upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-02-25 02:42:33 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

3262. [bug] Signed responses were handled incorrectly by RPZ.

Browse source 
[RT #27316]
This commit is contained in:
Evan Hunt 2012-01-07 00:19:59 +00:00
parent 3c84f6fd82
commit c19cfefe7e
8 changed files with 33 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
CHANGES
View file

@ -1,3 +1,6 @@
3262. [bug] Signed responses were handled incorrectly by RPZ.
[RT #27316]
3261. [func] RRset ordering now defaults to random. [RT #27174]
3260. [bug] "rrset-order cyclic" could appear not to rotate

4
bin/named/query.c
View file

@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.380 2012/01/04 23:46:49 tbox Exp $ */
/* $Id: query.c,v 1.381 2012/01/07 00:19:59 each Exp $ */
/*! \file */
@ -5659,6 +5659,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
if (!ISC_LIST_EMPTY(client->view->rpz_zones) &&
RECURSIONOK(client) && !RECURSING(client) &&
(!WANTDNSSEC(client) || sigrdataset == NULL ||
!dns_rdataset_isassociated(sigrdataset)) &&
(client->query.rpz_st == NULL ||
(client->query.rpz_st->state & DNS_RPZ_REWRITTEN) == 0) &&
!dns_name_equal(client->query.qname, dns_rootname)) {

4
bin/tests/system/rpz/clean.sh
View file

@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.4 2011/10/13 01:32:32 vjs Exp $
# $Id: clean.sh,v 1.5 2012/01/07 00:19:59 each Exp $
# Clean up after rpz tests.
@ -20,3 +20,5 @@
rm -f proto.* dig.out* nsupdate.tmp
rm -f */named.memstats */named.run */named.rpz */session.key
rm -f ns3/bl*.db */*.jnl */*.core */*.pid
rm -f ns2/signed-tld2.db
rm -f ns2/K*.private ns2/K*.key dsset-*

7
bin/tests/system/rpz/ns1/root.db
View file

@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: root.db,v 1.4 2011/10/13 01:32:33 vjs Exp $
; $Id: root.db,v 1.5 2012/01/07 00:19:59 each Exp $
$TTL 120
@ SOA ns. hostmaster.ns. ( 1 3600 1200 604800 60 )
@ -25,6 +25,11 @@ tld2. NS ns.tld2.
ns.tld2. A 10.53.0.2
ns2.tld2. A 10.53.0.2
; rewrite responses from this zone unless dnssec requested
signed-tld2. NS ns.signed-tld2.
ns.signed-tld2. A 10.53.0.2
ns2.signed-tld2. A 10.53.0.2
; requests come from here
tld3. NS ns.tld3.
ns.tld3. A 10.53.0.3

3
bin/tests/system/rpz/ns2/named.conf
View file

@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.4 2011/10/13 01:32:33 vjs Exp $ */
/* $Id: named.conf,v 1.5 2012/01/07 00:19:59 each Exp $ */
controls { /* empty */ };
@ -40,3 +40,4 @@ zone "sub2.tld2." {type master; file "tld2.db";};
zone "subsub.sub2.tld2." {type master; file "tld2.db";};
zone "sub3.tld2." {type master; file "tld2.db";};
zone "subsub.sub3.tld2." {type master; file "tld2.db";};
zone "signed-tld2." {type master; file "signed-tld2.db";};

11
bin/tests/system/rpz/setup.sh
View file

@ -14,11 +14,18 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.4 2011/10/13 01:32:32 vjs Exp $
# $Id: setup.sh,v 1.5 2012/01/07 00:19:59 each Exp $
sh clean.sh
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
. ./clean.sh
# NO-OP is an obsolete synonym for PASSHTRU
for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden; do
sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
done
../../../tools/genrandom 400 random.data
$KEYGEN -Kns2 -q -r random.data -3 signed-tld2. > /dev/null 2>&1
$KEYGEN -Kns2 -q -r random.data -3fk signed-tld2. > /dev/null 2>&1
$SIGNER -S -Kns2 -o signed-tld2. -f ns2/signed-tld2.db ns2/tld2.db > /dev/null 2>&1

3
bin/tests/system/rpz/test1
View file

@ -12,7 +12,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: test1,v 1.7 2011/10/28 11:46:49 marka Exp $
; $Id: test1,v 1.8 2012/01/07 00:19:59 each Exp $
; Use comment lines instead of blank lines to combine update requests into
@ -26,6 +26,7 @@ server 10.53.0.3 5300
; NXDOMAIN
update add a0-1.tld2.bl. 300 CNAME .
update add a0-1.signed-tld2.bl. 300 CNAME .
;
; NODATA
update add a3-1.tld2.bl. 300 CNAME *.

6
bin/tests/system/rpz/tests.sh
View file

@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.10 2011/11/18 19:32:13 each Exp $
# $Id: tests.sh,v 1.11 2012/01/07 00:19:59 each Exp $
# test response policy zones (RPZ)
@ -215,6 +215,10 @@ addr 57.57.57.57 a3-7.sub1.tld2 # 15 wildcard CNAME
addr 127.0.0.16 a4-5-cname3.tld2 # 16 CNAME chain
addr 127.0.0.17 a4-6-cname3.tld2 # 17 stop short in CNAME chain
nxdomain c1.crash2.tld3 # 18 assert in rbtdb.c
nochange a0-1.tld2 +norecurse
nxdomain a0-1.tld2 +dnssec
nxdomain a0-1.signed-tld2
nochange a0-1.signed-tld2 +dnssec
end_group
start_group "IP rewrites" test2