Permalink
Browse files

Handle CNAME at secure zone apex to secure zone

Closes #4466
  • Loading branch information...
1 parent 5e8895c commit d8baf17df357dd6d132ed67fd01bc1e23c79d58f @pieterlexis pieterlexis committed Oct 25, 2016
Showing with 9 additions and 1 deletion.
  1. +1 −1 pdns/syncres.cc
  2. +6 −0 pdns/syncres.hh
  3. +2 −0 pdns/validate-recursor.cc
View
@@ -443,7 +443,7 @@ int SyncRes::doResolve(const DNSName &qname, const QType &qtype, vector<DNSRecor
}
}
- if(qtype != QType::DS && doCNAMECacheCheck(qname,qtype,ret,depth,res)) // will reroute us if needed
+ if(!d_skipCNAMECheck && doCNAMECacheCheck(qname,qtype,ret,depth,res)) // will reroute us if needed
return res;
if(doCacheCheck(qname,qtype,ret,depth,res)) // we done
View
@@ -339,6 +339,11 @@ public:
return d_wasOutOfBand;
}
+ void setSkipCNAMECheck(bool skip = false)
+ {
+ d_skipCNAMECheck = skip;
+ }
+
int asyncresolveWrapper(const ComboAddress& ip, bool ednsMANDATORY, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, struct timeval* now, boost::optional<Netmask>& srcmask, LWResult* res);
static void doEDNSDumpAndClose(int fd);
@@ -371,6 +376,7 @@ public:
bool d_wasVariable{false};
bool d_wasOutOfBand{false};
bool d_wantsRPZ{true};
+ bool d_skipCNAMECheck{false};
typedef multi_index_container <
NegCacheEntry,
@@ -19,6 +19,8 @@ class SRRecordOracle : public DNSRecordOracle
vector<DNSRecord> ret;
sr.d_doDNSSEC=true;
+ if (qtype == QType::DS || qtype == QType::DNSKEY || qtype == QType::NS)
+ sr.setSkipCNAMECheck(true);
sr.beginResolve(qname, QType(qtype), 1, ret);
d_queries += sr.d_outqueries;
return ret;

0 comments on commit d8baf17

Please sign in to comment.