Permalink
Browse files

fix getAuth for DS queries at apex

  • Loading branch information...
1 parent d080e91 commit 34479a6f62cf847bde337b3ba1f73ceb09dc0907 @mind04 mind04 committed with Habbie Jul 1, 2013
View
@@ -286,20 +286,23 @@ int PacketHandler::doVersionRequest(DNSPacket *p, DNSPacket *r, string &target)
/** Determines if we are authoritative for a zone, and at what level */
bool PacketHandler::getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId)
{
+ bool found=false;
string subdomain(target);
do {
if( B.getSOA( subdomain, *sd, p ) ) {
- if(p->qtype.getCode() == QType::DS && pdns_iequals(subdomain, target))
- continue; // A DS question is never answered from the apex, go one zone upwards
-
sd->qname = subdomain;
if(zoneId)
*zoneId = sd->domain_id;
- return true;
+
+ if(p->qtype.getCode() == QType::DS && pdns_iequals(subdomain, target)) {
+ // Found authoritative zone but look for parent zone with 'DS' record.
+ found=true;
+ } else
+ return true;
}
}
while( chopOff( subdomain ) ); // 'www.powerdns.org' -> 'powerdns.org' -> 'org' -> ''
- return false;
+ return found;
}
vector<DNSResourceRecord> PacketHandler::getBestReferralNS(DNSPacket *p, SOAData& sd, const string &target)
@@ -0,0 +1,3 @@
+#!/bin/sh
+cleandig example.com DS dnssec
+
@@ -0,0 +1 @@
+This test tries to resolve a non-existent DS at apex
@@ -0,0 +1,4 @@
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=DS
@@ -0,0 +1,7 @@
+1 example.com. IN NSEC 86400 double.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1 example.com. IN RRSIG 86400 NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=DS
@@ -0,0 +1,7 @@
+1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 [flags] 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=DS
@@ -0,0 +1,7 @@
+1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 [flags] 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=DS

0 comments on commit 34479a6

Please sign in to comment.