From dce1e90d4bfedd907263a925ad7a91c2358fb955 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Wed, 24 Sep 2014 00:34:09 +0200 Subject: [PATCH] DNAME don't sign the synthesised CNAME --- pdns/packethandler.cc | 1 + regression-tests/tests/dname/command | 2 +- regression-tests/tests/dname/expected_result | 2 ++ .../tests/dname/expected_result.dnssec | 32 +++++++++++++++++++ regression-tests/tests/dname/skip.nodnssec | 0 5 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 regression-tests/tests/dname/expected_result.dnssec delete mode 100644 regression-tests/tests/dname/skip.nodnssec diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 5f7046d71..f63617bf1 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -260,6 +260,7 @@ vector PacketHandler::getBestDNAMESynth(DNSPacket *p, SOAData rr.qtype = QType::CNAME; rr.qname = prefix + rr.qname; rr.content = prefix + rr.content; + rr.auth = 0; // don't sign CNAME target= rr.content; ret.push_back(rr); } diff --git a/regression-tests/tests/dname/command b/regression-tests/tests/dname/command index 1dc914771..44791ca9f 100755 --- a/regression-tests/tests/dname/command +++ b/regression-tests/tests/dname/command @@ -1,2 +1,2 @@ #!/bin/sh -cleandig www.d.test.com A +cleandig www.d.test.com A dnssec diff --git a/regression-tests/tests/dname/expected_result b/regression-tests/tests/dname/expected_result index 349055273..3ad4b3d26 100644 --- a/regression-tests/tests/dname/expected_result +++ b/regression-tests/tests/dname/expected_result @@ -13,6 +13,7 @@ 1 . IN NS 518400 k.root-servers.net. 1 . IN NS 518400 l.root-servers.net. 1 . IN NS 518400 m.root-servers.net. +2 . IN OPT 32768 2 a.root-servers.net. IN A 3600000 198.41.0.4 2 b.root-servers.net. IN A 3600000 192.228.79.201 2 c.root-servers.net. IN A 3600000 192.33.4.12 @@ -25,5 +26,6 @@ 2 j.root-servers.net. IN A 3600000 192.58.128.30 2 k.root-servers.net. IN A 3600000 193.0.14.129 2 l.root-servers.net. IN A 3600000 199.7.83.42 +2 m.root-servers.net. IN A 3600000 202.12.27.33 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 Reply to question for qname='www.d.test.com.', qtype=A diff --git a/regression-tests/tests/dname/expected_result.dnssec b/regression-tests/tests/dname/expected_result.dnssec new file mode 100644 index 000000000..dd5afec0d --- /dev/null +++ b/regression-tests/tests/dname/expected_result.dnssec @@ -0,0 +1,32 @@ +0 d.test.com. IN DNAME 3600 d2.test2.com. +0 d.test.com. IN RRSIG 3600 DNAME 8 3 3600 [expiry] [inception] [keytag] test.com. ... +0 www.d.test.com. IN CNAME 3600 www.d2.test2.com. +1 . IN NS 518400 a.root-servers.net. +1 . IN NS 518400 b.root-servers.net. +1 . IN NS 518400 c.root-servers.net. +1 . IN NS 518400 d.root-servers.net. +1 . IN NS 518400 e.root-servers.net. +1 . IN NS 518400 f.root-servers.net. +1 . IN NS 518400 g.root-servers.net. +1 . IN NS 518400 h.root-servers.net. +1 . IN NS 518400 i.root-servers.net. +1 . IN NS 518400 j.root-servers.net. +1 . IN NS 518400 k.root-servers.net. +1 . IN NS 518400 l.root-servers.net. +1 . IN NS 518400 m.root-servers.net. +2 . IN OPT 32768 +2 a.root-servers.net. IN A 3600000 198.41.0.4 +2 b.root-servers.net. IN A 3600000 192.228.79.201 +2 c.root-servers.net. IN A 3600000 192.33.4.12 +2 d.root-servers.net. IN A 3600000 199.7.91.13 +2 e.root-servers.net. IN A 3600000 192.203.230.10 +2 f.root-servers.net. IN A 3600000 192.5.5.241 +2 g.root-servers.net. IN A 3600000 192.112.36.4 +2 h.root-servers.net. IN A 3600000 128.63.2.53 +2 i.root-servers.net. IN A 3600000 192.36.148.17 +2 j.root-servers.net. IN A 3600000 192.58.128.30 +2 k.root-servers.net. IN A 3600000 193.0.14.129 +2 l.root-servers.net. IN A 3600000 199.7.83.42 +2 m.root-servers.net. IN A 3600000 202.12.27.33 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='www.d.test.com.', qtype=A diff --git a/regression-tests/tests/dname/skip.nodnssec b/regression-tests/tests/dname/skip.nodnssec deleted file mode 100644 index e69de29bb..000000000 -- 2.40.0