Permalink
Browse files

send extra NSEC3 because old BIND9 needs it, closes #814

  • Loading branch information...
1 parent 775acd9 commit a1d6b0c22ccb5b200bc24de2646b8235aad3786c @Habbie Habbie committed May 24, 2013
@@ -601,7 +601,9 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
}
// add matching NSEC3 RR
- if (mode != 3) {
+ // we used to skip this one for mode 3, but old BIND needs it
+ // see https://github.com/PowerDNS/pdns/issues/814
+ // if (mode != 3) {
unhashed=(mode == 0 || mode == 5) ? target : closest;
hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
@@ -610,7 +612,7 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
getNSEC3Hashes(narrow, sd.db, sd.domain_id, hashed, false, unhashed, before, after);
DLOG(L<<"Done calling for matching, hashed: '"<<toBase32Hex(hashed)<<"' before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl);
emitNSEC3(ns3rc, sd, unhashed, before, after, target, r, mode);
- }
+ // }
// add covering NSEC3 RR
if (mode != 0 && mode != 5) {
@@ -1,5 +1,7 @@
0 www.something.wtest.com. IN A 3600 4.3.2.1
0 www.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
1 7q60llva2bt9ucubvn553q9s2pf8ho38.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 7Q60LLVA2BT9UCUBVN553Q9S2PF8HO3A
1 7q60llva2bt9ucubvn553q9s2pf8ho38.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768
@@ -1,5 +1,7 @@
0 www.something.wtest.com. IN A 3600 4.3.2.1
0 www.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
1 7k2dfhl64f0ndftst8u5rr5euminddvb.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 95QOQ246KN3VM7HL8KVG8O45JIHMNLNG A RRSIG
1 7k2dfhl64f0ndftst8u5rr5euminddvb.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768
@@ -12,10 +12,20 @@
0 x.y.z.w5.example.com. IN RRSIG 120 A 8 3 120 [expiry] [inception] [keytag] example.com. ...
1 6jmrie0v0hnp2flflt36lur7c08n9h45.example.com. IN NSEC3 86400 1 [flags] 1 abcd 6JMRIE0V0HNP2FLFLT36LUR7C08N9H47
1 6jmrie0v0hnp2flflt36lur7c08n9h45.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 936eebq7jr1uc4bn1maa69a3aupeitfc.example.com. IN NSEC3 86400 1 [flags] 1 abcd 936EEBQ7JR1UC4BN1MAA69A3AUPEITFD
+1 936eebq7jr1uc4bn1maa69a3aupeitfc.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 a376dj0hnucs849r3dp2evrvbg967oeu.example.com. IN NSEC3 86400 1 [flags] 1 abcd A376DJ0HNUCS849R3DP2EVRVBG967OEV
+1 a376dj0hnucs849r3dp2evrvbg967oeu.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 akad2jtk186u143vhl92en81u06ljna5.example.com. IN NSEC3 86400 1 [flags] 1 abcd AKAD2JTK186U143VHL92EN81U06LJNA6
+1 akad2jtk186u143vhl92en81u06ljna5.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 atcf56s7ucntm82nht67p3g2nqteplou.example.com. IN NSEC3 86400 1 [flags] 1 abcd ATCF56S7UCNTM82NHT67P3G2NQTEPLP0
1 atcf56s7ucntm82nht67p3g2nqteplou.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 b3mj2rag3tfrk0cbk5uvlm9hnt6k6tmj.example.com. IN NSEC3 86400 1 [flags] 1 abcd B3MJ2RAG3TFRK0CBK5UVLM9HNT6K6TMK
+1 b3mj2rag3tfrk0cbk5uvlm9hnt6k6tmj.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 b6drqdikagd74fa5eme4sdiek1s06343.example.com. IN NSEC3 86400 1 [flags] 1 abcd B6DRQDIKAGD74FA5EME4SDIEK1S06345
1 b6drqdikagd74fa5eme4sdiek1s06343.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 bi61d8htvrnfktnig400n722d2v3lq1i.example.com. IN NSEC3 86400 1 [flags] 1 abcd BI61D8HTVRNFKTNIG400N722D2V3LQ1J
+1 bi61d8htvrnfktnig400n722d2v3lq1i.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 lr0g3vnj9r0nvtlsjnf8eqa68sqj06qg.example.com. IN NSEC3 86400 1 [flags] 1 abcd LR0G3VNJ9R0NVTLSJNF8EQA68SQJ06QI
1 lr0g3vnj9r0nvtlsjnf8eqa68sqj06qg.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 vsfa79vv78gd61567bkcai646ta0p276.example.com. IN NSEC3 86400 1 [flags] 1 abcd VSFA79VV78GD61567BKCAI646TA0P278
@@ -12,10 +12,20 @@
0 x.y.z.w5.example.com. IN RRSIG 120 A 8 3 120 [expiry] [inception] [keytag] example.com. ...
1 6jljjg5vg8ab1latv5khfq52jjpdlp9t.example.com. IN NSEC3 86400 1 [flags] 1 abcd 6JNMPRJN08RFG8QRUMBN91V2UURTV527 A RRSIG
1 6jljjg5vg8ab1latv5khfq52jjpdlp9t.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 936eebq7jr1uc4bn1maa69a3aupeitfc.example.com. IN NSEC3 86400 1 [flags] 1 abcd 938CRGVGJ6PEHDHT49EJCEIIRMH75IJ8
+1 936eebq7jr1uc4bn1maa69a3aupeitfc.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 a376dj0hnucs849r3dp2evrvbg967oeu.example.com. IN NSEC3 86400 1 [flags] 1 abcd A37U32P0GF09BE4EHU7VTEESS1GU45UB
+1 a376dj0hnucs849r3dp2evrvbg967oeu.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 akad2jtk186u143vhl92en81u06ljna5.example.com. IN NSEC3 86400 1 [flags] 1 abcd AKATF5BN9NMCT00E5PLMMOJM196CHN71
+1 akad2jtk186u143vhl92en81u06ljna5.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 atbcoh7l1gr1cbifhkt3ikmv2o60g8sc.example.com. IN NSEC3 86400 1 [flags] 1 abcd ATEJUO2QMEO1FORSEB6KH9B0DMVFRK08 A RRSIG
1 atbcoh7l1gr1cbifhkt3ikmv2o60g8sc.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 b3mj2rag3tfrk0cbk5uvlm9hnt6k6tmj.example.com. IN NSEC3 86400 1 [flags] 1 abcd B3ONOQ30J349UAJOB6H2FM1FIT3TOJKR
+1 b3mj2rag3tfrk0cbk5uvlm9hnt6k6tmj.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 b6cdleeregn514pnp2jgmtd67ig3q4qs.example.com. IN NSEC3 86400 1 [flags] 1 abcd B6J68ESSIMG1HC5MGJ3B3OQUKL9PKEQB A RRSIG
1 b6cdleeregn514pnp2jgmtd67ig3q4qs.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1 bi61d8htvrnfktnig400n722d2v3lq1i.example.com. IN NSEC3 86400 1 [flags] 1 abcd BI7NGLVDS01SK3172JRF6UPDINT4OEDL
+1 bi61d8htvrnfktnig400n722d2v3lq1i.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 lqu3s8oae1ipc1iobnslma8igo1335a4.example.com. IN NSEC3 86400 1 [flags] 1 abcd LR1LEP75CII4P0CLER3MLLQBO1TGKHDO A RRSIG
1 lqu3s8oae1ipc1iobnslma8igo1335a4.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
1 vscvfu442fdlbq07jpd7bdocd3ig7fo8.example.com. IN NSEC3 86400 1 [flags] 1 abcd VSGNH606MUV7BFQFN3TRH1D5FKP1IPIV A RRSIG
@@ -2,6 +2,8 @@
0 something.a.b.c.test.com. IN RRSIG 3600 A 8 5 3600 [expiry] [inception] [keytag] test.com. ...
1 qjeirdhb04ir4vbs5pbbhbue69dlq9nr.test.com. IN NSEC3 86400 1 [flags] 1 abcd QJEIRDHB04IR4VBS5PBBHBUE69DLQ9NT
1 qjeirdhb04ir4vbs5pbbhbue69dlq9nr.test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+1 vlvujatanof6feajoesti9kq4s0crst3.test.com. IN NSEC3 86400 1 [flags] 1 abcd VLVUJATANOF6FEAJOESTI9KQ4S0CRST4
+1 vlvujatanof6feajoesti9kq4s0crst3.test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
2 . IN OPT 32768
Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
Reply to question for qname='something.a.b.c.test.com.', qtype=A
@@ -2,6 +2,8 @@
0 something.a.b.c.test.com. IN RRSIG 3600 A 8 5 3600 [expiry] [inception] [keytag] test.com. ...
1 qd81ag9inqts1ocs7api0pji94k27btr.test.com. IN NSEC3 86400 1 [flags] 1 abcd S6G5SHC1JVOVL5FL9E943ADLONQLN7G4 CNAME RRSIG
1 qd81ag9inqts1ocs7api0pji94k27btr.test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+1 vlvujatanof6feajoesti9kq4s0crst3.test.com. IN NSEC3 86400 1 [flags] 1 abcd 0BH8DI769I8VVTKDDS8EFJDA19ABIGO5
+1 vlvujatanof6feajoesti9kq4s0crst3.test.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
2 . IN OPT 32768
Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
Reply to question for qname='something.a.b.c.test.com.', qtype=A
@@ -1,5 +1,7 @@
0 www.a.b.c.d.e.something.wtest.com. IN A 3600 4.3.2.1
0 www.a.b.c.d.e.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
1 pqgjjrj5si55uc1208gt1hp1k217fhqu.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd PQGJJRJ5SI55UC1208GT1HP1K217FHR0
1 pqgjjrj5si55uc1208gt1hp1k217fhqu.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768
@@ -1,5 +1,7 @@
0 www.a.b.c.d.e.something.wtest.com. IN A 3600 4.3.2.1
0 www.a.b.c.d.e.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768
@@ -1,5 +1,7 @@
0 www.a.b.c.d.e.wtest.com. IN A 3600 6.7.8.9
0 www.a.b.c.d.e.wtest.com. IN RRSIG 3600 A 8 7 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 bagsltiumgoavhe3ig8960l8j2il0mh8.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd BAGSLTIUMGOAVHE3IG8960L8J2IL0MH9 TXT RRSIG
+1 bagsltiumgoavhe3ig8960l8j2il0mh8.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
1 pet5iqbgccga60p2n38nmuanrk50papg.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd PET5IQBGCCGA60P2N38NMUANRK50PAPI
1 pet5iqbgccga60p2n38nmuanrk50papg.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768
@@ -1,5 +1,7 @@
0 www.a.b.c.d.e.wtest.com. IN A 3600 6.7.8.9
0 www.a.b.c.d.e.wtest.com. IN RRSIG 3600 A 8 7 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 bagsltiumgoavhe3ig8960l8j2il0mh8.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd CV382M4JQHLE9U45MDQFH64VP0JBFPN5 TXT RRSIG
+1 bagsltiumgoavhe3ig8960l8j2il0mh8.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
2 . IN OPT 32768

0 comments on commit a1d6b0c

Please sign in to comment.