Commit d31740ce authored by Scott Mann's avatar Scott Mann
Browse files

Fixed DNSKEY NODATA responses not cached (RT #22908).

parent c2113136
3047. [bug] DNSKEY NODATA responses not cached fixed in
validator.c. Tests added to dnssec system test.
[RT #22908]
3046. [bug] Use RRSIG original TTL to compute validated RRset
and RRSIG TTL. [RT #23332]
......
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.79 2011/02/28 14:21:35 fdupont Exp $
# $Id: tests.sh,v 1.80 2011/03/01 14:40:39 smann Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -1204,5 +1204,25 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking dnskey query with no data still gets put in cache ($n)"
ret=0
myDIGOPTS="+noadd +nosea +nostat +noquest +nocomm +nocmd -p 5300 @10.53.0.4"
firstVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'`
sleep 1
secondVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'`
if [ $firstVal -eq $secondVal ]
then
sleep 1
thirdVal=`$DIG $myDIGOPTS insecure.example. dnskey|awk '{ print $2 }'`
if [ $firstVal -eq $thirdVal ]
then
echo "I: cannot confirm query answer still in cache"
ret=1
fi
fi
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: validator.c,v 1.199 2011/02/28 14:21:35 fdupont Exp $ */
/* $Id: validator.c,v 1.200 2011/03/01 14:40:39 smann Exp $ */
#include <config.h>
......@@ -3040,13 +3040,11 @@ validate_authority(dns_validator_t *val, isc_boolean_t resume) {
* infinite loop. Avoid that.
*/
if (val->event->type == dns_rdatatype_dnskey &&
rdataset->type == dns_rdatatype_nsec &&
dns_name_equal(name, val->event->name))
{
dns_rdata_t nsec = DNS_RDATA_INIT;
if (rdataset->type != dns_rdatatype_nsec)
continue;
result = dns_rdataset_first(rdataset);
if (result != ISC_R_SUCCESS)
return (result);
......@@ -3120,13 +3118,11 @@ validate_ncache(dns_validator_t *val, isc_boolean_t resume) {
* infinite loop. Avoid that.
*/
if (val->event->type == dns_rdatatype_dnskey &&
rdataset->type == dns_rdatatype_nsec &&
dns_name_equal(name, val->event->name))
{
dns_rdata_t nsec = DNS_RDATA_INIT;
if (rdataset->type != dns_rdatatype_nsec)
continue;
result = dns_rdataset_first(rdataset);
if (result != ISC_R_SUCCESS)
return (result);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment