]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8b63f61)
auth: make sure all qnames entering pdns via axfr are properly lowered
authorKees Monshouwer <mind04@monshouwer.org>
Mon, 12 Jun 2017 19:21:03 +0000 (21:21 +0200)
committermind04 <mind04@monshouwer.org>
Mon, 12 Jun 2017 19:21:03 +0000 (21:21 +0200)
pdns/lua-auth4.cc patch | blob | history
pdns/slavecommunicator.cc patch | blob | history

diff --git a/pdns/lua-auth4.cc b/pdns/lua-auth4.cc
index a14c12b3fbfd3d31a95dd251bee68b5910f32409..999597054911066a79936086a8bc58d47a9613b0 100644 (file)
--- a/pdns/lua-auth4.cc
+++ b/pdns/lua-auth4.cc
@@ -251,7 +251,7 @@ bool AuthLua4::axfrfilter(const ComboAddress& remote, const DNSName& zone, const
       if (col.first == "qtype")
         rec.qtype = QType(boost::get<unsigned int>(col.second));
       else if (col.first == "qname")
-        rec.qname = DNSName(boost::get<std::string>(col.second));
+        rec.qname = DNSName(boost::get<std::string>(col.second)).makeLowerCase();
       else if (col.first == "ttl")
         rec.ttl = boost::get<unsigned int>(col.second);
       else if (col.first == "content")
diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index ac676686cddaa1b67f1505a77f0a650149986442..f89313d6daf7b484fd1efaccfc9114dfda48026e 100644 (file)
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -201,7 +201,7 @@ static bool processRecordForZS(const DNSName& domain, bool& firstNSEC3, DNSResou
       throw PDNSException("Zones with a mixture of Opt-Out NSEC3 RRs and non-Opt-Out NSEC3 RRs are not supported.");
     zs.optOutFlag = ns3rc.d_flags & 1;
     if (ns3rc.d_set.count(QType::NS) && !(rr.qname==domain)) {
-      DNSName hashPart = rr.qname.makeRelative(domain).makeLowerCase();
+      DNSName hashPart = rr.qname.makeRelative(domain);
       zs.secured.insert(hashPart);
     }
     return false;
@@ -249,6 +249,7 @@ static vector<DNSResourceRecord> doAxfr(const ComboAddress& raddr, const DNSName
     }
 
     for(Resolver::res_t::iterator i=recs.begin();i!=recs.end();++i) {
+      i->qname.makeUsLowerCase();
       if(i->qtype.getCode() == QType::OPT || i->qtype.getCode() == QType::TSIG) // ignore EDNS0 & TSIG
         continue;
 
@@ -397,7 +398,7 @@ void CommunicatorClass::suck(const DNSName &domain, const string &remote)
           rrs.reserve(axfr.size());
           for(const auto& dr : axfr) {
             auto rr = DNSResourceRecord::fromWire(dr);
-            rr.qname += domain;
+            (rr.qname += domain).makeUsLowerCase();
             rr.domain_id = zs.domain_id;
             if(!processRecordForZS(domain, firstNSEC3, rr, zs))
               continue;
Unnamed repository; edit this file 'description' to name the repository.