Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672 #973

Merged
merged 1 commit into from Dec 8, 2023
Merged

Use the origin (DNAME) TTL for synthesized CNAMEs as per RFC 6672 #973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 2 additions & 1 deletion iterator/iter_scrub.c
View file
Open in desktop
Expand Up @@ -283,7 +283,8 @@ synth_cname_rrset(uint8_t** sname, size_t* snamelen, uint8_t* alias,
sizeof(uint32_t)+sizeof(uint16_t)+aliaslen);
if(!cn->rr_first->ttl_data)
return NULL;
sldns_write_uint32(cn->rr_first->ttl_data, 0); /* TTL = 0 */
memmove(cn->rr_first->ttl_data, rrset->rr_first->ttl_data,
sizeof(uint32_t)); /* RFC6672: synth CNAME TTL == DNAME TTL */
sldns_write_uint16(cn->rr_first->ttl_data+4, aliaslen);
memmove(cn->rr_first->ttl_data+6, alias, aliaslen);
cn->rr_first->size = sizeof(uint16_t)+aliaslen;
Expand Down
2 changes: 1 addition & 1 deletion services/authzone.c
View file
Open in desktop
Expand Up @@ -2702,7 +2702,7 @@ create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,
if(!d)
return 0; /* out of memory */
(*cname)->entry.data = d;
d->ttl = 0; /* 0 for synthesized CNAME TTL */
d->ttl = dname->data->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */
d->count = 1;
d->rrsig_count = 0;
d->trust = rrset_trust_ans_noAA;
Expand Down
2 changes: 1 addition & 1 deletion services/cache/dns.c
View file
Open in desktop
Expand Up @@ -796,7 +796,7 @@ synth_dname_msg(struct ub_packed_rrset_key* rrset, struct regional* region,
if(!newd)
return NULL;
ck->entry.data = newd;
newd->ttl = 0; /* 0 for synthesized CNAME TTL */
newd->ttl = d->ttl; /* RFC6672: synth CNAME TTL == DNAME TTL */
newd->count = 1;
newd->rrsig_count = 0;
newd->trust = rrset_trust_ans_noAA;
Expand Down
6 changes: 4 additions & 2 deletions services/localzone.c
View file
Open in desktop
Expand Up @@ -1532,7 +1532,7 @@ local_data_answer(struct local_zone* z, struct module_env* env,
return 0; /* invalid cname */
if(dname_is_wild(ctarget)) {
/* synthesize cname target */
struct packed_rrset_data* d;
struct packed_rrset_data* d, *lr_d;
/* -3 for wildcard label and root label from qname */
size_t newtargetlen = qinfo->qname_len + ctargetlen - 3;

Expand Down Expand Up @@ -1560,8 +1560,10 @@ local_data_answer(struct local_zone* z, struct module_env* env,
+ newtargetlen);
if(!d)
return 0; /* out of memory */
lr_d = (struct packed_rrset_data*)lr->rrset->entry.data;
qinfo->local_alias->rrset->entry.data = d;
d->ttl = 0; /* 0 for synthesized CNAME TTL */
d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior:
synth CNAME TTL uses original TTL*/
d->count = 1;
d->rrsig_count = 0;
d->trust = rrset_trust_ans_noAA;
Expand Down
16 changes: 8 additions & 8 deletions testcode/unitauth.c
View file
Open in desktop
Expand Up @@ -279,14 +279,14 @@ static struct q_ans example_com_queries[] = {
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
"abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n"
"abc.redir.example.com. 3600 IN CNAME abc.redir.example.org.\n"
},

{ "example.com", "foo.abc.redir.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir.example.com. 3600 IN DNAME redir.example.org.\n"
"foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n"
"foo.abc.redir.example.com. 3600 IN CNAME foo.abc.redir.example.org.\n"
},

{ "example.com", "redir2.example.com. DNAME", "",
Expand All @@ -299,42 +299,42 @@ static struct q_ans example_com_queries[] = {
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"abc.redir2.example.com. 0 IN CNAME abc.redir2.example.org.\n"
"abc.redir2.example.com. 3600 IN CNAME abc.redir2.example.org.\n"
},

{ "example.com", "obscured.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"obscured.redir2.example.com. 0 IN CNAME obscured.redir2.example.org.\n"
"obscured.redir2.example.com. 3600 IN CNAME obscured.redir2.example.org.\n"
},

{ "example.com", "under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"under2.redir2.example.com. 0 IN CNAME under2.redir2.example.org.\n"
"under2.redir2.example.com. 3600 IN CNAME under2.redir2.example.org.\n"
},

{ "example.com", "doubleobscured.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"doubleobscured.under2.redir2.example.com. 0 IN CNAME doubleobscured.under2.redir2.example.org.\n"
"doubleobscured.under2.redir2.example.com. 3600 IN CNAME doubleobscured.under2.redir2.example.org.\n"
},

{ "example.com", "foo.doubleobscured.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"foo.doubleobscured.under2.redir2.example.com. 0 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n"
"foo.doubleobscured.under2.redir2.example.com. 3600 IN CNAME foo.doubleobscured.under2.redir2.example.org.\n"
},

{ "example.com", "foo.under2.redir2.example.com. A", "",
";flags QR AA rcode NOERROR\n"
";answer section\n"
"redir2.example.com. 3600 IN DNAME redir2.example.org.\n"
"foo.under2.redir2.example.com. 0 IN CNAME foo.under2.redir2.example.org.\n"
"foo.under2.redir2.example.com. 3600 IN CNAME foo.under2.redir2.example.org.\n"
},

{ "example.com", "sub.example.com. NS", "",
Expand Down
20 changes: 10 additions & 10 deletions testdata/iter_dname_insec.rpl
View file
Open in desktop
Expand Up @@ -397,7 +397,7 @@ ENTRY_END

STEP 220302 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.example.com. IN A
Expand All @@ -420,7 +420,7 @@ ENTRY_END

STEP 220402 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.b.example.com. IN A
Expand Down Expand Up @@ -523,7 +523,7 @@ ENTRY_END

STEP 220702 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a.x.example.com. IN A
Expand Down Expand Up @@ -607,7 +607,7 @@ ENTRY_END

STEP 220802 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
a2.example.com. IN A
Expand Down Expand Up @@ -691,14 +691,14 @@ ENTRY_END
; CNAME chains should be followed and CNAME loops signalled as an error
STEP 220902 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
REPLY NOERROR
SECTION QUESTION
cyc.example.com. IN A
SECTION ANSWER
example.com. 0 IN DNAME example.com.
cyc.example.com. 0 IN CNAME cyc.example.com.
example.com. 3600 IN DNAME example.com.
cyc.example.com. 3600 IN CNAME cyc.example.com.
ENTRY_END

; ns1.example.com.
Expand Down Expand Up @@ -857,7 +857,7 @@ ENTRY_END

STEP 221102 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x.x. IN TXT
Expand Down Expand Up @@ -885,7 +885,7 @@ ENTRY_END

STEP 221202 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
shortloop.x. IN TXT
Expand Down Expand Up @@ -999,7 +999,7 @@ ENTRY_END
; query returning maximal permissible length - should work
STEP 229002 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
MATCH all ttl
REPLY QR RD RA DO
SECTION QUESTION
x.long. IN A
Expand Down