dnsdist: Fix RecordsTypeCountRule's handling of the # of records in a section

author Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 2 Jun 2017 12:52:14 +0000 (14:52 +0200)

committer Remi Gacogne <remi.gacogne@powerdns.com>

Fri, 2 Jun 2017 12:52:14 +0000 (14:52 +0200)
author Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 2 Jun 2017 12:52:14 +0000 (14:52 +0200)
committer Remi Gacogne <remi.gacogne@powerdns.com>
Fri, 2 Jun 2017 12:52:14 +0000 (14:52 +0200)
diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh

index a9cf5e50defce8bf03d2f0387bf36c64d9085d75..ccc37c28f1ebe26e281e3105e6752ddd6ef2ed78 100644 (file)
--- a/pdns/dnsrulactions.hh
+++ b/pdns/dnsrulactions.hh
@@ -491,7 +491,7 @@ public:
        count = ntohs(dq->dh->arcount);
        break;
      }
-    if (count < d_minCount || count > d_maxCount) {
+    if (count < d_minCount) {
        return false;
      }
      count = getRecordsOfTypeCount(reinterpret_cast<const char*>(dq->dh), dq->len, d_section, d_type);
diff --git a/regression-tests.dnsdist/test_RecordsCount.py b/regression-tests.dnsdist/test_RecordsCount.py

index 1193fdd4180f779328e7c79a3ace9b36c23b6cc9..cfd3d614bc067e2ffd2f883d62c5420a60f8f089 100644 (file)
--- a/regression-tests.dnsdist/test_RecordsCount.py
+++ b/regression-tests.dnsdist/test_RecordsCount.py
@@ -13,7 +13,7 @@ class TestRecordsCountOnlyOneAR(DNSDistTest):
  
      def testRecordsCountRefuseEmptyAR(self):
          """
-        RecordsCount: Refuse arcount == 0
+        RecordsCount: Refuse arcount == 0 (No OPT)
  
          Send a query to "refuseemptyar.recordscount.tests.powerdns.com.",
          check that we are getting a REFUSED response.
@@ -31,7 +31,7 @@ class TestRecordsCountOnlyOneAR(DNSDistTest):
  
      def testRecordsCountAllowOneAR(self):
          """
-        RecordsCount: Allow arcount == 1
+        RecordsCount: Allow arcount == 1 (OPT)
  
          Send a query to "allowonear.recordscount.tests.powerdns.com.",
          check that we are getting a valid response.
@@ -61,7 +61,7 @@ class TestRecordsCountOnlyOneAR(DNSDistTest):
  
      def testRecordsCountRefuseTwoAR(self):
          """
-        RecordsCount: Refuse arcount > 1
+        RecordsCount: Refuse arcount > 1 (OPT + a bogus additional record)
  
          Send a query to "refusetwoar.recordscount.tests.powerdns.com.",
          check that we are getting a REFUSED response.
@@ -284,3 +284,44 @@ class TestRecordsCountNoOPTInAR(DNSDistTest):
          receivedQuery.id = query.id
          self.assertEquals(query, receivedQuery)
          self.assertEquals(response, receivedResponse)
+
+    def testRecordsCountAllowTwoARButNoOPT(self):
+        """
+        RecordsTypeCount: Allow arcount > 1 without OPT
+
+        Send a query to "allowtwoarnoopt.recordscount.tests.powerdns.com.",
+        check that we are getting a valid response.
+        """
+        name = 'allowtwoarnoopt.recordscount.tests.powerdns.com.'
+        query = dns.message.make_query(name, 'A', 'IN')
+        query.additional.append(dns.rrset.from_text(name,
+                                                    3600,
+                                                    dns.rdataclass.IN,
+                                                    dns.rdatatype.A,
+                                                    '127.0.0.1'))
+        query.additional.append(dns.rrset.from_text(name,
+                                                    3600,
+                                                    dns.rdataclass.IN,
+                                                    dns.rdatatype.A,
+                                                    '127.0.0.1'))
+
+        response = dns.message.make_response(query)
+        response.answer.append(dns.rrset.from_text(name,
+                                                   3600,
+                                                   dns.rdataclass.IN,
+                                                   dns.rdatatype.A,
+                                                   '127.0.0.1'))
+
+        (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response)
+        self.assertTrue(receivedQuery)
+        self.assertTrue(receivedResponse)
+        receivedQuery.id = query.id
+        self.assertEquals(query, receivedQuery)
+        self.assertEquals(response, receivedResponse)
+
+        (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response)
+        self.assertTrue(receivedQuery)
+        self.assertTrue(receivedResponse)
+        receivedQuery.id = query.id
+        self.assertEquals(query, receivedQuery)
+        self.assertEquals(response, receivedResponse)
author	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 2 Jun 2017 12:52:14 +0000 (14:52 +0200)
committer	Remi Gacogne <remi.gacogne@powerdns.com>
	Fri, 2 Jun 2017 12:52:14 +0000 (14:52 +0200)
pdns/dnsrulactions.hh		patch \| blob \| history
regression-tests.dnsdist/test_RecordsCount.py		patch \| blob \| history