New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Auth 4.0.x nsec sorting #5289

Merged
merged 3 commits into from May 9, 2017

Conversation

Projects
None yet
4 participants
@mind04
Contributor

mind04 commented May 3, 2017

Short description

NSEC sorting is wrong for upcase qnames

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled and tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
  • checked that this code was merged to master

mind04 added some commits May 3, 2017

auth: add test to make sure NSEC(3) generation is case insensitive
test result before fix (auth-4.0.3):

--- ./tests/nsecx-upcase/expected_result        2017-05-03 21:17:26.000000000 +0200
+++ ./tests/nsecx-upcase/real_result    2017-05-03 21:29:10.231994921 +0200
@@ -2,8 +2,10 @@
 0      Z1234567890.wtest.com.  IN      RRSIG   3600    CNAME 13 2 3600 [expiry] [inception] [keytag] wtest.com. ...
 0      server1.wtest.com.      IN      A       3600    1.2.3.4
 0      server1.wtest.com.      IN      RRSIG   3600    A 13 3 3600 [expiry] [inception] [keytag] wtest.com. ...
-1      a.something.wtest.com.  IN      NSEC    86400   wtest.com. A RRSIG NSEC
-1      a.something.wtest.com.  IN      RRSIG   86400   NSEC 13 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      *.wtest.com.    IN      NSEC    86400   e.wtest.com. CNAME RRSIG NSEC
+1      *.wtest.com.    IN      RRSIG   86400   NSEC 13 2 86400 [expiry] [inception] [keytag] wtest.com. ...
 2      .       IN      OPT     32768
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='Z1234567890.wtest.com.', qtype=A
./tests/nsecx-upcase/unbound-host.out:Z1234567890.wtest.com is an alias for server1.wtest.com. (BOGUS (security failure))
./tests/nsecx-upcase/unbound-host.out:server1.wtest.com has address 1.2.3.4 (BOGUS (security failure))

@rgacogne rgacogne added this to the auth-4.0.x milestone May 3, 2017

@pieterlexis pieterlexis merged commit 99c9dec into PowerDNS:rel/auth-4.0.x May 9, 2017

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details

@mind04 mind04 deleted the mind04:auth-4.0.x-nsec branch May 9, 2017

@zeha

This comment has been minimized.

Show comment
Hide comment
@zeha

zeha Oct 30, 2017

Collaborator

Looking at the 3.4 code, it already did toLower() before calling getBeforeAndAfterNamesAbsolute(). I'm assuming 3.4 got this right?

Collaborator

zeha commented Oct 30, 2017

Looking at the 3.4 code, it already did toLower() before calling getBeforeAndAfterNamesAbsolute(). I'm assuming 3.4 got this right?

@mind04

This comment has been minimized.

Show comment
Hide comment
@mind04

mind04 Oct 30, 2017

Contributor

Yes, this was only a problem in 4.x

Contributor

mind04 commented Oct 30, 2017

Yes, this was only a problem in 4.x

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment