Permalink
Browse files

always lowercase next name in NSEC to avoid interop troubles with val…

…idators, thanks Marco Davids&Matthijs Mekking

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@3175 d19b8d6e-7fed-0310-83ef-9ca221ded41b
  • Loading branch information...
1 parent 7cff29b commit 4b153d8c39b6eb523e61978c303fc4baa4935d9c @Habbie Habbie committed Apr 25, 2013
View
@@ -258,14 +258,15 @@ bool DNSBackend::getSOA(const string &domain, SOAData &sd, DNSPacket *p)
bool DNSBackend::getBeforeAndAfterNames(uint32_t id, const std::string& zonename, const std::string& qname, std::string& before, std::string& after)
{
string lcqname=toLower(qname);
- lcqname=makeRelative(qname, zonename);
+ string lczonename=toLower(zonename);
+ lcqname=makeRelative(lcqname, lczonename);
lcqname=labelReverse(lcqname);
string dnc;
bool ret = this->getBeforeAndAfterNamesAbsolute(id, lcqname, dnc, before, after);
- before=dotConcat(labelReverse(before), zonename);
- after=dotConcat(labelReverse(after), zonename);
+ before=dotConcat(labelReverse(before), lczonename);
+ after=dotConcat(labelReverse(after), lczonename);
return ret;
}
@@ -0,0 +1,2 @@
+#!/bin/sh
+cleandig z.Test.com A dnssec
@@ -0,0 +1,2 @@
+Make sure we lowercase the next name in an NSEC because validators
+do not (RFC6840 5.1).
@@ -0,0 +1,9 @@
+1 Test.com. IN NSEC 86400 _underscore.test.com. NS SOA MX RRSIG NSEC DNSKEY
+1 Test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ...
+1 Test.com. IN RRSIG 86400 NSEC 8 2 86400 [expiry] [inception] [keytag] test.com. ...
+1 Test.com. IN SOA 3600 ns1.Test.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+1 www.Test.com. IN NSEC 86400 test.com. CNAME RRSIG NSEC
+1 www.Test.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='z.Test.com.', qtype=A
@@ -0,0 +1,9 @@
+1 2eu2gulbu53h9uvhfalshpbo2a83t6l2.Test.com. IN NSEC3 86400 1 1 1 abcd 2GKS2N3JPQF62QOHAVFQ1PHOLM3HR7RA NS SOA MX RRSIG
+1 2eu2gulbu53h9uvhfalshpbo2a83t6l2.Test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+1 Test.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] test.com. ...
+1 Test.com. IN SOA 3600 ns1.Test.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+1 igf4m7otecach14p0a6ingi7dbuas5b2.Test.com. IN NSEC3 86400 1 1 1 abcd O1L0FB73HI3QP4A3FNQJSLEANLC883I3 A RP RRSIG
+1 igf4m7otecach14p0a6ingi7dbuas5b2.Test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+2 . IN OPT 32768
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='z.Test.com.', qtype=A

0 comments on commit 4b153d8

Please sign in to comment.