Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
a59d687d
Commit
a59d687d
authored
Oct 24, 2017
by
Mark Andrews
Browse files
4778. [test] Improve synth-from-dnssec testing. [RT #46352]
parent
89636d8f
Changes
7
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
a59d687d
4778. [test] Improve synth-from-dnssec testing. [RT #46352]
4777. [cleanup] Removed a redundant call to configure_view_acl().
[RT #46369]
...
...
bin/tests/system/synthfromdnssec/ns4/named.conf
0 → 100644
View file @
a59d687d
/*
*
Copyright
(
C
)
2017
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
This
Source
Code
Form
is
subject
to
the
terms
of
the
Mozilla
Public
*
License
,
v
.
2
.
0
.
If
a
copy
of
the
MPL
was
not
distributed
with
this
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*/
//
NS4
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
4
;
notify
-
source
10
.
53
.
0
.
4
;
transfer
-
source
10
.
53
.
0
.
4
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
4
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
no
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
synth
-
from
-
dnssec
no
;
};
zone
"."
{
type
hint
;
file
"root.hints"
;
};
include
"../ns1/trusted.conf"
;
//
include
"../../common/controls.conf"
;
bin/tests/system/synthfromdnssec/ns4/root.hints
0 → 100644
View file @
a59d687d
; Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
. NS ns1
ns1 A 10.53.0.1
bin/tests/system/synthfromdnssec/ns5/named.conf
0 → 100644
View file @
a59d687d
/*
*
Copyright
(
C
)
2017
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
This
Source
Code
Form
is
subject
to
the
terms
of
the
Mozilla
Public
*
License
,
v
.
2
.
0
.
If
a
copy
of
the
MPL
was
not
distributed
with
this
*
file
,
You
can
obtain
one
at
http
://
mozilla
.
org
/
MPL
/
2
.
0
/.
*/
//
NS5
controls
{ /*
empty
*/ };
options
{
query
-
source
address
10
.
53
.
0
.
5
;
notify
-
source
10
.
53
.
0
.
5
;
transfer
-
source
10
.
53
.
0
.
5
;
port
5300
;
pid
-
file
"named.pid"
;
listen
-
on
{
10
.
53
.
0
.
5
; };
listen
-
on
-
v6
{
none
; };
recursion
yes
;
notify
no
;
dnssec
-
enable
yes
;
dnssec
-
validation
yes
;
synth
-
from
-
dnssec
yes
;
};
zone
"."
{
type
hint
;
file
"root.hints"
;
};
include
"../ns1/trusted.conf"
;
bin/tests/system/synthfromdnssec/ns5/root.hints
0 → 100644
View file @
a59d687d
; Copyright (C) 2017 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
. NS ns1
ns1 A 10.53.0.1
bin/tests/system/synthfromdnssec/tests.sh
View file @
a59d687d
...
...
@@ -17,49 +17,58 @@ rm -f dig.out.*
DIGOPTS
=
"+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
DELVOPTS
=
"-a ns1/trusted.conf -p 5300"
echo
"I:prime negative NXDOMAIN response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NXDOMAIN,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
nxdomain
=
dig.out.ns2.test
$n
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime negative NODATA response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
nodata.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
nodata
=
dig.out.ns2.test
$n
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime wildcard response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild-a.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"a.wild-a.example.*3600.IN.A"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime wildcard CNAME response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild-cname.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"a.wild-cname.example.*3600.IN.CNAME"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime redirect response (+nodnssec) (
$n
)"
for
ns
in
2 4 5
do
case
$ns
in
2
)
description
=
"<default>"
;;
4
)
description
=
"no"
;;
5
)
description
=
"yes"
;;
*
)
exit
1
;;
esac
echo
"I:prime negative NXDOMAIN response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NXDOMAIN,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
[
$ns
-eq
${
ns
}
]
&&
nxdomain
=
dig.out.ns
${
ns
}
.test
$n
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime negative NODATA response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
nodata.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
[
$ns
-eq
2
]
&&
nodata
=
dig.out.ns
${
ns
}
.test
$n
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime wildcard response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild-a.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"a.wild-a.example.*3600.IN.A"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:prime wildcard CNAME response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
a.wild-cname.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"a.wild-cname.example.*3600.IN.CNAME"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
done
echo
"I:prime redirect response (+nodnssec) (synth-from-dnssec <default>;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
+nodnssec a.redirect. @10.53.0.3 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
&&
ret
=
1
...
...
@@ -69,54 +78,88 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
#
# ensure TTL of synthesised answers differs from direct answers.
#
sleep
1
$RNDC
-c
../common/rndc.conf
-s
10.53.0.2
-p
9953 dumpdb
echo
"I:check synthesized NXDOMAIN response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NXDOMAIN,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns2.test
$n
>
/dev/null
&&
ret
=
1
$PERL
../digcomp.pl
$nxdomain
dig.out.ns2.test
$n
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check synthesized NODATA response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
nodata.example. @10.53.0.2 aaaa
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns2.test
$n
>
/dev/null
&&
ret
=
1
$PERL
../digcomp.pl
$nodata
dig.out.ns2.test
$n
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check synthesized wildcard response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild-a.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"b
\.
wild-a
\.
example
\.
.*3600.IN.A"
dig.out.ns2.test
$n
>
/dev/null
&&
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check synthesized wildcard CNAME response (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild-cname.example. @10.53.0.2 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
grep
"b.wild-cname.example.*3600.IN.CNAME"
dig.out.ns2.test
$n
>
/dev/null
&&
ret
=
1
grep
"ns1.example.*.IN.A"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check redirect response (+dnssec) (
$n
)"
for
ns
in
2 4 5
do
case
$ns
in
2
)
synth
=
yes
description
=
"<default>"
;;
4
)
synth
=
no
description
=
"no"
;;
5
)
synth
=
yes
description
=
"yes"
;;
*
)
exit
1
;;
esac
echo
"I:check synthesized NXDOMAIN response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NXDOMAIN,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
if
[
${
synth
}
=
yes
]
then
grep
"example.*IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
&&
ret
=
1
else
grep
"example.*3600.IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
fi
$PERL
../digcomp.pl
$nxdomain
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check synthesized NODATA response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
nodata.example. @10.53.0.
${
ns
}
aaaa
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
if
[
${
synth
}
=
yes
]
then
grep
"example.*IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"example.*3600.IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
&&
ret
=
1
else
grep
"example.*3600.IN.SOA"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
fi
$PERL
../digcomp.pl
$nodata
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check synthesized wildcard response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild-a.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
if
[
${
synth
}
=
yes
]
then
grep
"b
\.
wild-a
\.
example
\.
.*IN.A"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"b
\.
wild-a
\.
example
\.
.*3600.IN.A"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
&&
ret
=
1
else
grep
"b
\.
wild-a
\.
example
\.
.*3600.IN.A"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
fi
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check synthesized wildcard CNAME response (synth-from-dnssec
${
description
}
;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.wild-cname.example. @10.53.0.
${
ns
}
a
>
dig.out.ns
${
ns
}
.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"status: NOERROR,"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
if
[
${
synth
}
=
yes
]
then
grep
"b.wild-cname.example.*IN.CNAME"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
grep
"b.wild-cname.example.*3600.IN.CNAME"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
&&
ret
=
1
else
grep
"b.wild-cname.example.*3600.IN.CNAME"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
fi
grep
"ns1.example.*.IN.A"
dig.out.ns
${
ns
}
.test
$n
>
/dev/null
||
ret
=
1
n
=
`
expr
$n
+ 1
`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
done
echo
"I:check redirect response (+dnssec) (synth-from-dnssec <default>;) (
$n
)"
ret
=
0
$DIG
$DIGOPTS
b.redirect. @10.53.0.3 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
||
ret
=
1
...
...
@@ -126,7 +169,7 @@ n=`expr $n + 1`
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I:check redirect response (+nodnssec) (
$n
)"
echo
"I:check redirect response (+nodnssec)
(synth-from-dnssec <default>;)
(
$n
)"
ret
=
0
$DIG
$DIGOPTS
+nodnssec b.redirect. @10.53.0.3 a
>
dig.out.ns2.test
$n
||
ret
=
1
grep
"flags:[^;]* ad[ ;]"
dig.out.ns2.test
$n
>
/dev/null
&&
ret
=
1
...
...
lib/ns/query.c
View file @
a59d687d
...
...
@@ -8338,6 +8338,38 @@ log_noexistnodata(void *val, int level, const char *fmt, ...) {
va_end
(
ap
);
}
static
dns_ttl_t
query_synthttl
(
dns_rdataset_t
*
soardataset
,
dns_rdataset_t
*
sigsoardataset
,
dns_rdataset_t
*
p1rdataset
,
dns_rdataset_t
*
sigp1rdataset
,
dns_rdataset_t
*
p2rdataset
,
dns_rdataset_t
*
sigp2rdataset
)
{
dns_rdata_soa_t
soa
;
dns_rdata_t
rdata
=
DNS_RDATA_INIT
;
dns_ttl_t
ttl
;
isc_result_t
result
;
REQUIRE
(
soardataset
!=
NULL
);
REQUIRE
(
sigsoardataset
!=
NULL
);
REQUIRE
(
p1rdataset
!=
NULL
);
REQUIRE
(
sigp1rdataset
!=
NULL
);
result
=
dns_rdataset_first
(
soardataset
);
RUNTIME_CHECK
(
result
==
ISC_R_SUCCESS
);
dns_rdataset_current
(
soardataset
,
&
rdata
);
dns_rdata_tostruct
(
&
rdata
,
&
soa
,
NULL
);
ttl
=
ISC_MIN
(
soa
.
minimum
,
soardataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
sigsoardataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
p1rdataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
sigp1rdataset
->
ttl
);
if
(
p2rdataset
!=
NULL
)
ttl
=
ISC_MIN
(
ttl
,
p2rdataset
->
ttl
);
if
(
sigp2rdataset
!=
NULL
)
ttl
=
ISC_MIN
(
ttl
,
sigp2rdataset
->
ttl
);
return
(
ttl
);
}
/*
* Synthesize a NODATA response from the SOA and covering NSEC in cache.
*/
...
...
@@ -8354,10 +8386,9 @@ query_synthnodata(query_ctx_t *qctx, const dns_name_t *signer,
/*
* Detemine the correct TTL to use for the SOA and RRSIG
*/
ttl
=
ISC_MIN
(
qctx
->
rdataset
->
ttl
,
qctx
->
sigrdataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
(
*
soardatasetp
)
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
(
*
sigsoardatasetp
)
->
ttl
);
ttl
=
query_synthttl
(
*
soardatasetp
,
*
sigsoardatasetp
,
qctx
->
rdataset
,
qctx
->
sigrdataset
,
NULL
,
NULL
);
(
*
soardatasetp
)
->
ttl
=
(
*
sigsoardatasetp
)
->
ttl
=
ttl
;
/*
...
...
@@ -8559,15 +8590,15 @@ query_synthcnamewildcard(query_ctx_t *qctx, dns_rdataset_t *rdataset,
/*
* Synthesize a NXDOMAIN response from qctx (which contains the
* NODATA proof), nowild + rdataset + sigrdataset (which
contains
* the NOWILDCARD proof) and signer + soardatasetp + sigsoardatasetp
* NODATA proof), nowild +
nowild
rdataset + sig
nowild
rdataset (which
*
contains
the NOWILDCARD proof) and signer + soardatasetp + sigsoardatasetp
* which contain the SOA record + RRSIG for the negative answer.
*/
static
isc_result_t
query_synthnxdomain
(
query_ctx_t
*
qctx
,
dns_name_t
*
nowild
,
dns_rdataset_t
*
rdataset
,
dns_rdataset_t
*
sigrdataset
,
dns_rdataset_t
*
nowild
rdataset
,
dns_rdataset_t
*
sig
nowild
rdataset
,
dns_name_t
*
signer
,
dns_rdataset_t
**
soardatasetp
,
dns_rdataset_t
**
sigsoardatasetp
)
...
...
@@ -8581,12 +8612,9 @@ query_synthnxdomain(query_ctx_t *qctx,
/*
* Detemine the correct TTL to use for the SOA and RRSIG
*/
ttl
=
ISC_MIN
(
qctx
->
rdataset
->
ttl
,
qctx
->
sigrdataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
rdataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
sigrdataset
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
(
*
soardatasetp
)
->
ttl
);
ttl
=
ISC_MIN
(
ttl
,
(
*
sigsoardatasetp
)
->
ttl
);
ttl
=
query_synthttl
(
*
soardatasetp
,
*
sigsoardatasetp
,
qctx
->
rdataset
,
qctx
->
sigrdataset
,
nowildrdataset
,
signowildrdataset
);
(
*
soardatasetp
)
->
ttl
=
(
*
sigsoardatasetp
)
->
ttl
=
ttl
;
/*
...
...
@@ -8651,8 +8679,8 @@ query_synthnxdomain(query_ctx_t *qctx,
goto
cleanup
;
}
dns_rdataset_clone
(
rdataset
,
clone
);
dns_rdataset_clone
(
sigrdataset
,
sigclone
);
dns_rdataset_clone
(
nowild
rdataset
,
clone
);
dns_rdataset_clone
(
sig
nowild
rdataset
,
sigclone
);
/*
* Add NOWILDCARD proof.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment