Libor Peltan
323f215e58
nameserver: avoid wildcard-expansion-by-compression trick on DNAME...
...
...as in that case the DNAME node owner differs from original qname
2023-09-19 11:22:55 +02:00
Libor Peltan
1e6d6b04af
tests/flags: add NULL record with empty rdata (just for fun)
2023-08-22 15:56:35 +02:00
Libor Peltan
0add240070
tests: make flags. zone readable by bind
2021-10-01 10:44:15 +02:00
Libor Peltan
60632709ed
nameserver: dont put additionals induced by additionals
2021-09-30 13:26:50 +02:00
Libor Peltan
1a22a8a4a0
bugfix: fix answering with opt-outed NSEC3 on empty-non-terminal
2021-08-31 09:18:10 +02:00
Daniel Salzman
e57e99fe7e
nameserver: correct owner of answered CNAME from wildcard expansion
...
fixes #715
2021-05-25 17:21:03 +02:00
Daniel Salzman
1f98f8dc18
nameserver: decrease maximum CNAME/DNAME chain length from 20 to 5
...
The reason for this change is to reduce possible amplification attacks and
other negative effects of long processing loops.
Also most resolvers don't accept multiple jumps without requerying, so this
change should be harmless.
2021-03-05 08:50:06 +01:00
Libor Peltan
06a319cab0
nameserver: allow applying one DNAME repeatedly (e.g. DNAME loop)
2021-03-05 08:50:06 +01:00
Libor Peltan
16a4d29578
nameserver: don't follow DNAME under delegation (NONAUTH node)
2021-01-14 13:33:18 +01:00
Libor Peltan
12f56116c1
nameserver: don't follow CNAME under delegation (NONAUTH node)
2021-01-14 12:57:55 +01:00
Daniel Salzman
599c4a9dbb
tests-extra: fix DNAME loop test case in basic/query
2020-12-21 14:47:58 +01:00
Libor Peltan
33324965ca
DNAME: synthesized CNAME might be perfect answer to CNAME query
2020-11-20 09:26:45 +01:00
Libor Peltan
ba77821d66
bugfix: NXDOMAIN authority SOA has TTL limited by minimum-ttl field
...
See https://tools.ietf.org/html/rfc2308#section-3
2020-02-29 20:10:41 +01:00
Libor Peltan
af0025424a
nameserver: limit processing depth of C/DNAME chain
2019-11-26 13:12:40 +01:00
Daniel Salzman
2f92f5894d
internet: solve DS query bellow a delegation point as a delegation
2017-11-18 20:30:02 +01:00
Daniel Salzman
9c42c1442c
tests-extra: update EDNS payload tests
2017-01-29 12:23:02 +01:00
Daniel Salzman
59d110fc4f
internet: skip empty non-terminal parents during delegation lookup
2016-10-25 14:20:58 +02:00
Jan Vcelak
e44e6b499e
tests-extra: fix query for a CNAME below NS
2015-07-09 15:40:35 +02:00
Lubos Slovak
76e84fc247
tests-extra: CNAME loop + fixed basic/query test.
...
- Test response with a long CNAME loop.
- Some queries in basic/query test did not have the zone name
appended, resulting in bogus answers (REFUSED). Not visible,
because the responses are only compared to ones from Bind.
TODO: Comparison with Bind should be replaced by checks for
particular requirements for the response.
2014-11-11 23:26:52 +01:00
Lubos Slovak
1b438a7e2c
Added some more test cases to basic tests.
2014-02-12 19:02:52 +01:00
Marek Vavrusa
2a73ac7973
AUTHORITY NS not added for CNAME loop or CNAME leading to out-of-zone
...
data.
This conforms to RFC1034, 4.3.2/pt 3.a I think,
as the CNAME target would lead us out of available zones.
(We don't support answer from multiple local zones as of now.)
2014-01-17 17:05:49 +01:00
Marek Vavrusa
4830b7ceaf
Discover wildcard-covered additional records for affected nodes.
...
This requires an additional passthrough of the adjusted nodes
and may pose a performance penalty in the future.
If that need arises, we could sort it out in a different way.
2014-01-15 18:28:36 +01:00
Marek Vavrusa
7e33916830
CNAME loop over wildcard is checked after RR is added.
...
This is to give requestor proof of the loop in single response.
Also added test for this case.
2014-01-15 18:28:36 +01:00
Marek Vavrusa
017e663977
Some records may not have additionals.
...
Added check + test case.
2014-01-15 14:26:48 +01:00
Daniel Salzman
5af6511582
func-tests: change location
2013-12-19 16:35:31 +01:00
