From: Kees Monshouwer Date: Fri, 21 Feb 2014 21:59:54 +0000 (+0100) Subject: bind-backend: fix ent generation for insecure delegations X-Git-Tag: rec-3.6.0-rc1~169^2~14 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=90f2748743a57aadb82c95e20f3b6c4a03982a2d;p=pdns bind-backend: fix ent generation for insecure delegations --- diff --git a/modules/bindbackend/bindbackend2.cc b/modules/bindbackend/bindbackend2.cc index eb8fbe98a..169232795 100644 --- a/modules/bindbackend/bindbackend2.cc +++ b/modules/bindbackend/bindbackend2.cc @@ -430,7 +430,7 @@ void Bind2Backend::parseZoneFile(shared_ptr staging, BB2DomainInfo *bbd) /** THIS IS AN INTERNAL FUNCTION! It does moadnsparser prio impedance matching This function adds a record to a domain with a certain id. Much of the complication is due to the efforts to benefit from std::string reference counting copy on write semantics */ -void Bind2Backend::insert(shared_ptr stage, int id, const string &qnameu, const QType &qtype, const string &content, int ttl, int prio, const std::string& hashed) +void Bind2Backend::insert(shared_ptr stage, int id, const string &qnameu, const QType &qtype, const string &content, int ttl, int prio, const std::string& hashed, bool *auth) { BB2DomainInfo bb2 = stage->id_zone_map[id]; Bind2DNSRecord bdr; @@ -468,8 +468,8 @@ void Bind2Backend::insert(shared_ptr stage, int id, const string &qnameu, bdr.nsec3hash = hashed; // cerr<<"qname '"< stage, int id, bool nse { BB2DomainInfo bb2 = stage->id_zone_map[id]; - bool doent=true; - set qnames, nonterm; - string qname, shorter, hashed; + bool auth, doent=true; + set qnames; + map nonterm; + string shorter, hashed; uint32_t maxent = ::arg().asNum("max-ent-entries"); BOOST_FOREACH(const Bind2DNSRecord& bdr, *bb2.d_records) - if (bdr.auth && (bdr.qtype != QType::RRSIG)) - qnames.insert(labelReverse(bdr.qname)); + qnames.insert(labelReverse(bdr.qname)); - BOOST_FOREACH(const string& qname, qnames) - { - shorter=qname; + BOOST_FOREACH(const Bind2DNSRecord& bdr, *bb2.d_records) { + shorter=labelReverse(bdr.qname); + + if (!bdr.auth && bdr.qtype == QType::NS) + auth=(!ns3pr.d_flags); + else + auth=bdr.auth; while(chopOff(shorter)) { @@ -679,8 +683,12 @@ void Bind2Backend::doEmptyNonTerminals(shared_ptr stage, int id, bool nse doent=false; break; } - nonterm.insert(shorter); - --maxent; + + if (!nonterm.count(shorter)) { + nonterm.insert(pair(shorter, auth)); + --maxent; + } else if (auth) + nonterm[shorter]=true; } } if(!doent) @@ -692,12 +700,13 @@ void Bind2Backend::doEmptyNonTerminals(shared_ptr stage, int id, bool nse rr.content=""; rr.ttl=0; rr.priority=0; - BOOST_FOREACH(const string& qname, nonterm) + pair nt; + BOOST_FOREACH(nt, nonterm) { - rr.qname=qname+"."+bb2.d_name+"."; + rr.qname=nt.first+"."+bb2.d_name+"."; if(nsec3zone) hashed=toBase32Hex(hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname)); - insert(stage, id, rr.qname, rr.qtype, rr.content, rr.ttl, rr.priority, hashed); + insert(stage, id, rr.qname, rr.qtype, rr.content, rr.ttl, rr.priority, hashed, &nt.second); } } diff --git a/modules/bindbackend/bindbackend2.hh b/modules/bindbackend/bindbackend2.hh index c0e1de796..713b3e426 100644 --- a/modules/bindbackend/bindbackend2.hh +++ b/modules/bindbackend/bindbackend2.hh @@ -177,7 +177,7 @@ public: }; void parseZoneFile(shared_ptr staging, BB2DomainInfo *bbd); - static void insert(shared_ptr stage, int id, const string &qname, const QType &qtype, const string &content, int ttl=300, int prio=25, const std::string& hashed=string()); + static void insert(shared_ptr stage, int id, const string &qname, const QType &qtype, const string &content, int ttl=300, int prio=25, const std::string& hashed=string(), bool *auth=0); void rediscover(string *status=0); bool isMaster(const string &name, const string &ip);