Commit 2786b6c5 authored by Curtis Blackburn's avatar Curtis Blackburn
Browse files

3422. [bug] Added a clear error message for when the SOA does not

			match the referral. [RT #31281]
parent 20b95f5f
3422. [bug] Added a clear error message for when the SOA does not
match the referral. [RT #31281]
3421. [bug] Named loops when re-signing if all keys are offline.
[RT #31916]
......
......@@ -94,6 +94,10 @@ for (;;) {
# expected to be accepted regardless of the filter setting.
$packet->push("authority", new Net::DNS::RR("sub.example.org 300 NS ns.sub.example.org"));
$packet->push("additional", new Net::DNS::RR("ns.sub.example.org 300 A 10.53.0.3"));
} elsif ($qname =~ /\.broken/) {
# Delegation to broken TLD.
$packet->push("authority", new Net::DNS::RR("broken 300 NS ns.broken"));
$packet->push("additional", new Net::DNS::RR("ns.broken 300 A 10.53.0.4"));
} else {
# Data for the "bogus referrals" test
$packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com"));
......
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: tld1.db,v 1.3 2012/02/09 23:47:18 tbox Exp $
$TTL 300
@ IN SOA marka.isc.org. ns.server. (
2010 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
@ NS ns.tld.
ns A 10.53.0.4
$TTL 5
sub.broken. NS ns.sub.broken.
ns.sub.broken. A 10.53.0.6
......@@ -52,6 +52,11 @@ zone "tld" {
file "tld.db";
};
zone "broken" {
type master;
file "broken.db";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-md5;
......
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: to-be-removed.tld.db.in,v 1.3 2012/02/09 23:47:18 tbox Exp $
$TTL 600
@ IN SOA ns hostmaster 1 1800 900 604800 600
@ IN NS ns
ns IN A 10.53.0.6
ns0 IN A 10.53.0.6
ns1 IN A 10.53.0.6
ns2 IN A 10.53.0.6
ns3 IN A 10.53.0.6
ns4 IN A 10.53.0.6
ns5 IN A 10.53.0.6
ns6 IN A 10.53.0.6
ns7 IN A 10.53.0.6
ns8 IN A 10.53.0.6
ns9 IN A 10.53.0.6
$TTL 1
@ IN A 10.53.0.6
www.sub IN A 10.53.0.6
......@@ -48,3 +48,9 @@ zone "to-be-removed.tld" {
file "to-be-removed.tld.db";
allow-update { any; };
};
zone "broken" {
type master;
file "broken.db";
allow-update { any; };
};
......@@ -293,6 +293,13 @@ done
[ $ret = 0 ] && ret=$foo;
if [ $ret != 0 ]; then echo "I:failed"; status=1; fi
echo "I:check for improved error message with SOA mismatch"
ret=0
$DIG @10.53.0.1 -p 5300 www.sub.broken aaaa > dig.out.${n} || ret=1
grep "not subdomain of zone" ns1/named.run > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -5402,10 +5402,10 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
{
isc_result_t result;
dns_message_t *message;
dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name;
dns_name_t *name, *qname, *ns_name, *soa_name, *ds_name, *save_name;
dns_rdataset_t *rdataset, *ns_rdataset;
isc_boolean_t aa, negative_response;
dns_rdatatype_t type;
dns_rdatatype_t type, save_type;
dns_section_t section;
FCTXTRACE("noanswer_response");
......@@ -5472,6 +5472,8 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
ns_rdataset = NULL;
soa_name = NULL;
ds_name = NULL;
save_name = NULL;
save_type = dns_rdatatype_none;
result = dns_message_firstname(message, section);
while (result == ISC_R_SUCCESS) {
name = NULL;
......@@ -5670,6 +5672,9 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
dns_trust_additional;
}
}
} else {
save_name = name;
save_type = ISC_LIST_HEAD(name->list)->type;
}
result = dns_message_nextname(message, section);
if (result == ISC_R_NOMORE)
......@@ -5705,7 +5710,27 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
/*
* The responder is insane.
*/
log_formerr(fctx, "invalid response");
if (save_name == NULL) {
log_formerr(fctx, "invalid response");
return (DNS_R_FORMERR);
}
if (!dns_name_issubdomain(save_name, &fctx->domain)) {
char nbuf[DNS_NAME_FORMATSIZE];
char dbuf[DNS_NAME_FORMATSIZE];
char tbuf[DNS_RDATATYPE_FORMATSIZE];
dns_rdatatype_format(save_type, tbuf,
sizeof(tbuf));
dns_name_format(save_name, nbuf, sizeof(nbuf));
dns_name_format(&fctx->domain, dbuf,
sizeof(dbuf));
log_formerr(fctx, "Name %s (%s) not subdomain"
" of zone %s -- invalid response",
nbuf, tbuf, dbuf);
} else {
log_formerr(fctx, "invalid response");
}
return (DNS_R_FORMERR);
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment