Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
2786b6c5
Commit
2786b6c5
authored
Nov 21, 2012
by
Curtis Blackburn
Browse files
3422. [bug] Added a clear error message for when the SOA does not
match the referral. [RT #31281]
parent
20b95f5f
Changes
8
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
2786b6c5
3422. [bug] Added a clear error message for when the SOA does not
match the referral. [RT #31281]
3421. [bug] Named loops when re-signing if all keys are offline.
[RT #31916]
...
...
bin/tests/system/resolver/ans2/ans.pl
View file @
2786b6c5
...
...
@@ -94,6 +94,10 @@ for (;;) {
# expected to be accepted regardless of the filter setting.
$packet
->
push
("
authority
",
new
Net::DNS::
RR
("
sub.example.org 300 NS ns.sub.example.org
"));
$packet
->
push
("
additional
",
new
Net::DNS::
RR
("
ns.sub.example.org 300 A 10.53.0.3
"));
}
elsif
(
$qname
=~
/\.broken/
)
{
# Delegation to broken TLD.
$packet
->
push
("
authority
",
new
Net::DNS::
RR
("
broken 300 NS ns.broken
"));
$packet
->
push
("
additional
",
new
Net::DNS::
RR
("
ns.broken 300 A 10.53.0.4
"));
}
else
{
# Data for the "bogus referrals" test
$packet
->
push
("
authority
",
new
Net::DNS::
RR
("
below.www.example.com 300 NS ns.below.www.example.com
"));
...
...
bin/tests/system/resolver/ns4/broken.db
0 → 100644
View file @
2786b6c5
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: tld1.db,v 1.3 2012/02/09 23:47:18 tbox Exp $
$TTL 300
@ IN SOA marka.isc.org. ns.server. (
2010 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
@ NS ns.tld.
ns A 10.53.0.4
$TTL 5
sub.broken. NS ns.sub.broken.
ns.sub.broken. A 10.53.0.6
bin/tests/system/resolver/ns4/named.conf
View file @
2786b6c5
...
...
@@ -52,6 +52,11 @@ zone "tld" {
file
"tld.db"
;
};
zone
"broken"
{
type
master
;
file
"broken.db"
;
};
key
rndc_key
{
secret
"1234abcd8765"
;
algorithm
hmac
-
md5
;
...
...
bin/tests/system/resolver/ns6/broken.db
0 → 100644
View file @
2786b6c5
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: to-be-removed.tld.db.in,v 1.3 2012/02/09 23:47:18 tbox Exp $
$TTL 600
@ IN SOA ns hostmaster 1 1800 900 604800 600
@ IN NS ns
ns IN A 10.53.0.6
ns0 IN A 10.53.0.6
ns1 IN A 10.53.0.6
ns2 IN A 10.53.0.6
ns3 IN A 10.53.0.6
ns4 IN A 10.53.0.6
ns5 IN A 10.53.0.6
ns6 IN A 10.53.0.6
ns7 IN A 10.53.0.6
ns8 IN A 10.53.0.6
ns9 IN A 10.53.0.6
$TTL 1
@ IN A 10.53.0.6
www.sub IN A 10.53.0.6
bin/tests/system/resolver/ns6/named.conf
View file @
2786b6c5
...
...
@@ -48,3 +48,9 @@ zone "to-be-removed.tld" {
file
"to-be-removed.tld.db"
;
allow
-
update
{
any
; };
};
zone
"broken"
{
type
master
;
file
"broken.db"
;
allow
-
update
{
any
; };
};
bin/tests/system/resolver/tests.sh
View file @
2786b6c5
...
...
@@ -293,6 +293,13 @@ done
[
$ret
=
0
]
&&
ret
=
$foo
;
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
status
=
1
;
fi
echo
"I:check for improved error message with SOA mismatch"
ret
=
0
$DIG
@10.53.0.1
-p
5300 www.sub.broken aaaa
>
dig.out.
${
n
}
||
ret
=
1
grep
"not subdomain of zone"
ns1/named.run
>
/dev/null
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:exit status:
$status
"
exit
$status
lib/dns/resolver.c
View file @
2786b6c5
...
...
@@ -5402,10 +5402,10 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
{
isc_result_t
result
;
dns_message_t
*
message
;
dns_name_t
*
name
,
*
qname
,
*
ns_name
,
*
soa_name
,
*
ds_name
;
dns_name_t
*
name
,
*
qname
,
*
ns_name
,
*
soa_name
,
*
ds_name
,
*
save_name
;
dns_rdataset_t
*
rdataset
,
*
ns_rdataset
;
isc_boolean_t
aa
,
negative_response
;
dns_rdatatype_t
type
;
dns_rdatatype_t
type
,
save_
type
;
dns_section_t
section
;
FCTXTRACE
(
"noanswer_response"
);
...
...
@@ -5472,6 +5472,8 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
ns_rdataset
=
NULL
;
soa_name
=
NULL
;
ds_name
=
NULL
;
save_name
=
NULL
;
save_type
=
dns_rdatatype_none
;
result
=
dns_message_firstname
(
message
,
section
);
while
(
result
==
ISC_R_SUCCESS
)
{
name
=
NULL
;
...
...
@@ -5670,6 +5672,9 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
dns_trust_additional
;
}
}
}
else
{
save_name
=
name
;
save_type
=
ISC_LIST_HEAD
(
name
->
list
)
->
type
;
}
result
=
dns_message_nextname
(
message
,
section
);
if
(
result
==
ISC_R_NOMORE
)
...
...
@@ -5705,7 +5710,27 @@ noanswer_response(fetchctx_t *fctx, dns_name_t *oqname,
/*
* The responder is insane.
*/
log_formerr
(
fctx
,
"invalid response"
);
if
(
save_name
==
NULL
)
{
log_formerr
(
fctx
,
"invalid response"
);
return
(
DNS_R_FORMERR
);
}
if
(
!
dns_name_issubdomain
(
save_name
,
&
fctx
->
domain
))
{
char
nbuf
[
DNS_NAME_FORMATSIZE
];
char
dbuf
[
DNS_NAME_FORMATSIZE
];
char
tbuf
[
DNS_RDATATYPE_FORMATSIZE
];
dns_rdatatype_format
(
save_type
,
tbuf
,
sizeof
(
tbuf
));
dns_name_format
(
save_name
,
nbuf
,
sizeof
(
nbuf
));
dns_name_format
(
&
fctx
->
domain
,
dbuf
,
sizeof
(
dbuf
));
log_formerr
(
fctx
,
"Name %s (%s) not subdomain"
" of zone %s -- invalid response"
,
nbuf
,
tbuf
,
dbuf
);
}
else
{
log_formerr
(
fctx
,
"invalid response"
);
}
return
(
DNS_R_FORMERR
);
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment