]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 915b3b5)
NSEC3 and related RRSIGS are not part of the dnstree
authorKees Monshouwer <mind04@monshouwer.org>
Thu, 12 Mar 2015 16:38:51 +0000 (17:38 +0100)
committermind04 <mind04@monshouwer.org>
Thu, 12 Mar 2015 19:02:06 +0000 (20:02 +0100)
pdns/packethandler.cc patch | blob | history
regression-tests/tests/nsec3-hash-query/command [new file with mode: 0755] patch | blob
regression-tests/tests/nsec3-hash-query/description [new file with mode: 0644] patch | blob
regression-tests/tests/nsec3-hash-query/expected_result [new file with mode: 0644] patch | blob

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 1ab5118a026266140f0d7a9504d5da5b424efc14..13da01b0d1e18005e78c360e3695f583fd303038 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -1177,12 +1177,10 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     weDone = weRedirected = weHaveUnauth =  false;
     
     while(B.get(rr)) {
-      if (p->qtype.getCode() == QType::ANY) {
-        if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
-          continue; // TODO: this actually means addRRSig should check if the RRSig is already there.
-        if (!p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
-          continue; // Don't send dnssec info to non validating resolvers.
-      }
+      if (p->qtype.getCode() == QType::ANY && !p->d_dnssecOk && (rr.qtype.getCode() == QType:: DNSKEY || rr.qtype.getCode() == QType::NSEC3PARAM))
+        continue; // Don't send dnssec info to non validating resolvers.
+      if (rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+        continue; // TODO: this actually means addRRSig should check if the RRSig is already there
 
       // cerr<<"Auth: "<<rr.auth<<", "<<(rr.qtype == p->qtype)<<", "<<rr.qtype.getName()<<endl;
       if((p->qtype.getCode() == QType::ANY || rr.qtype == p->qtype) && rr.auth) 
diff --git a/regression-tests/tests/nsec3-hash-query/command b/regression-tests/tests/nsec3-hash-query/command
new file mode 100755 (executable)
index 0000000..a41f17c
--- /dev/null
+++ b/regression-tests/tests/nsec3-hash-query/command
@@ -0,0 +1,2 @@
+#!/bin/sh
+cleandig vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com A
diff --git a/regression-tests/tests/nsec3-hash-query/description b/regression-tests/tests/nsec3-hash-query/description
new file mode 100644 (file)
index 0000000..4bc5b05
--- /dev/null
+++ b/regression-tests/tests/nsec3-hash-query/description
@@ -0,0 +1 @@
+NSEC3 hashes are no part of the dns tree.
diff --git a/regression-tests/tests/nsec3-hash-query/expected_result b/regression-tests/tests/nsec3-hash-query/expected_result
new file mode 100644 (file)
index 0000000..e178b01
--- /dev/null
+++ b/regression-tests/tests/nsec3-hash-query/expected_result
@@ -0,0 +1,3 @@
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.', qtype=A
Unnamed repository; edit this file 'description' to name the repository.