From: Pieter Lexis Date: Fri, 16 Dec 2016 14:24:13 +0000 (+0100) Subject: rec: only delegate if NS's are below apex in auth-zones X-Git-Tag: dnsdist-1.1.0~13^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=221a3f72e117a0e0fdf9e4fedf237a8e6526d145;p=pdns rec: only delegate if NS's are below apex in auth-zones As: 1. we **are** authoritative for the zone named at the apex 2. We would servfail because we could get an upward referral Closes #4771 --- diff --git a/pdns/syncres.cc b/pdns/syncres.cc index c5e9d46a0..5144f1e1f 100644 --- a/pdns/syncres.cc +++ b/pdns/syncres.cc @@ -210,7 +210,7 @@ bool SyncRes::doOOBResolve(const DNSName &qname, const QType &qtype, vectord_type==qtype.getCode() || ziter->d_type==QType::CNAME) // let rest of nameserver do the legwork on this one ret.push_back(*ziter); - else if(ziter->d_type == QType::NS) { // we hit a delegation point! + else if(ziter->d_type == QType::NS && ziter->d_name.countLabels() > authdomain.countLabels()) { // we hit a delegation point! DNSRecord dr=*ziter; dr.d_place=DNSResourceRecord::AUTHORITY; ret.push_back(dr); diff --git a/regression-tests.recursor/auth-zones/command b/regression-tests.recursor/auth-zones/command index 3fee7965a..46d061e40 100755 --- a/regression-tests.recursor/auth-zones/command +++ b/regression-tests.recursor/auth-zones/command @@ -3,3 +3,5 @@ cleandig host1.auth-zone.example.net. AAAA | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0 cleandig host2.auth-zone.example.net. A | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/' cleandig host3.auth-zone.example.net. A | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/' cleandig you-are.wild.auth-zone.example.net. TXT | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/' +# Non-existing QTYPE at the apex +cleandig auth-zone.example.net. TXT | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/' diff --git a/regression-tests.recursor/auth-zones/expected_result b/regression-tests.recursor/auth-zones/expected_result index 7ffc4a62b..49b5b5aaa 100644 --- a/regression-tests.recursor/auth-zones/expected_result +++ b/regression-tests.recursor/auth-zones/expected_result @@ -15,3 +15,6 @@ Reply to question for qname='host3.auth-zone.example.net.', qtype=A 0 you-are.wild.auth-zone.example.net. IN TXT 3600 "Hi there!" Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 Reply to question for qname='you-are.wild.auth-zone.example.net.', qtype=TXT +1 auth-zone.example.net. IN SOA 3600 ns.example.net. hostmaster.example.net. 1 3600 1800 1209600 300 +Rcode: 0 (No Error), RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0 +Reply to question for qname='auth-zone.example.net.', qtype=TXT