@ zone_refreshkeys(dns_zone_t *zone) {
namebuf); namebuf);
} }
/*
* Use of DNS_FETCHOPT_NOCACHED is essential here. If it is
* not set and the cache still holds a non-expired, validated
* version of the RRset being queried for by the time the
* response is received, the cached RRset will be passed to
* keyfetch_done() instead of the one received in the response
* as the latter will have a lower trust level due to not being
* validated until keyfetch_done() is called.
*/
result = dns_resolver_createfetch(zone->view->resolver, result = dns_resolver_createfetch(zone->view->resolver,
kname, dns_rdatatype_dnskey, kname, dns_rdatatype_dnskey,
NULL, NULL, NULL, NULL, NULL, NULL,
DNS_FETCHOPT_NOVALIDATE| DNS_FETCHOPT_NOVALIDATE|
DNS_FETCHOPT_UNSHARED, DNS_FETCHOPT_UNSHARED|
DNS_FETCHOPT_NOCACHED,
zone->task, zone->task,
keyfetch_done, kfetch, keyfetch_done, kfetch,
&kfetch->dnskeyset, &kfetch->dnskeyset,