Commit 74dd289a authored by Ondřej Surý's avatar Ondřej Surý
Browse files

Merge branch '209-glue-is-no-longer-included' into 'master'

Resolve "Glue is no longer included for non-DNSSEC-signed zones since CHANGE 4596"

Closes #209

See merge request !247
parents f03d68a7 dfd73d7e
Pipeline #1699 passed with stages
in 8 minutes and 13 seconds
4946. [bug] Additional glue was not being returned by resolver
for unsigned zones since change 4596. [GL #209]
4945. [func] BIND can no longer be built without DNSSEC support.
A cryptography provder (i.e., OpenSSL or a hardware
service module with PKCS#11 support) must be
......
......@@ -73,6 +73,18 @@ stripns () {
awk '($4 == "NS") || ($4 == "RRSIG" && $5 == "NS") { next} { print }' $1
}
# Check that for a query against a validating resolver where the
# authoritative zone is unsigned (insecure delegation), glue is returned
# in the additional section
echo_i "checking that additional glue is returned for unsigned delegation ($n)"
ret=0
$DIG +tcp +dnssec -p ${PORT} a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
grep "ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null || ret=1
grep "ns\.insecure\.example\..*A.10\.53\.0\.3" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
# Check the example. domain
echo_i "checking that zone transfer worked ($n)"
......
......@@ -1880,8 +1880,7 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
mname = NULL;
have_a = ISC_TRUE;
if (additionaltype == dns_rdatasetadditional_fromcache &&
(DNS_TRUST_PENDING(rdataset->trust) ||
DNS_TRUST_GLUE(rdataset->trust)) &&
DNS_TRUST_PENDING(rdataset->trust) &&
!validate(client, db, fname, rdataset, sigrdataset))
{
dns_rdataset_disassociate(rdataset);
......@@ -1945,8 +1944,7 @@ query_addadditional(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
!dns_rdataset_isassociated(sigrdataset)))))
goto addname;
if (additionaltype == dns_rdatasetadditional_fromcache &&
(DNS_TRUST_PENDING(rdataset->trust) ||
DNS_TRUST_GLUE(rdataset->trust)) &&
DNS_TRUST_PENDING(rdataset->trust) &&
!validate(client, db, fname, rdataset, sigrdataset))
{
dns_rdataset_disassociate(rdataset);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment