Commit 93143fd8 authored by Evan Hunt's avatar Evan Hunt
Browse files

3273. [bug] AAAA responses could be returned in the additional

                        section even when filter-aaaa-on-v4 was in use.
                        [RT #27292]
parent f26d91eb
3273. [bug] AAAA responses could be returned in the additional
section even when filter-aaaa-on-v4 was in use.
[RT #27292]
3272. [func] New "rndc zonestatus" command prints information
about the specified zone. [RT #21671]
3271. [port] darwin: mksymtbl is not always stable, loop several 3271. [port] darwin: mksymtbl is not always stable, loop several
times before giving up. mksymtbl was using non times before giving up. mksymtbl was using non
portable perl to covert 64 bit hex strings. [RT #27653] portable perl to covert 64 bit hex strings. [RT #27653]
3271. [func] New "rndc zonestatus" command prints information
about the specified zone. [RT #21671]
--- 9.9.0rc2 released --- --- 9.9.0rc2 released ---
3270. [bug] "rndc reload" didn't reuse existing zones correctly 3270. [bug] "rndc reload" didn't reuse existing zones correctly
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: client.c,v 1.284 2011/11/09 22:05:09 each Exp $ */ /* $Id: client.c,v 1.285 2012/01/31 06:58:38 each Exp $ */
#include <config.h> #include <config.h>
...@@ -929,6 +929,15 @@ ns_client_send(ns_client_t *client) { ...@@ -929,6 +929,15 @@ ns_client_send(ns_client_t *client) {
render_opts = 0; render_opts = 0;
else else
render_opts = DNS_MESSAGERENDER_OMITDNSSEC; render_opts = DNS_MESSAGERENDER_OMITDNSSEC;
preferred_glue = 0;
if (client->view != NULL) {
if (client->view->preferred_glue == dns_rdatatype_a)
preferred_glue = DNS_MESSAGERENDER_PREFER_A;
else if (client->view->preferred_glue == dns_rdatatype_aaaa)
preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
}
#ifdef ALLOW_FILTER_AAAA_ON_V4 #ifdef ALLOW_FILTER_AAAA_ON_V4
/* /*
* filter-aaaa-on-v4 yes or break-dnssec option to suppress * filter-aaaa-on-v4 yes or break-dnssec option to suppress
...@@ -937,17 +946,15 @@ ns_client_send(ns_client_t *client) { ...@@ -937,17 +946,15 @@ ns_client_send(ns_client_t *client) {
* that we have both AAAA and A records, * that we have both AAAA and A records,
* and that we either have no signatures that the client wants * and that we either have no signatures that the client wants
* or we are supposed to break DNSSEC. * or we are supposed to break DNSSEC.
*
* Override preferred glue if necessary.
*/ */
if ((client->attributes & NS_CLIENTATTR_FILTER_AAAA) != 0) if ((client->attributes & NS_CLIENTATTR_FILTER_AAAA) != 0) {
render_opts |= DNS_MESSAGERENDER_FILTER_AAAA; render_opts |= DNS_MESSAGERENDER_FILTER_AAAA;
#endif if (preferred_glue == DNS_MESSAGERENDER_PREFER_AAAA)
preferred_glue = 0;
if (client->view != NULL) {
if (client->view->preferred_glue == dns_rdatatype_a)
preferred_glue = DNS_MESSAGERENDER_PREFER_A; preferred_glue = DNS_MESSAGERENDER_PREFER_A;
else if (client->view->preferred_glue == dns_rdatatype_aaaa)
preferred_glue = DNS_MESSAGERENDER_PREFER_AAAA;
} }
#endif
/* /*
* XXXRTH The following doesn't deal with TCP buffer resizing. * XXXRTH The following doesn't deal with TCP buffer resizing.
...@@ -2110,6 +2117,9 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) { ...@@ -2110,6 +2117,9 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
client->recursionquota = NULL; client->recursionquota = NULL;
client->interface = NULL; client->interface = NULL;
client->peeraddr_valid = ISC_FALSE; client->peeraddr_valid = ISC_FALSE;
#ifdef ALLOW_FILTER_AAAA_ON_V4
client->filter_aaaa = dns_v4_aaaa_ok;
#endif
ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL, ISC_EVENT_INIT(&client->ctlevent, sizeof(client->ctlevent), 0, NULL,
NS_EVENT_CLIENTCONTROL, client_start, client, client, NS_EVENT_CLIENTCONTROL, client_start, client, client,
NULL, NULL); NULL, NULL);
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: client.h,v 1.94 2011/10/11 23:46:44 tbox Exp $ */ /* $Id: client.h,v 1.95 2012/01/31 06:58:38 each Exp $ */
#ifndef NAMED_CLIENT_H #ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1 #define NAMED_CLIENT_H 1
...@@ -141,6 +141,9 @@ struct ns_client { ...@@ -141,6 +141,9 @@ struct ns_client {
isc_netaddr_t destaddr; isc_netaddr_t destaddr;
struct in6_pktinfo pktinfo; struct in6_pktinfo pktinfo;
isc_event_t ctlevent; isc_event_t ctlevent;
#ifdef ALLOW_FILTER_AAAA_ON_V4
dns_v4_aaaa_t filter_aaaa;
#endif
/*% /*%
* Information about recent FORMERR response(s), for * Information about recent FORMERR response(s), for
* FORMERR loop avoidance. This is separate for each * FORMERR loop avoidance. This is separate for each
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: query.c,v 1.381 2012/01/07 00:19:59 each Exp $ */ /* $Id: query.c,v 1.382 2012/01/31 06:58:38 each Exp $ */
/*! \file */ /*! \file */
...@@ -1352,6 +1352,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { ...@@ -1352,6 +1352,10 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
} }
if (qtype == dns_rdatatype_a) { if (qtype == dns_rdatatype_a) {
#ifdef ALLOW_FILTER_AAAA_ON_V4
isc_boolean_t have_a = ISC_FALSE;
#endif
/* /*
* We now go looking for A and AAAA records, along with * We now go looking for A and AAAA records, along with
* their signatures. * their signatures.
...@@ -1390,6 +1394,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { ...@@ -1390,6 +1394,9 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
} }
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
mname = NULL; mname = NULL;
#ifdef ALLOW_FILTER_AAAA_ON_V4
have_a = ISC_TRUE;
#endif
if (!query_isduplicate(client, fname, if (!query_isduplicate(client, fname,
dns_rdatatype_a, &mname)) { dns_rdatatype_a, &mname)) {
if (mname != NULL) { if (mname != NULL) {
...@@ -1436,6 +1443,17 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) { ...@@ -1436,6 +1443,17 @@ query_addadditional(void *arg, dns_name_t *name, dns_rdatatype_t qtype) {
} }
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
mname = NULL; mname = NULL;
/*
* There's an A; check whether we're filtering AAAA
*/
#ifdef ALLOW_FILTER_AAAA_ON_V4
if (have_a &&
(client->filter_aaaa == dns_v4_aaaa_break_dnssec ||
(client->filter_aaaa == dns_v4_aaaa_filter &&
(!WANTDNSSEC(client) || sigrdataset == NULL ||
!dns_rdataset_isassociated(sigrdataset)))))
goto addname;
#endif
if (!query_isduplicate(client, fname, if (!query_isduplicate(client, fname,
dns_rdatatype_aaaa, &mname)) { dns_rdatatype_aaaa, &mname)) {
if (mname != NULL) { if (mname != NULL) {
...@@ -6638,9 +6656,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -6638,9 +6656,21 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
need_wildcardproof = ISC_TRUE; need_wildcardproof = ISC_TRUE;
} }
#ifdef ALLOW_FILTER_AAAA_ON_V4
if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
is_v4_client(client) &&
ns_client_checkaclsilent(client, NULL,
client->view->v4_aaaa_acl,
ISC_TRUE) == ISC_R_SUCCESS)
client->filter_aaaa = client->view->v4_aaaa;
else
client->filter_aaaa = dns_v4_aaaa_ok;
#endif
if (type == dns_rdatatype_any) { if (type == dns_rdatatype_any) {
#ifdef ALLOW_FILTER_AAAA_ON_V4 #ifdef ALLOW_FILTER_AAAA_ON_V4
isc_boolean_t have_aaaa, have_a, have_sig, filter_aaaa; isc_boolean_t have_aaaa, have_a, have_sig;
/* /*
* The filter-aaaa-on-v4 option should * The filter-aaaa-on-v4 option should
...@@ -6652,14 +6682,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -6652,14 +6682,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
have_aaaa = ISC_FALSE; have_aaaa = ISC_FALSE;
have_a = !authoritative; have_a = !authoritative;
have_sig = ISC_FALSE; have_sig = ISC_FALSE;
if (client->view->v4_aaaa != dns_v4_aaaa_ok &&
is_v4_client(client) &&
ns_client_checkaclsilent(client, NULL,
client->view->v4_aaaa_acl,
ISC_TRUE) == ISC_R_SUCCESS)
filter_aaaa = ISC_TRUE;
else
filter_aaaa = ISC_FALSE;
#endif #endif
/* /*
* XXXRTH Need to handle zonecuts with special case * XXXRTH Need to handle zonecuts with special case
...@@ -6694,7 +6716,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -6694,7 +6716,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* Notice the presence of A and AAAAs so * Notice the presence of A and AAAAs so
* that AAAAs can be hidden from IPv4 clients. * that AAAAs can be hidden from IPv4 clients.
*/ */
if (filter_aaaa) { if (client->filter_aaaa != dns_v4_aaaa_ok) {
if (rdataset->type == dns_rdatatype_aaaa) if (rdataset->type == dns_rdatatype_aaaa)
have_aaaa = ISC_TRUE; have_aaaa = ISC_TRUE;
else if (rdataset->type == dns_rdatatype_a) else if (rdataset->type == dns_rdatatype_a)
...@@ -6751,10 +6773,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -6751,10 +6773,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* Filter AAAAs if there is an A and there is no signature * Filter AAAAs if there is an A and there is no signature
* or we are supposed to break DNSSEC. * or we are supposed to break DNSSEC.
*/ */
if (filter_aaaa && have_aaaa && have_a && if (client->filter_aaaa == dns_v4_aaaa_break_dnssec)
(!have_sig || !WANTDNSSEC(client) ||
client->view->v4_aaaa == dns_v4_aaaa_break_dnssec))
client->attributes |= NS_CLIENTATTR_FILTER_AAAA; client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
else if (client->filter_aaaa != dns_v4_aaaa_ok &&
have_aaaa && have_a &&
(!have_sig || !WANTDNSSEC(client)))
client->attributes |= NS_CLIENTATTR_FILTER_AAAA;
#endif #endif
if (fname != NULL) if (fname != NULL)
dns_message_puttempname(client->message, &fname); dns_message_puttempname(client->message, &fname);
...@@ -6815,15 +6839,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) ...@@ -6815,15 +6839,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
* so fundamentally wrong, unavoidably inaccurate, and * so fundamentally wrong, unavoidably inaccurate, and
* unneeded that it is best to keep it as short as possible. * unneeded that it is best to keep it as short as possible.
*/ */
if (client->view->v4_aaaa != dns_v4_aaaa_ok && if (client->filter_aaaa == dns_v4_aaaa_break_dnssec ||
is_v4_client(client) && (client->filter_aaaa == dns_v4_aaaa_filter &&
ns_client_checkaclsilent(client, NULL, (!WANTDNSSEC(client) || sigrdataset == NULL ||
client->view->v4_aaaa_acl, !dns_rdataset_isassociated(sigrdataset))))
ISC_TRUE) == ISC_R_SUCCESS && {
(!WANTDNSSEC(client) ||
sigrdataset == NULL ||
!dns_rdataset_isassociated(sigrdataset) ||
client->view->v4_aaaa == dns_v4_aaaa_break_dnssec)) {
if (qtype == dns_rdatatype_aaaa) { if (qtype == dns_rdatatype_aaaa) {
trdataset = query_newrdataset(client); trdataset = query_newrdataset(client);
result = dns_db_findrdataset(db, node, version, result = dns_db_findrdataset(db, node, version,
......
...@@ -12,12 +12,13 @@ ...@@ -12,12 +12,13 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE. ; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db,v 1.2 2010/06/22 03:58:37 marka Exp $ ; $Id: root.db,v 1.3 2012/01/31 06:58:38 each Exp $
$TTL 120 $TTL 120
@ SOA ns.utld hostmaster.ns.utld ( 1 3600 1200 604800 60 ) @ SOA ns.utld hostmaster.ns.utld ( 1 3600 1200 604800 60 )
@ NS ns.utld @ NS ns.utld
ns.utld A 10.53.0.1 ns.utld A 10.53.0.1
ns.utld AAAA fd92:7065:b8e:ffff::1
; ;
signed NS ns.utld signed NS ns.utld
unsigned NS ns.utld unsigned NS ns.utld
...@@ -12,12 +12,15 @@ ...@@ -12,12 +12,15 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE. ; PERFORMANCE OF THIS SOFTWARE.
; $Id: signed.db.in,v 1.2 2010/06/22 03:58:37 marka Exp $ ; $Id: signed.db.in,v 1.3 2012/01/31 06:58:38 each Exp $
$TTL 120 $TTL 120
@ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 ) @ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 )
@ NS ns.utld. @ NS ns.utld.
@ MX 10 mx
a-only NS 1.0.0.1 a-only NS 1.0.0.1
aaaa-only AAAA 2001:db8::2 aaaa-only AAAA 2001:db8::2
dual A 1.0.0.3 dual A 1.0.0.3
dual AAAA 2001:db8::3 dual AAAA 2001:db8::3
mx A 1.0.0.3
mx AAAA 2001:db8::3
...@@ -12,12 +12,15 @@ ...@@ -12,12 +12,15 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE. ; PERFORMANCE OF THIS SOFTWARE.
; $Id: unsigned.db,v 1.2 2010/06/22 03:58:37 marka Exp $ ; $Id: unsigned.db,v 1.3 2012/01/31 06:58:38 each Exp $
$TTL 120 $TTL 120
@ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 ) @ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 )
@ NS ns.utld. @ NS ns.utld.
@ MX 10 mx
a-only NS 1.0.0.4 a-only NS 1.0.0.4
aaaa-only AAAA 2001:db8::5 aaaa-only AAAA 2001:db8::5
dual A 1.0.0.6 dual A 1.0.0.6
dual AAAA 2001:db8::6 dual AAAA 2001:db8::6
mx A 1.0.0.3
mx AAAA 2001:db8::3
...@@ -12,12 +12,13 @@ ...@@ -12,12 +12,13 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE. ; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db,v 1.2 2010/06/22 03:58:38 marka Exp $ ; $Id: root.db,v 1.3 2012/01/31 06:58:38 each Exp $
$TTL 120 $TTL 120
@ SOA ns.utld hostmaster.ns.utld ( 1 3600 1200 604800 60 ) @ SOA ns.utld hostmaster.ns.utld ( 1 3600 1200 604800 60 )
@ NS ns.utld @ NS ns.utld
ns.utld A 10.53.0.1 ns.utld A 10.53.0.1
ns.utld AAAA fd92:7065:b8e:ffff::1
; ;
signed NS ns.utld signed NS ns.utld
unsigned NS ns.utld unsigned NS ns.utld
...@@ -12,12 +12,15 @@ ...@@ -12,12 +12,15 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE. ; PERFORMANCE OF THIS SOFTWARE.
; $Id: signed.db.in,v 1.2 2010/06/22 03:58:38 marka Exp $ ; $Id: signed.db.in,v 1.3 2012/01/31 06:58:38 each Exp $
$TTL 120 $TTL 120
@ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 ) @ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 )
@ NS ns.utld. @ NS ns.utld.
@ MX 10 mx
a-only NS 1.0.0.1 a-only NS 1.0.0.1
aaaa-only AAAA 2001:db8::2 aaaa-only AAAA 2001:db8::2
dual A 1.0.0.3 dual A 1.0.0.3
dual AAAA 2001:db8::3 dual AAAA 2001:db8::3
mx A 1.0.0.3
mx AAAA 2001:db8::3
...@@ -12,12 +12,15 @@ ...@@ -12,12 +12,15 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE. ; PERFORMANCE OF THIS SOFTWARE.
; $Id: unsigned.db,v 1.2 2010/06/22 03:58:38 marka Exp $ ; $Id: unsigned.db,v 1.3 2012/01/31 06:58:39 each Exp $
$TTL 120 $TTL 120
@ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 ) @ SOA ns.utld. hostmaster.ns.utld. ( 1 3600 1200 604800 60 )
@ NS ns.utld. @ NS ns.utld.
@ MX 10 mx
a-only NS 1.0.0.4 a-only NS 1.0.0.4
aaaa-only AAAA 2001:db8::5 aaaa-only AAAA 2001:db8::5
dual A 1.0.0.6 dual A 1.0.0.6
dual AAAA 2001:db8::6 dual AAAA 2001:db8::6
mx A 1.0.0.3
mx AAAA 2001:db8::3
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.2 2010/06/22 03:58:36 marka Exp $ # $Id: tests.sh,v 1.3 2012/01/31 06:58:38 each Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
...@@ -174,6 +174,45 @@ else ...@@ -174,6 +174,45 @@ else
echo "I: skipped." echo "I: skipped."
fi fi
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)"
ret=0
$DIG $DIGOPTS +add ns unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep AAAA dig.out.ns1.test$n > /dev/null 2>&1 && ret=1
grep "ADDITIONAL: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)"
ret=0
$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)"
ret=0
$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.1 @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep "^mx.signed.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6 ($n)"
if $TESTSOCK6 fd92:7065:b8e:ffff::1
then
ret=0
$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::1 @fd92:7065:b8e:ffff::1 > dig.out.ns1.test$n || ret=1
grep "^mx.unsigned.*AAAA" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
else
echo "I: skipped."
fi
# #
# Authoritative tests against: # Authoritative tests against:
# filter-aaaa-on-v4 break-dnssec; # filter-aaaa-on-v4 break-dnssec;
...@@ -303,6 +342,45 @@ else ...@@ -303,6 +342,45 @@ else
echo "I: skipped." echo "I: skipped."
fi fi
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=NS, with break-dnssec ($n)"
ret=0
$DIG $DIGOPTS +add ns unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep AAAA dig.out.ns4.test$n > /dev/null 2>&1 && ret=1
grep "ADDITIONAL: 2" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned, with break-dnssec ($n)"
ret=0
$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=MX, signed, with break-dnssec ($n)"
ret=0
$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.4 @10.53.0.4 > dig.out.ns4.test$n || ret=1
grep "^mx.signed.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6, with break-dnssec ($n)"
if $TESTSOCK6 fd92:7065:b8e:ffff::4
then
ret=0
$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::4 @fd92:7065:b8e:ffff::4 > dig.out.ns4.test$n || ret=1
grep "^mx.unsigned.*AAAA" dig.out.ns4.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
else
echo "I: skipped."
fi
# #
# Recursive tests against: # Recursive tests against:
# filter-aaaa-on-v4 yes; # filter-aaaa-on-v4 yes;
...@@ -431,6 +509,45 @@ else ...@@ -431,6 +509,45 @@ else
echo "I: skipped." echo "I: skipped."
fi fi
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=NS ($n)"
ret=0
$DIG $DIGOPTS +add ns unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep AAAA dig.out.ns2.test$n > /dev/null 2>&1 && ret=1
grep "ADDITIONAL: 2" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is omitted from additional section, qtype=MX, unsigned ($n)"
ret=0
$DIG $DIGOPTS +add +dnssec mx unsigned -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is included in additional section, qtype=MX, signed ($n)"
ret=0
$DIG $DIGOPTS +add +dnssec mx signed -b 10.53.0.2 @10.53.0.2 > dig.out.ns2.test$n || ret=1
grep "^mx.signed.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:checking that AAAA is included in additional section, qtype=MX, unsigned, over IPV6 ($n)"
if $TESTSOCK6 fd92:7065:b8e:ffff::2
then
ret=0
$DIG $DIGOPTS +add +dnssec mx unsigned -b fd92:7065:b8e:ffff::2 @fd92:7065:b8e:ffff::2 > dig.out.ns2.test$n || ret=1
grep "^mx.unsigned.*AAAA" dig.out.ns2.test$n > /dev/null 2>&1 || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
else
echo "I: skipped."
fi
# #
# Recursive tests against: # Recursive tests against:
# filter-aaaa-on-v4 break-dnssec; # filter-aaaa-on-v4 break-dnssec;
...@@ -559,5 +676,43 @@ else ...@@ -559,5 +676,43 @@ else
echo "I: skipped." echo "I: skipped."