]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: aa0976b)
make superfluous 'bind' NSEC3 record optional
authorKees Monshouwer <mind04@monshouwer.org>
Tue, 28 May 2013 08:04:34 +0000 (10:04 +0200)
committermind04 <mind04@monshouwer.org>
Tue, 28 May 2013 08:04:34 +0000 (10:04 +0200)
pdns/common_startup.cc patch | blob | history
pdns/common_startup.hh patch | blob | history
pdns/packethandler.cc patch | blob | history
pdns/pdns.conf-dist patch | blob | history

diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index ba8df88d2aac990efb0615459f093caa07f7ece3..044b38f7b3753b23e63c156f2019ab61b00e7023 100644 (file)
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -17,6 +17,7 @@
 */
 #include "common_startup.hh"
 bool g_anyToTcp;
+bool g_addSuperfluousNSEC3;
 typedef Distributor<DNSPacket,DNSPacket,PacketHandler> DNSDistributor;
 
 
@@ -141,6 +142,7 @@ void declareArguments()
 
   ::arg().setSwitch("traceback-handler","Enable the traceback handler (Linux only)")="yes";
   ::arg().setSwitch("experimental-direct-dnskey","EXPERIMENTAL: fetch DNSKEY RRs from backend during DNSKEY synthesis")="no";
+  ::arg().setSwitch("add-superfluous-nsec3-for-old-bind","Add superfluous NSEC3 record to positive wildcard response")="yes";
   ::arg().set("default-ksk-algorithms","Default KSK algorithms")="rsasha256";
   ::arg().set("default-ksk-size","Default KSK size (0 means default)")="0";
   ::arg().set("default-zsk-algorithms","Default ZSK algorithms")="rsasha256";
@@ -334,6 +336,7 @@ void mainthread()
      newuid=Utility::makeUidNumeric(::arg()["setuid"]); 
    
    g_anyToTcp = ::arg().mustDo("any-to-tcp");
+   g_addSuperfluousNSEC3 = ::arg().mustDo("add-superfluous-nsec3-for-old-bind");
    DNSPacket::s_doEDNSSubnetProcessing = ::arg().mustDo("edns-subnet-processing");
    
 #ifndef WIN32
diff --git a/pdns/common_startup.hh b/pdns/common_startup.hh
index 7138849417a5e1524551afe4cce3f6b469819ddb..95ef5f8cc0c1b164761421795a24d4935284587e 100644 (file)
--- a/pdns/common_startup.hh
+++ b/pdns/common_startup.hh
@@ -50,5 +50,6 @@ extern void mainthread();
 extern int isGuarded( char ** );
 
 extern bool g_anyToTcp;
+extern bool g_addSuperfluousNSEC3;
 
 #endif // COMMON_STARTUP_HH
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 549cac397ebb21f827e8e227ebb4e68a290294c3..5d6272b4a1d050997db5d941bf94089b72b4ccfb 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -603,7 +603,7 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
   // add matching NSEC3 RR
   // we used to skip this one for mode 3, but old BIND needs it
   // see https://github.com/PowerDNS/pdns/issues/814
-  // if (mode != 3) {
+  if (mode != 3 || g_addSuperfluousNSEC3) {
     unhashed=(mode == 0 || mode == 5) ? target : closest;
 
     hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
@@ -612,7 +612,7 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
     getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, false, unhashed, before, after);
     DLOG(L<<"Done calling for matching, hashed: '"<<toBase32Hex(hashed)<<"' before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl);
     emitNSEC3(ns3rc, sd, unhashed, before, after, target, r, mode);
-  // }
+  }
 
   // add covering NSEC3 RR
   if (mode != 0 && mode != 5) {
diff --git a/pdns/pdns.conf-dist b/pdns/pdns.conf-dist
index 2289a9bf845828d28d158ecdd5faf4a4d6361cf9..c512de9839a6ae78e0dd92aea12f81df4a378444 100644 (file)
--- a/pdns/pdns.conf-dist
+++ b/pdns/pdns.conf-dist
@@ -1,4 +1,9 @@
 # Autogenerated configuration file template
+#################################
+# add-superfluous-nsec3-for-old-bind   Add superfluous NSEC3 record to positive wildcard response
+#
+# add-superfluous-nsec3-for-old-bind=yes
+
 #################################
 # allow-axfr-ips       Allow zonetransfers only to these subnets
 #
Unnamed repository; edit this file 'description' to name the repository.