Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
840d6a46
Commit
840d6a46
authored
Aug 22, 2014
by
Mark Andrews
Browse files
3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917
parent
251be6e9
Changes
9
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
840d6a46
3925. [bug] DS lookup of RFC 1918 empty zones failed. [RT #36917]
3924. [bug] Improve 'rndc addzone' error reporting. [RT #35187]
3923. [bug] Sanity check the xml2-config output. [RT #22246]
...
...
bin/tests/system/dnssec/clean.sh
View file @
840d6a46
...
...
@@ -27,6 +27,7 @@ rm -f ns2/private.secure.example.db
rm
-f
ns2/badparam.db ns2/badparam.db.bad
rm
-f
ns2/single-nsec3.db
rm
-f
ns2/nsec3chain-test.db
rm
-f
ns2/in-addr.arpa.db
rm
-f
*
/example.bk
rm
-f
dig.out.
*
rm
-f
rndc.out.
*
...
...
bin/tests/system/dnssec/ns1/root.db.in
View file @
840d6a46
...
...
@@ -34,3 +34,4 @@ algroll NS ns2.algroll
ns2.algroll. A 10.53.0.2
optout-tld NS ns6.optout-tld.
ns6.optout-tld. A 10.53.0.6
in-addr.arpa. NS ns2.example.
bin/tests/system/dnssec/ns1/sign.sh
View file @
840d6a46
...
...
@@ -28,6 +28,8 @@ zonefile=root.db
cp
../ns2/dsset-example.
.
cp
../ns2/dsset-dlv.
.
cp
../ns2/dsset-in-addr.arpa.
.
grep
"8 [12] "
../ns2/dsset-algroll.
>
dsset-algroll.
cp
../ns6/dsset-optout-tld.
.
...
...
bin/tests/system/dnssec/ns2/in-addr.arpa.db.in
0 → 100644
View file @
840d6a46
$TTL 3600
@ SOA ns2.example. . 1 3600 1200 86400 1200
@ NS ns2.example.
;
; As we are testing empty zone behaviour ns3 doesn't need to be
; configured to serve 10.in-addr.arpa.
;
10 NS ns3.example.
bin/tests/system/dnssec/ns2/named.conf
View file @
840d6a46
...
...
@@ -102,4 +102,9 @@ zone "nsec3chain-test" {
allow
-
update
{
any
;};
};
zone
"in-addr.arpa"
{
type
master
;
file
"in-addr.arpa.db.signed"
;
};
include
"trusted.conf"
;
bin/tests/system/dnssec/ns2/sign.sh
View file @
840d6a46
...
...
@@ -87,6 +87,18 @@ tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
{ print; }'
>
$zonefile
.signed++
&&
mv
$zonefile
.signed++
$zonefile
.signed
#
# signed in-addr.arpa w/ a delegation for 10.in-addr.arpa which is unsigned.
#
zone
=
in
-addr
.arpa.
infile
=
in
-addr
.arpa.db.in
zonefile
=
in
-addr
.arpa.db
keyname1
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
DSA
-b
768
-n
zone
$zone
`
keyname2
=
`
$KEYGEN
-q
-r
$RANDFILE
-a
DSA
-b
768
-n
zone
$zone
`
cat
$infile
$keyname1
.key
$keyname2
.key
>
$zonefile
$SIGNER
-P
-g
-r
$RANDFILE
-o
$zone
-k
$keyname1
$zonefile
$keyname2
>
/dev/null
# Sign the privately secure file
...
...
bin/tests/system/dnssec/tests.sh
View file @
840d6a46
...
...
@@ -1854,6 +1854,16 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:checking that DS at a RFC 1918 empty zone lookup succeeds (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth 10.in-addr.arpa ds @10.53.0.2
>
dig.out.ns2.test
$n
||
ret
=
1
$DIG
$DIGOPTS
+noauth 10.in-addr.arpa ds @10.53.0.6
>
dig.out.ns6.test
$n
||
ret
=
1
$PERL
../digcomp.pl dig.out.ns2.test
$n
dig.out.ns6.test
$n
||
ret
=
1
grep
"status: NOERROR"
dig.out.ns6.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:checking expired signatures remain with "
'"allow-update { none; };"'
" and no keys available (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+noauth expired.example. +dnssec @10.53.0.3 soa
>
dig.out.ns3.test
$n
||
ret
=
1
...
...
lib/dns/view.c
View file @
840d6a46
...
...
@@ -1207,6 +1207,7 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
dns_name_t
*
zfname
;
dns_rdataset_t
zrdataset
,
zsigrdataset
;
dns_fixedname_t
zfixedname
;
unsigned
int
ztoptions
=
0
;
REQUIRE
(
DNS_VIEW_VALID
(
view
));
REQUIRE
(
view
->
frozen
);
...
...
@@ -1228,9 +1229,12 @@ dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
*/
zone
=
NULL
;
LOCK
(
&
view
->
lock
);
if
(
view
->
zonetable
!=
NULL
)
result
=
dns_zt_find
(
view
->
zonetable
,
name
,
0
,
NULL
,
&
zone
);
else
if
(
view
->
zonetable
!=
NULL
)
{
if
((
options
&
DNS_DBFIND_NOEXACT
)
!=
0
)
ztoptions
|=
DNS_ZTFIND_NOEXACT
;
result
=
dns_zt_find
(
view
->
zonetable
,
name
,
ztoptions
,
NULL
,
&
zone
);
}
else
result
=
ISC_R_NOTFOUND
;
UNLOCK
(
&
view
->
lock
);
if
(
result
==
ISC_R_SUCCESS
||
result
==
DNS_R_PARTIALMATCH
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment