Commit 937690e4 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1574b] added check for the existence of NSEC3PARAM on loading NSEC3-signed zones

parent 97d02ec0
......@@ -342,6 +342,14 @@ Debug information. The content of master file is being loaded into the memory.
% DATASRC_MEM_NOT_FOUND requested domain '%1' not found
Debug information. The requested domain does not exist.
% DATASRC_MEM_NO_NSEC3PARAM NSEC3PARAM is missing for NSEC3-signed zone %1/%2
The in-memory data source has loaded a zone signed with NSEC3 RRs,
but it doesn't have a NSEC3PARAM RR at the zone origin. It's likely that
the zone is somehow broken, but this RR is not necessarily needed for
handling lookups with NSEC3 in this data source, so it accepts the given
content of the zone. Nevertheless the administrator should look into
the integrity of the zone data.
% DATASRC_MEM_NS_ENCOUNTERED encountered a NS
Debug information. While searching for the requested domain, a NS was
encountered on the way (a delegation). This may lead to stop of the search.
......
......@@ -917,11 +917,27 @@ InMemoryZoneFinder::load(const string& filename) {
arg(filename);
// Load it into temporary zone data
scoped_ptr<ZoneData> tmp(new ZoneData);
// Create the new origin node
DomainNode* origin_data;
tmp->domains_.insert(getOrigin(), &origin_data);
DomainPtr origin_domain(new Domain);
origin_data->setData(origin_domain);
masterLoad(filename.c_str(), getOrigin(), getClass(),
boost::bind(&InMemoryZoneFinderImpl::addFromLoad, impl_,
_1, tmp.get()));
// If the zone is NSEC3-signed, check if it has NSEC3PARAM
if (tmp->nsec3_data_ &&
origin_domain->find(RRType::NSEC3PARAM()) == origin_domain->end()) {
LOG_WARN(logger, DATASRC_MEM_NO_NSEC3PARAM).
arg(getOrigin()).arg(getClass());
}
// If it went well, put it inside
impl_->file_name_ = filename;
impl_->origin_data_ = origin_data;
tmp.swap(impl_->zone_data_);
// And let the old data die with tmp
}
......
......@@ -110,6 +110,8 @@ endif
EXTRA_DIST = testdata/brokendb.sqlite3
EXTRA_DIST += testdata/example.com.signed
EXTRA_DIST += testdata/example.org
EXTRA_DIST += testdata/example.org.nsec3-signed
EXTRA_DIST += testdata/example.org.nsec3-signed-noparam
EXTRA_DIST += testdata/example.org.sqlite3
EXTRA_DIST += testdata/example2.com
EXTRA_DIST += testdata/example2.com.sqlite3
......
......@@ -1543,6 +1543,13 @@ TEST_F(InMemoryZoneFinderTest, nonOriginNSEC3PARAM) {
"1 1 1 aabbccdd")));
}
// TODO
// - existence of NSEC3PARAM
TEST_F(InMemoryZoneFinderTest, loadNSEC3Zone) {
// Check if it can load validly NSEC3-signed zone. At this moment
// it's sufficient to see it doesn't crash
zone_finder_.load(TEST_DATA_DIR "/example.org.nsec3-signed");
// Reload the zone with a version that doesn't have NSEC3PARAM.
// This is an abnormal case, but the implementation accepts it.
zone_finder_.load(TEST_DATA_DIR "/example.org.nsec3-signed-noparam");
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment