]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 10a4245)
rec: Set TC=1 if we had to omit part of the AUTHORITY section
authorRemi Gacogne <remi.gacogne@powerdns.com>
Thu, 5 Oct 2017 14:48:27 +0000 (16:48 +0200)
committerRemi Gacogne <remi.gacogne@powerdns.com>
Thu, 5 Oct 2017 14:48:27 +0000 (16:48 +0200)
The client might need them for validation purpose, for example, so
it needs to know the answer has been truncated.

pdns/pdns_recursor.cc patch | blob | history
regression-tests.recursor-dnssec/basicDNSSEC.py patch | blob | history

diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc
index 1875668f0b698aed75c458ac9b6d8d984e575cf9..01fc6e3415f0cf28024d46834c55dc03069ccb63 100644 (file)
--- a/pdns/pdns_recursor.cc
+++ b/pdns/pdns_recursor.cc
@@ -1123,11 +1123,10 @@ static void startDoResolve(void *p)
        i->d_content->toPacket(pw);
        if(pw.size() > static_cast<size_t>(maxanswersize)) {
          pw.rollback();
-         if(i->d_place==DNSResourceRecord::ANSWER)  // only truncate if we actually omitted parts of the answer
-            {
-              pw.getHeader()->tc=1;
-              pw.truncate();
-            }
+         if(i->d_place != DNSResourceRecord::ADDITIONAL) {
+            pw.getHeader()->tc=1;
+            pw.truncate();
+          }
          goto sendit; // need to jump over pw.commit
        }
        needCommit = true;
diff --git a/regression-tests.recursor-dnssec/basicDNSSEC.py b/regression-tests.recursor-dnssec/basicDNSSEC.py
index b8990ad85ea933ee0944003779b6084a0ed542c2..a630fac178c8fb5f1759ee7b1be8693fd2488a69 100644 (file)
--- a/regression-tests.recursor-dnssec/basicDNSSEC.py
+++ b/regression-tests.recursor-dnssec/basicDNSSEC.py
@@ -12,11 +12,13 @@ class BasicDNSSEC(RecursorTest):
         cls.wipeRecursorCache(confdir)
 
     @classmethod
-    def sendQuery(self, name, rdtype):
+    def sendQuery(self, name, rdtype, useTCP=False):
         """Helper function that creates the query"""
         msg = dns.message.make_query(name, rdtype, want_dnssec=True)
         msg.flags |= dns.flags.AD
 
+        if useTCP:
+            return self.sendTCPQuery(msg)
         return self.sendUDPQuery(msg)
 
     def testSecureAnswer(self):
@@ -101,7 +103,8 @@ class BasicDNSSEC(RecursorTest):
         self.assertMessageIsAuthenticated(res)
 
     def testSecureCNAMEWildCardNXDOMAIN(self):
-        res = self.sendQuery('something.cnamewildcardnxdomain.secure.example.', 'A')
+        # the answer to this query reaches the UDP truncation threshold, so let's use TCP
+        res = self.sendQuery('something.cnamewildcardnxdomain.secure.example.', 'A', useTCP=True)
         expectedCNAME = dns.rrset.from_text('something.cnamewildcardnxdomain.secure.example.', 0, dns.rdataclass.IN, 'CNAME', 'doesntexist.secure.example.')
 
         self.assertRcodeEqual(res, dns.rcode.NXDOMAIN)
Unnamed repository; edit this file 'description' to name the repository.