Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
8bedd964
Commit
8bedd964
authored
Sep 19, 2007
by
Mark Andrews
Browse files
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
parent
69f3cb5a
Changes
3
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
8bedd964
2245. [bug] Validating lack of DS records at trust anchors wasn't
working. [RT #17151]
2244. [func] Allow the check of nameserver names against the
SOA MNAME field to be disabled by specifying
'notify-to-soa yes;'. [RT #17073]
...
...
lib/dns/include/dns/validator.h
View file @
8bedd964
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.h,v 1.3
8
2007/0
6
/1
8 23:47:42 tbox
Exp $ */
/* $Id: validator.h,v 1.3
9
2007/0
9
/1
9 03:38:56 marka
Exp $ */
#ifndef DNS_VALIDATOR_H
#define DNS_VALIDATOR_H 1
...
...
@@ -81,11 +81,24 @@ typedef struct dns_validatorevent {
ISC_EVENT_COMMON
(
struct
dns_validatorevent
);
dns_validator_t
*
validator
;
isc_result_t
result
;
/*
* Name and type of the response to be validated.
*/
dns_name_t
*
name
;
dns_rdatatype_t
type
;
/*
* Rdata and RRSIG (if any) for positive responses.
*/
dns_rdataset_t
*
rdataset
;
dns_rdataset_t
*
sigrdataset
;
/*
* The full response. Required for negative responses.
* Also required for positive wildcard responses.
*/
dns_message_t
*
message
;
/*
* Proofs to be cached.
*/
dns_name_t
*
proofs
[
3
];
}
dns_validatorevent_t
;
...
...
lib/dns/validator.c
View file @
8bedd964
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.c,v 1.15
4
2007/09/1
4
0
5:43:0
5 marka Exp $ */
/* $Id: validator.c,v 1.15
5
2007/09/1
9
0
3:38:5
5 marka Exp $ */
#include
<config.h>
...
...
@@ -2390,6 +2390,10 @@ finddlvsep(dns_validator_t *val, isc_boolean_t resume) {
dns_fixedname_init
(
&
val
->
dlvsep
);
dlvsep
=
dns_fixedname_name
(
&
val
->
dlvsep
);
dns_name_copy
(
val
->
event
->
name
,
dlvsep
,
NULL
);
/*
* If this is a response to a DS query, we need to look in
* the parent zone for the trust anchor.
*/
if
(
val
->
event
->
type
==
dns_rdatatype_ds
)
{
labels
=
dns_name_countlabels
(
dlvsep
);
if
(
labels
==
0
)
...
...
@@ -2492,9 +2496,16 @@ proveunsecure(dns_validator_t *val, isc_boolean_t resume) {
if
(
val
->
havedlvsep
)
dns_name_copy
(
dns_fixedname_name
(
&
val
->
dlvsep
),
secroot
,
NULL
);
else
{
dns_name_copy
(
val
->
event
->
name
,
secroot
,
NULL
);
/*
* If this is a response to a DS query, we need to look in
* the parent zone for the trust anchor.
*/
if
(
val
->
event
->
type
==
dns_rdatatype_ds
&&
dns_name_countlabels
(
secroot
)
>
1U
)
dns_name_split
(
secroot
,
1
,
NULL
,
secroot
);
result
=
dns_keytable_finddeepestmatch
(
val
->
keytable
,
val
->
event
->
name
,
secroot
);
secroot
,
secroot
);
if
(
result
==
ISC_R_NOTFOUND
)
{
validator_log
(
val
,
ISC_LOG_DEBUG
(
3
),
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment