Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
635
Issues
635
List
Boards
Labels
Service Desk
Milestones
Merge Requests
106
Merge Requests
106
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
664917be
Commit
664917be
authored
Feb 28, 2011
by
Francis Dupont
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Use RRSIG original TTL in validated RRset TTL [RT #23332]
parent
5ba60596
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
83 additions
and
9 deletions
+83
-9
CHANGES
CHANGES
+3
-0
bin/tests/system/dnssec/clean.sh
bin/tests/system/dnssec/clean.sh
+3
-1
bin/tests/system/dnssec/ns2/example.db.in
bin/tests/system/dnssec/ns2/example.db.in
+4
-1
bin/tests/system/dnssec/ns2/sign.sh
bin/tests/system/dnssec/ns2/sign.sh
+2
-2
bin/tests/system/dnssec/ns3/named.conf
bin/tests/system/dnssec/ns3/named.conf
+6
-1
bin/tests/system/dnssec/ns3/sign.sh
bin/tests/system/dnssec/ns3/sign.sh
+16
-1
bin/tests/system/dnssec/ns3/ttlpatch.example.db.in
bin/tests/system/dnssec/ns3/ttlpatch.example.db.in
+32
-0
bin/tests/system/dnssec/tests.sh
bin/tests/system/dnssec/tests.sh
+13
-1
lib/dns/validator.c
lib/dns/validator.c
+3
-2
util/copyrights
util/copyrights
+1
-0
No files found.
CHANGES
View file @
664917be
3046. [bug] Use RRSIG original TTL to compute validated RRset
and RRSIG TTL. [RT #23332]
3045. [test] Move the testsock.pl sleep to autosign test suite.
[RT #23400]
...
...
bin/tests/system/dnssec/clean.sh
View file @
664917be
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.3
6 2011/02/24 03:04:43 marka
Exp $
# $Id: clean.sh,v 1.3
7 2011/02/28 14:21:34 fdupont
Exp $
rm
-f
*
/K
*
*
/keyset-
*
*
/dsset-
*
*
/dlvset-
*
*
/signedkey-
*
*
/
*
.signed
rm
-f
*
/trusted.conf
*
/managed.conf
*
/tmp
*
*
/
*
.jnl
*
/
*
.bk
...
...
@@ -51,3 +51,5 @@ rm -f ns3/auto-nsec.example.db ns3/auto-nsec3.example.db
rm
-f
ns3/secure.below-cname.example.db
rm
-f
signer/example.db.after signer/example.db.before
rm
-f
signer/example.db.changed
rm
-f
ns3/ttlpatch.example.db ns3/ttlpatch.example.db.signed
rm
-f
ns3/ttlpatch.example.db.patched
bin/tests/system/dnssec/ns2/example.db.in
View file @
664917be
...
...
@@ -13,7 +13,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: example.db.in,v 1.2
8 2011/02/23 11:30:35 marka
Exp $
; $Id: example.db.in,v 1.2
9 2011/02/28 14:21:35 fdupont
Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
...
...
@@ -125,3 +125,6 @@ ns.insecure.below-cname A 10.53.0.3
secure.below-cname NS ns.secure.below-cname
ns.secure.below-cname A 10.53.0.3
ttlpatch NS ns.ttlpatch
ns.ttlpatch A 10.53.0.3
bin/tests/system/dnssec/ns2/sign.sh
View file @
664917be
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.4
5 2011/02/23 11:30:35 marka
Exp $
# $Id: sign.sh,v 1.4
6 2011/02/28 14:21:35 fdupont
Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -32,7 +32,7 @@ zonefile=example.db
for
subdomain
in
secure bogus dynamic keyless nsec3 optout nsec3-unknown
\
optout-unknown multiple rsasha256 rsasha512 kskonly update-nsec3
\
auto-nsec auto-nsec3 secure.below-cname
auto-nsec auto-nsec3 secure.below-cname
ttlpatch
do
cp
../ns3/dsset-
$subdomain
.example.
.
done
...
...
bin/tests/system/dnssec/ns3/named.conf
View file @
664917be
...
...
@@ -15,7 +15,7 @@
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
/* $
Id
:
named
.
conf
,
v
1
.
4
3
2011
/
02
/
23
11
:
30
:
35
marka
Exp
$ */
/* $
Id
:
named
.
conf
,
v
1
.
4
4
2011
/
02
/
28
14
:
21
:
35
fdupont
Exp
$ */
//
NS3
...
...
@@ -202,4 +202,9 @@ zone "secure.below-cname.example" {
file
"secure.below-cname.example.db.signed"
;
};
zone
"ttlpatch.example"
{
type
master
;
file
"ttlpatch.example.db.patched"
;
};
include
"trusted.conf"
;
bin/tests/system/dnssec/ns3/sign.sh
View file @
664917be
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.3
7 2011/02/23 11:30:35 marka
Exp $
# $Id: sign.sh,v 1.3
8 2011/02/28 14:21:35 fdupont
Exp $
SYSTEMTESTTOP
=
../..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -325,3 +325,18 @@ zonefile=secure.below-cname.example.db
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
1024
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-o
$zone
$zonefile
>
/dev/null 2>&1
#
# Patched TTL test zone.
#
zone
=
ttlpatch.example.
infile
=
ttlpatch.example.db.in
zonefile
=
ttlpatch.example.db
signedfile
=
ttlpatch.example.db.signed
patchedfile
=
ttlpatch.example.db.patched
keyname
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
RSASHA1
-b
768
-n
zone
$zone
`
cat
$infile
$keyname
.key
>
$zonefile
$SIGNER
-P
-r
$RANDFILE
-f
$signedfile
-o
$zone
$zonefile
>
/dev/null 2>&1
sed
's/300/3600/'
$signedfile
>
$patchedfile
bin/tests/system/dnssec/ns3/ttlpatch.example.db.in
0 → 100644
View file @
664917be
; Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC")
; Copyright (C) 2000, 2001 Internet Software Consortium.
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: ttlpatch.example.db.in,v 1.2 2011/02/28 14:21:35 fdupont Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
NS ns
ns A 10.53.0.3
a A 10.0.0.1
b A 10.0.0.2
d A 10.0.0.4
z A 10.0.0.26
bin/tests/system/dnssec/tests.sh
View file @
664917be
...
...
@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.7
8 2011/02/24 03:04:43 marka
Exp $
# $Id: tests.sh,v 1.7
9 2011/02/28 14:21:35 fdupont
Exp $
SYSTEMTESTTOP
=
..
.
$SYSTEMTESTTOP
/conf.sh
...
...
@@ -977,6 +977,18 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:checking validated data are not cached longer than originalttl (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+ttl +noauth a.ttlpatch.example. @10.53.0.3 a
>
dig.out.ns3.test
$n
||
ret
=
1
$DIG
$DIGOPTS
+ttl +noauth a.ttlpatch.example. @10.53.0.4 a
>
dig.out.ns4.test
$n
||
ret
=
1
grep
"3600.IN"
dig.out.ns3.test
$n
>
/dev/null
||
ret
=
1
grep
"300.IN"
dig.out.ns3.test
$n
>
/dev/null
&&
ret
=
1
grep
"300.IN"
dig.out.ns4.test
$n
>
/dev/null
||
ret
=
1
grep
"3600.IN"
dig.out.ns4.test
$n
>
/dev/null
&&
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
# Test that "rndc secroots" is able to dump trusted keys
echo
"I:checking rndc secroots (
$n
)"
ret
=
0
...
...
lib/dns/validator.c
View file @
664917be
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.c,v 1.19
8 2011/02/21 23:37:31 marka
Exp $ */
/* $Id: validator.c,v 1.19
9 2011/02/28 14:21:35 fdupont
Exp $ */
#include <config.h>
...
...
@@ -2058,7 +2058,8 @@ validate(dns_validator_t *val, isc_boolean_t resume) {
isc_stdtime_get
(
&
now
);
ttl
=
ISC_MIN
(
event
->
rdataset
->
ttl
,
val
->
siginfo
->
timeexpire
-
now
);
ISC_MIN
(
val
->
siginfo
->
originalttl
,
val
->
siginfo
->
timeexpire
-
now
));
event
->
rdataset
->
ttl
=
ttl
;
event
->
sigrdataset
->
ttl
=
ttl
;
}
...
...
util/copyrights
View file @
664917be
...
...
@@ -784,6 +784,7 @@
./bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in ZONE 2008
./bin/tests/system/dnssec/ns3/secure.optout.example.db.in ZONE 2008
./bin/tests/system/dnssec/ns3/sign.sh SH 2000,2001,2002,2004,2006,2007,2008,2009,2010,2011
./bin/tests/system/dnssec/ns3/ttlpatch.example.db.in ZONE 2011
./bin/tests/system/dnssec/ns3/update-nsec3.example.db.in ZONE 2011
./bin/tests/system/dnssec/ns4/.cvsignore X 2000,2001
./bin/tests/system/dnssec/ns4/named.conf CONF-C 2000,2001,2004,2006,2007,2010
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment