From 6ded341a06edff94a87c4f61362d1f1235305098 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Tue, 29 Mar 2016 14:02:07 +0200 Subject: [PATCH] AXFR-out rectify: don't set odername for empty non-terminals only derived from glue --- pdns/tcpreceiver.cc | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc index 5107f376c..ef07a54cf 100644 --- a/pdns/tcpreceiver.cc +++ b/pdns/tcpreceiver.cc @@ -774,32 +774,52 @@ int TCPNameserver::doAXFR(const DNSName &target, shared_ptr q, int ou if(NSEC3Zone) { // ents are only required for NSEC3 zones uint32_t maxent = ::arg().asNum("max-ent-entries"); - map nonterm; + set nsec3set, nonterm; + for (auto &rr: rrs) { + bool skip=false; + DNSName shorter = rr.qname; + if (shorter != target && shorter.chopOff() && shorter != target) { + do { + if(nsset.count(shorter)) { + skip=true; + break; + } + } while(shorter.chopOff() && shorter != target); + } + shorter = rr.qname; + if(!skip && (rr.qtype.getCode() != QType::NS || !ns3pr.d_flags)) { + do { + if(!nsec3set.count(shorter)) { + nsec3set.insert(shorter); + } + } while(shorter != target && shorter.chopOff()); + } + } + for(DNSResourceRecord &rr : rrs) { DNSName shorter(rr.qname); while(shorter != target && shorter.chopOff()) { - if(!qnames.count(shorter)) { + if(!qnames.count(shorter) && !nonterm.count(shorter) && nsec3set.count(shorter)) { if(!(maxent)) { L<(shorter, rr.auth)); - --maxent; - } else if (rr.auth) - nonterm[shorter]=true; + nonterm.insert(shorter); + --maxent; } } } for(const auto& nt : nonterm) { DNSResourceRecord rr; - rr.qname=nt.first; + rr.qname=nt; rr.qtype="TYPE0"; - rr.auth=(nt.second || !ns3pr.d_flags); + rr.auth=true; rrs.push_back(rr); } } + + DLOG(for(const auto &rr: rrs) cerr<