Commit b56bd9b5 authored by Mark Andrews's avatar Mark Andrews

4387. [bug] Change 4336 was not complete leading to SERVFAIL

                        being return as NS records expired. [RT #42683]
parent 96beefd7
4387. [bug] Change 4336 was not complete leading to SERVFAIL
being return as NS records expired. [RT #42683]
4386. [bug] Remove shadowed overmem function/variable. [RT #42706]
4385. [func] Add support for allow-query and allow-transfer ACLs
......
......@@ -23,4 +23,7 @@ ns2.example. A 10.53.0.2
example. NS ns4.example.
ns4.example. A 10.53.0.4
increment. NS incrementns.
incrementns A 10.53.0.5
incrementns. A 10.53.0.5
tld. NS ns2.tld.
ns2.tld. A 10.53.0.2
/*
* Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -35,3 +35,7 @@ zone "example" {
file "example.db";
};
zone "tld" {
type master;
file "tld.db";
};
; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$TTL 1
@ 300 SOA ns2.tld. hostmaster.ns2.tld. 0 1 1 1 1
@ 300 NS ns2.tld.
ns2 300 A 10.53.0.2
;
; The TTL of these delegation records needs to 1.
;
one 1 NS ns4.one.tld.
ns4.one 1 A 10.53.0.4
/*
* Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2013, 2016 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
......@@ -36,3 +36,7 @@ zone "example" {
file "example.bk";
};
zone "one.tld" {
type master;
file "one.tld.db";
};
; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
$TTL 1
; The TTL of all these records needs to be 1.
@ 1 SOA ns4.one.tld. hostmaster.ns4.tld. 0 1 1 1 1
@ 1 NS ns4.one.tld.
ns4 1 A 10.53.0.4
www 1 A 10.53.0.4
......@@ -16,7 +16,10 @@ SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
echo "I:check lookups against zero TTL records"
n=0
n=`expr $n + 1`
echo "I:check lookups against TTL=0 records ($n)"
i=0
passes=10
$DIG -p 5300 @10.53.0.2 axfr example |
......@@ -24,19 +27,19 @@ awk '$2 == "0" { print "-q", $1, $4; print "-q", "zzz"$1, $4;}' > query.list
while [ $i -lt $passes ]
do
ret=0
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.1 &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.2 &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.3 &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.4 &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.5 &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.6 &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.1.test$n &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.2.test$n &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.3.test$n &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.4.test$n &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.5.test$n &
$DIG -p 5300 @10.53.0.3 -f query.list > dig.out$i.6.test$n &
wait
grep "status: SERVFAIL" dig.out$i.1 && ret=1
grep "status: SERVFAIL" dig.out$i.2 && ret=1
grep "status: SERVFAIL" dig.out$i.3 && ret=1
grep "status: SERVFAIL" dig.out$i.5 && ret=1
grep "status: SERVFAIL" dig.out$i.6 && ret=1
grep "status: SERVFAIL" dig.out$i.6 && ret=1
grep "status: SERVFAIL" dig.out$i.1.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.2.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.3.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.4.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.5.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.6.test$n && ret=1
[ $ret = 1 ] && break
i=`expr $i + 1`
echo "I: successfully completed pass $i of $passes"
......@@ -44,7 +47,8 @@ done
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check repeated recursive lookups of non recurring zero ttl responses get new values"
n=`expr $n + 1`
echo "I:check repeated recursive lookups of non recurring TTL=0 responses get new values ($n)"
count=`(
$DIG +short -p 5300 @10.53.0.3 foo.increment
$DIG +short -p 5300 @10.53.0.3 foo.increment
......@@ -57,5 +61,32 @@ $DIG +short -p 5300 @10.53.0.3 foo.increment
if [ $count -ne 7 ] ; then echo "I:failed (count=$count)"; ret=1; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:check lookups against TTL=1 records ($n)"
i=0
passes=10
while [ $i -lt $passes ]
do
ret=0
$DIG -p 5300 @10.53.0.3 www.one.tld > dig.out$i.1.test$n
$DIG -p 5300 @10.53.0.3 www.one.tld > dig.out$i.2.test$n
$DIG -p 5300 @10.53.0.3 www.one.tld > dig.out$i.3.test$n
$DIG -p 5300 @10.53.0.3 www.one.tld > dig.out$i.4.test$n
$DIG -p 5300 @10.53.0.3 www.one.tld > dig.out$i.5.test$n
$DIG -p 5300 @10.53.0.3 www.one.tld > dig.out$i.6.test$n
grep "status: SERVFAIL" dig.out$i.1.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.2.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.3.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.4.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.5.test$n && ret=1
grep "status: SERVFAIL" dig.out$i.6.test$n && ret=1
[ $ret = 1 ] && break
i=`expr $i + 1`
echo "I: successfully completed pass $i of $passes"
$PERL -e 'select(undef, undef, undef, 0.3);'
done
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -530,6 +530,10 @@ struct acachectl {
#define ZEROTTL(header) \
(((header)->attributes & RDATASET_ATTR_ZEROTTL) != 0)
#define ACTIVE(header, now) \
(((header)->rdh_ttl > (now)) || \
((header)->rdh_ttl == (now) && ZEROTTL(header)))
#define DEFAULT_NODE_LOCK_COUNT 7 /*%< Should be prime. */
/*%
......@@ -4588,8 +4592,7 @@ check_stale_rdataset(dns_rbtnode_t *node, rdatasetheader_t *header,
UNUSED(lock);
#endif
if (header->rdh_ttl < search->now ||
(header->rdh_ttl == search->now && !ZEROTTL(header))) {
if (!ACTIVE(header, search->now)) {
/*
* This rdataset is stale. If no one else is using the
* node, we can clean it up right now, otherwise we mark
......@@ -5795,7 +5798,7 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
for (header = rbtnode->data; header != NULL; header = header_next) {
header_next = header->next;
if (header->rdh_ttl < now) {
if (!ACTIVE(header, now)) {
if ((header->rdh_ttl < now - RBTDB_VIRTUAL) &&
(locktype == isc_rwlocktype_write ||
NODE_TRYUPGRADE(lock) == ISC_R_SUCCESS)) {
......@@ -6119,7 +6122,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
}
}
if (topheader != NULL && EXISTS(topheader) &&
topheader->rdh_ttl >= now) {
ACTIVE(topheader, now)) {
/*
* Found one.
*/
......@@ -6184,7 +6187,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* has no effect, provided that the cache data isn't stale.
*/
if (rbtversion == NULL && trust < header->trust &&
(header->rdh_ttl >= now || header_nx)) {
(ACTIVE(header, now) || header_nx)) {
free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
if (addedrdataset != NULL)
bind_rdataset(rbtdb, rbtnode, header, now,
......@@ -6258,7 +6261,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* Don't lower trust of existing record if the
* update is forced.
*/
if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
!header_nx && !newheader_nx &&
header->trust >= newheader->trust &&
......@@ -6294,7 +6297,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
* to be no more than the current NS RRset's TTL. This
* ensures the delegations that are withdrawn are honoured.
*/
if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
header->type == dns_rdatatype_ns &&
!header_nx && !newheader_nx &&
header->trust <= newheader->trust) {
......@@ -6302,7 +6305,7 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
newheader->rdh_ttl = header->rdh_ttl;
}
}
if (IS_CACHE(rbtdb) && header->rdh_ttl >= now &&
if (IS_CACHE(rbtdb) && ACTIVE(header, now) &&
(options & DNS_DBADD_PREFETCH) == 0 &&
(header->type == dns_rdatatype_a ||
header->type == dns_rdatatype_aaaa ||
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment