From: Remi Gacogne Date: Fri, 2 Jun 2017 12:52:14 +0000 (+0200) Subject: dnsdist: Fix RecordsTypeCountRule's handling of the # of records in a section X-Git-Tag: rec-4.1.0-alpha1~70^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=65fc9d08ba61c3244d5e87d5a1b1c6ae016b0f01;p=pdns dnsdist: Fix RecordsTypeCountRule's handling of the # of records in a section --- diff --git a/pdns/dnsrulactions.hh b/pdns/dnsrulactions.hh index a9cf5e50d..ccc37c28f 100644 --- a/pdns/dnsrulactions.hh +++ b/pdns/dnsrulactions.hh @@ -491,7 +491,7 @@ public: count = ntohs(dq->dh->arcount); break; } - if (count < d_minCount || count > d_maxCount) { + if (count < d_minCount) { return false; } count = getRecordsOfTypeCount(reinterpret_cast(dq->dh), dq->len, d_section, d_type); diff --git a/regression-tests.dnsdist/test_RecordsCount.py b/regression-tests.dnsdist/test_RecordsCount.py index 1193fdd41..cfd3d614b 100644 --- a/regression-tests.dnsdist/test_RecordsCount.py +++ b/regression-tests.dnsdist/test_RecordsCount.py @@ -13,7 +13,7 @@ class TestRecordsCountOnlyOneAR(DNSDistTest): def testRecordsCountRefuseEmptyAR(self): """ - RecordsCount: Refuse arcount == 0 + RecordsCount: Refuse arcount == 0 (No OPT) Send a query to "refuseemptyar.recordscount.tests.powerdns.com.", check that we are getting a REFUSED response. @@ -31,7 +31,7 @@ class TestRecordsCountOnlyOneAR(DNSDistTest): def testRecordsCountAllowOneAR(self): """ - RecordsCount: Allow arcount == 1 + RecordsCount: Allow arcount == 1 (OPT) Send a query to "allowonear.recordscount.tests.powerdns.com.", check that we are getting a valid response. @@ -61,7 +61,7 @@ class TestRecordsCountOnlyOneAR(DNSDistTest): def testRecordsCountRefuseTwoAR(self): """ - RecordsCount: Refuse arcount > 1 + RecordsCount: Refuse arcount > 1 (OPT + a bogus additional record) Send a query to "refusetwoar.recordscount.tests.powerdns.com.", check that we are getting a REFUSED response. @@ -284,3 +284,44 @@ class TestRecordsCountNoOPTInAR(DNSDistTest): receivedQuery.id = query.id self.assertEquals(query, receivedQuery) self.assertEquals(response, receivedResponse) + + def testRecordsCountAllowTwoARButNoOPT(self): + """ + RecordsTypeCount: Allow arcount > 1 without OPT + + Send a query to "allowtwoarnoopt.recordscount.tests.powerdns.com.", + check that we are getting a valid response. + """ + name = 'allowtwoarnoopt.recordscount.tests.powerdns.com.' + query = dns.message.make_query(name, 'A', 'IN') + query.additional.append(dns.rrset.from_text(name, + 3600, + dns.rdataclass.IN, + dns.rdatatype.A, + '127.0.0.1')) + query.additional.append(dns.rrset.from_text(name, + 3600, + dns.rdataclass.IN, + dns.rdatatype.A, + '127.0.0.1')) + + response = dns.message.make_response(query) + response.answer.append(dns.rrset.from_text(name, + 3600, + dns.rdataclass.IN, + dns.rdatatype.A, + '127.0.0.1')) + + (receivedQuery, receivedResponse) = self.sendUDPQuery(query, response) + self.assertTrue(receivedQuery) + self.assertTrue(receivedResponse) + receivedQuery.id = query.id + self.assertEquals(query, receivedQuery) + self.assertEquals(response, receivedResponse) + + (receivedQuery, receivedResponse) = self.sendTCPQuery(query, response) + self.assertTrue(receivedQuery) + self.assertTrue(receivedResponse) + receivedQuery.id = query.id + self.assertEquals(query, receivedQuery) + self.assertEquals(response, receivedResponse)