Commit 8ef23f9f authored by Mark Andrews's avatar Mark Andrews Committed by Witold Krecicki
Browse files

the presence of a DNAME record proves that the name does not exist in the zone...

the presence of a DNAME record proves that the name does not exist in the zone but as we don't want to use that for NXDMOMAIN return DNS_R_DNAME from dns_nsec_noexistnodata
parent 7f60bb39
Pipeline #2883 passed with stages
in 7 minutes and 55 seconds
......@@ -101,6 +101,9 @@ dns_nsec_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
* or we can determine whether there is data or not at the name.
* If the name does not exist return the wildcard name.
*
* Return DNS_R_DNAME when the NSEC indicates that name is covered by
* a DNAME. 'wild' is not set in this case.
*
* Return ISC_R_IGNORE when the NSEC is not the appropriate one.
*/
......
......@@ -374,8 +374,7 @@ dns_nsec_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
}
if (relation == dns_namereln_subdomain &&
(dns_nsec_typepresent(&rdata, dns_rdatatype_dname) ||
dns_nsec_typepresent(&rdata, dns_rdatatype_ns)) &&
dns_nsec_typepresent(&rdata, dns_rdatatype_ns) &&
!dns_nsec_typepresent(&rdata, dns_rdatatype_soa))
{
/*
......@@ -388,6 +387,15 @@ dns_nsec_noexistnodata(dns_rdatatype_t type, const dns_name_t *name,
return (ISC_R_IGNORE);
}
if (relation == dns_namereln_subdomain &&
dns_nsec_typepresent(&rdata, dns_rdatatype_dname))
{
(*logit)(arg, ISC_LOG_DEBUG(3),
"nsec proves covered by dname");
*exists = ISC_FALSE;
return (DNS_R_DNAME);
}
result = dns_rdata_tostruct(&rdata, &nsec, NULL);
if (result != ISC_R_SUCCESS)
return (result);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment