From 8c949c5266f5b51f3e4264e0241f7bec8d454824 Mon Sep 17 00:00:00 2001
From: Peter van Dijk <peter.van.dijk@netherlabs.nl>
Date: Thu, 4 Oct 2012 07:09:11 +0000
Subject: [PATCH] make additional lookups smarter about trailing dots. make
 pdnssec error about trailing dots in names. make pdnssec warn about trailing
 dots in names inside content. strip dot from SRV hostnames during axfr.
 Patches by Ruben d'Arco. Fixes #289.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2748 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---
 pdns/packethandler.cc     |  8 ++------
 pdns/pdnssec.cc           | 24 ++++++++++++++++++------
 pdns/slavecommunicator.cc |  6 ++++--
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 1986dbf15..25fe56474 100644
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -362,15 +362,11 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
 
     vector<DNSResourceRecord> crrs;
 
-    for(vector<DNSResourceRecord *>::const_iterator i=arrs.begin();
-        i!=arrs.end();	++i) 
+    for(vector<DNSResourceRecord *>::const_iterator i=arrs.begin(); i!=arrs.end(); ++i) 
       crrs.push_back(**i);
 
     // we now have a copy, push_back on packet might reallocate!
-    for(vector<DNSResourceRecord>::const_iterator i=crrs.begin();
-        i!=crrs.end();
-        ++i) {
-      
+    for(vector<DNSResourceRecord>::const_iterator i=crrs.begin(); i!=crrs.end(); ++i) {
       if(r->d.aa && !i->qname.empty() && i->qtype.getCode()==QType::NS && !B.getSOA(i->qname,sd,p)) { // drop AA in case of non-SOA-level NS answer, except for root referral
         r->setA(false);
         //	i->d_place=DNSResourceRecord::AUTHORITY; // XXX FIXME
diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 3f4a7fc1a..fea7d5694 100644
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -270,7 +270,7 @@ int checkZone(DNSSECKeeper& dk, const std::string& zone)
   } 
   sd.db->list(zone, sd.domain_id);
   DNSResourceRecord rr;
-  uint64_t numrecords=0, numerrors=0;
+  uint64_t numrecords=0, numerrors=0, numwarnings=0;
   
   while(sd.db->get(rr)) {
     if(!rr.qtype.getCode())
@@ -283,20 +283,32 @@ int checkZone(DNSSECKeeper& dk, const std::string& zone)
     }
     
     if(rr.qtype.getCode() == QType::URL || rr.qtype.getCode() == QType::MBOXFW) {
-      cout<<"The recordtype "<<rr.qtype.getName()<<" for record '"<<rr.qname<<"' is no longer supported."<<endl;
+      cout<<"[Error] The recordtype "<<rr.qtype.getName()<<" for record '"<<rr.qname<<"' is no longer supported."<<endl;
       numerrors++;
       continue;
     }
       
+    if (rr.qname[rr.qname.size()-1] == '.') {
+      cout<<"[Error] Record '"<<rr.qname<<"' has a trailing dot. PowerDNS will ignore this record!"<<endl;
+      numerrors++;
+    }
+
+      
     if(rr.qtype.getCode() == QType::MX || rr.qtype.getCode() == QType::SRV) 
       rr.content = lexical_cast<string>(rr.priority)+" "+rr.content;
 
+    if ( (rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::SRV || rr.qtype.getCode() == QType::MX) &&
+         rr.content[rr.content.size()-1] == '.') {
+      cout<<"[Warning] The record "<<rr.qname<<" with type "<<rr.qtype.getName()<<" has a trailing dot in the content ("<<rr.content<<"). Your backend might not work well with this."<<endl;
+      numwarnings++;
+    }
+
     if(rr.qtype.getCode() == QType::TXT && !rr.content.empty() && rr.content[0]!='"')
       rr.content = "\""+rr.content+"\"";  
       
     if(rr.auth == 0 && rr.qtype.getCode()!=QType::NS && rr.qtype.getCode()!=QType::A && rr.qtype.getCode()!=QType::AAAA)
     {
-      cout<<"Following record is auth=0, run pdnssec rectify-zone?: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
+      cout<<"[Error] Following record is auth=0, run pdnssec rectify-zone?: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
       numerrors++;
     }
     try {
@@ -305,13 +317,13 @@ int checkZone(DNSSECKeeper& dk, const std::string& zone)
     }
     catch(std::exception& e) 
     {
-      cout<<"Following record had a problem: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
-      cout<<"Error was: "<<e.what()<<endl;
+      cout<<"[Error] Following record had a problem: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
+      cout<<"[Error] Error was: "<<e.what()<<endl;
       numerrors++;
     }
     numrecords++;
   }
-  cout<<"Checked "<<numrecords<<" records of '"<<zone<<"', "<<numerrors<<" errors"<<endl;
+  cout<<"Checked "<<numrecords<<" records of '"<<zone<<"', "<<numerrors<<" errors, "<<numwarnings<<" warnings."<<endl;
   return numerrors;
 }
 
diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
index eb4324fc5..aae39516a 100644
--- a/pdns/slavecommunicator.cc
+++ b/pdns/slavecommunicator.cc
@@ -158,8 +158,8 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
         return;
       }
     } else {
-		laddr.sin4.sin_family = 0;
-	}
+		  laddr.sin4.sin_family = 0;
+    }
 
     AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret,
 		(laddr.sin4.sin_family == 0) ? NULL : &laddr);
@@ -208,6 +208,8 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
         }
         
         i->domain_id=domain_id;
+        if (i->qtype.getCode() == QType::SRV)
+          i->content = stripDot(i->content);
 #if 0
         if(i->qtype.getCode()>=60000)
           throw DBException("Database can't store unknown record type "+lexical_cast<string>(i->qtype.getCode()-1024));
-- 
2.50.0