RFC2136 fixes

modules/tinydnsbackend/data

@@ -20106,18 +20106,18 @@
 :hightype.example.com:65534:\007\355\046\000\001:120
 :host-0.example.com:108:\000PV\233\000\347:120
 :host-1.example.com:109:\000PV\233\000\347\176W:120
-:hostmaster.mb.example.com:8:\300\035:120
-:hostmaster.mb.example.com:8:\300\072:120
+:hostmaster.mb.example.com:8:\004phil\303\177:120
+:hostmaster.mb.example.com:8:\006sheila\303\177:120
 :hwinfo.example.com:13:\003abc\003def:120
 :ipv6.example.com:28:\040\001\006\250\000\000\000\001\002\020K\377\376KLa:120
 :location.example.com:29:\0002\026\023\213\044\323e\176\273\347\100\000\230\230\020:120
 :location.example.com:29:\000B\026\023t\333\053\274\176\273\347\100\000\230\230\020:120
 :location.example.com:29:\000\022\026\023\213\044\310\373\201D\030\300\000\230\230\020:120
 :location.example.com:29:\000\042\026\023t\3331\320\201D\030\300\000\230\230\020:120
 :multitext.example.com:16:\015text\040part\040one\015text\040part\040two\017text\040part\040three:120
-:phil.mb.example.com:7:\002pc\300\044:120
-:philip.mb.example.com:9:\300\072:120
-:sheila.mb.example.com:7:\004bill\300\044:120
+:phil.mb.example.com:7:\002pc\303\177:120
+:philip.mb.example.com:9:\303\216:120
+:sheila.mb.example.com:7:\004bill\303\177:120
 :text.example.com:16:\025Hi\054\040this\040is\040some\040text:120
 :text0.example.com:16:\014k\075rsa\073\040p\075one:120
 :text1.example.com:16:\014k\075rsa\073\040p\075one:120
@@ -20186,6 +20186,8 @@ Cwithin-server.test.com:outpost.example.com.:3600
 Cwww.test.com:server1.test.com.:3600
 Ztest.com:ns1.test.com.:ahu.example.com.:2005092501:28800:7200:604800:86400:3600
 #2012060701 auto axfr-get
+&sub.test.dyndns::ns1.test.dyndns.:3600
+&sub.test.dyndns::ns2.test.dyndns.:3600
 &test.dyndns::ns1.test.dyndns.:3600
 &test.dyndns::ns2.test.dyndns.:3600
 +\052.wild.test.dyndns:127.0.1.255:3600
@@ -20209,6 +20211,10 @@ Ztest.com:ns1.test.com.:ahu.example.com.:2005092501:28800:7200:604800:86400:3600
 Ccname1.test.dyndns:host-1.test.dyndns.:3600
 Ccname2.test.dyndns:host-2.test.dyndns.:3600
 Ztest.dyndns:ns1.test.dyndns.:ahu.example.dyndns.:2012060701:28800:7200:604800:86400:3600
+#2012060701 auto axfr-get
+&sub.test.dyndns::ns1.test.dyndns.:3600
+&sub.test.dyndns::ns2.test.dyndns.:3600
+Zsub.test.dyndns:ns1.test.dyndns.:ahu.example.dyndns.:2012060701:28800:7200:604800:86400:3600
 #2005092501 auto axfr-get
 &wtest.com::..:3600
 &wtest.com::ns1.wtest.com.:3600

pdns/rfc2136handler.cc

@@ -33,7 +33,7 @@ int PacketHandler::checkUpdatePrerequisites(const DNSRecord *rr, DomainInfo *di)
 
   bool foundRecord=false;
   DNSResourceRecord rec;
-  di->backend->lookup(QType(QType::ANY), rr->d_name);
+  di->backend->lookup(QType(QType::ANY), rr->d_name, nullptr, di->id);
   while(di->backend->get(rec)) {
     if (!rec.qtype.getCode())
       continue;
@@ -171,7 +171,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr,
 
 
     bool foundRecord = false;
-    di->backend->lookup(rrType, rr->d_name);
+    di->backend->lookup(rrType, rr->d_name, nullptr, di->id);
     while (di->backend->get(rec)) {
       rrset.push_back(rec);
       foundRecord = true;
@@ -289,7 +289,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr,
             break;
 
           bool foundShorter = false;
-          di->backend->lookup(QType(QType::ANY), shorter);
+          di->backend->lookup(QType(QType::ANY), shorter, nullptr, di->id);
           while (di->backend->get(rec)) {
             if (rec.qname == rr->d_name && rec.qtype == QType::DS)
               fixDS = true;
@@ -444,7 +444,7 @@ uint PacketHandler::performUpdate(const string &msgPrefix, const DNSRecord *rr,
     } // end of NSEC3PARAM delete block
 
 
-    di->backend->lookup(rrType, rr->d_name);
+    di->backend->lookup(rrType, rr->d_name, nullptr, di->id);
     while(di->backend->get(rec)) {
       if (rr->d_class == QClass::ANY) { // 3.4.2.3
         if (rec.qname == di->zone && (rec.qtype == QType::NS || rec.qtype == QType::SOA)) // Never delete all SOA and NS's
@@ -860,7 +860,7 @@ int PacketHandler::processUpdate(DNSPacket *p) {
       rrVector_t *vec = &preRRSet->second;
 
       DNSResourceRecord rec;
-      di.backend->lookup(QType(QType::ANY), rrSet.first);
+      di.backend->lookup(QType(QType::ANY), rrSet.first, nullptr, di.id);
       uint16_t foundRR=0, matchRR=0;
       while (di.backend->get(rec)) {
         if (rec.qtype == rrSet.second) {
@@ -958,9 +958,12 @@ int PacketHandler::processUpdate(DNSPacket *p) {
     }
     for (const auto &rr : cnamesToAdd) {
       DNSResourceRecord rec;
-      di.backend->lookup(QType(QType::ANY), rr->d_name);
+      di.backend->lookup(QType(QType::ANY), rr->d_name, nullptr, di.id);
       while (di.backend->get(rec)) {
         if (rec.qtype != QType::CNAME && rec.qtype != QType::RRSIG) {
+          // leave database handle in a consistent state
+          while (di.backend->get(rec))
+            ;
           g_log<<Logger::Warning<<msgPrefix<<"Refusing update for " << rr->d_name << "/" << QType(rr->d_type).getName() << ": Data other than CNAME exists for the same name"<<endl;
           di.backend->abortTransaction();
           return RCode::Refused;
@@ -970,9 +973,12 @@ int PacketHandler::processUpdate(DNSPacket *p) {
     }
     for (const auto &rr : nonCnamesToAdd) {
       DNSResourceRecord rec;
-      di.backend->lookup(QType(QType::CNAME), rr->d_name);
+      di.backend->lookup(QType(QType::CNAME), rr->d_name, nullptr, di.id);
       while (di.backend->get(rec)) {
         if (rec.qtype == QType::CNAME && rr->d_type != QType::RRSIG) {
+          // leave database handle in a consistent state
+          while (di.backend->get(rec))
+            ;
           g_log<<Logger::Warning<<msgPrefix<<"Refusing update for " << rr->d_name << "/" << QType(rr->d_type).getName() << ": CNAME exists for the same name"<<endl;
           di.backend->abortTransaction();
           return RCode::Refused;
@@ -983,7 +989,7 @@ int PacketHandler::processUpdate(DNSPacket *p) {
     if (nsRRtoDelete.size()) {
       vector<DNSResourceRecord> nsRRInZone;
       DNSResourceRecord rec;
-      di.backend->lookup(QType(QType::NS), di.zone);
+      di.backend->lookup(QType(QType::NS), di.zone, nullptr, di.id);
       while (di.backend->get(rec)) {
         nsRRInZone.push_back(rec);
       }

regression-tests.nobackend/rectify-axfr/expected_result

@@ -30,6 +30,21 @@ zone test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed)
 OK
 RETVAL: 0
 
+--- ldns-verify-zone -V2 sub.test.dyndns
+RETVAL: 0
+
+--- validns sub.test.dyndns
+RETVAL: 0
+
+--- jdnssec-verifyzone sub.test.dyndns
+zone verified.
+RETVAL: 0
+
+--- named-checkzone sub.test.dyndns
+zone sub.test.dyndns/IN: loaded serial 2012060701 (DNSSEC signed)
+OK
+RETVAL: 0
+
 --- ldns-verify-zone -V2 wtest.com
 RETVAL: 0
 

regression-tests.nobackend/tinydns-data-check/expected_result

@@ -1,6 +1,7 @@
 9f88091d3d1b793bf15a2cf5015bf92d  ../regression-tests/zones/example.com
 fe49d2784b1bcc3b91ddd5619f0b6cc1  ../regression-tests/zones/test.com
-005b3381db2a7dc70b690484f6ab7770  ../regression-tests/zones/test.dyndns
+f0df67fa656d33fd85098cbe43893395  ../regression-tests/zones/test.dyndns
+dee3e8b568549d9450134b555ca73990  ../regression-tests/zones/sub.test.dyndns
 e7c0fd528e8aaedb1ea3b6daaead4de2  ../regression-tests/zones/wtest.com
 42b442de632686e94bde75acf66cf524  ../regression-tests/zones/nztest.com
 aeff58ea1eb6e63096e6da18337be312  ../regression-tests/zones/dnssec-parent.com
@@ -11,4 +12,4 @@ a63dc120391d9df0003f2ec4f461a6af  ../regression-tests/zones/secure-delegated.dns
 b1f775045fa2cf0a3b91aa834af06e49  ../regression-tests/zones/stest.com
 a98864b315f16bcf49ce577426063c42  ../regression-tests/zones/cdnskey-cds-test.com
 9aeed2c26d0c3ba3baf22dfa9568c451  ../regression-tests/zones/2.0.192.in-addr.arpa
-3cfc26fade6f3c30da8e18ca33b03498  ../modules/tinydnsbackend/data.cdb
+7145702efe04410a480114206dea2da6  ../modules/tinydnsbackend/data.cdb

regression-tests/mysqldiff

@@ -23,10 +23,17 @@ else
 		-e "SELECT r.name, r.type, r.prio, r.content, r.ttl, CONCAT('''', CONCAT(r.ordername, '''')), r.auth FROM domains d JOIN records r ON d.id=r.domain_id WHERE d.name='test.dyndns' AND(r.type != 'SOA' OR r.type IS NULL) ORDER BY r.name, r.type, r.content, r.ttl, r.prio" > ${testsdir}/${testname}/$step
 fi
 
+if type gsort >/dev/null 2>/dev/null
+then
+	SORT=gsort
+else
+	SORT=sort
+fi
+
 if [ ! "$step" == "start" ]
 then
 	echo -e "$comment\n--- Start: diff $diffto $step ---"
-	diff ${testsdir}/${testname}/$diffto ${testsdir}/${testname}/$step | sed '/^[0-9a-z,/-]*$/d' | sort -V
+	diff ${testsdir}/${testname}/$diffto ${testsdir}/${testname}/$step | sed '/^[0-9a-z,/-]*$/d' | $SORT -V
 	if [ ${PIPESTATUS[0]} -eq 0 ]
 	then
 		echo "no difference"

regression-tests/named.conf

@@ -25,6 +25,14 @@ zone "test.dyndns" {
 	};
 };
 
+zone "sub.test.dyndns" {
+	type master;
+	file "sub.test.dyndns";
+	allow-update {
+		127.0.0.0/8;
+	};
+};
+
 zone "wtest.com"{
 	type master;
 	file "wtest.com";

regression-tests/tests/00dnssec-grabkeys/expected_result.dnssec

@@ -1 +1 @@
-11
+12

regression-tests/tests/1dyndns-correct-zone/command

@@ -0,0 +1,55 @@
+#!/bin/sh
+
+mysqldiff
+
+RECORDNAME=occluded.sub.test.dyndns
+
+echo '* Check that the name cannot be found'
+cleandig $RECORDNAME ANY hidesoadetails
+
+echo '* Create the occluded name in the parent zone'
+cleannsupdate <<!
+server $nameserver $port
+zone test.dyndns
+update add $RECORDNAME. 3600 CNAME parent
+send
+answer
+!
+
+echo '* Check that the name cannot be found'
+cleandig $RECORDNAME ANY hidesoadetails
+
+echo '* Create a record in the child zone'
+cleannsupdate <<!
+server $nameserver $port
+zone sub.test.dyndns
+update add $RECORDNAME. 3600 CNAME child
+send
+answer
+!
+
+echo '* Check that the child zone record is visible'
+cleandig $RECORDNAME A hidesoadetails
+
+echo '* Remove child record'
+cleannsupdate <<!
+server $nameserver $port
+zone sub.test.dyndns
+update delete $RECORDNAME. 3600 CNAME child
+send
+answer
+!
+
+echo '* Check that the occluded name is invisible again'
+cleandig $RECORDNAME ANY hidesoadetails
+
+echo '* Remove parent record'
+cleannsupdate <<!
+server $nameserver $port
+zone test.dyndns
+update delete $RECORDNAME. 3600 CNAME parent
+send
+answer
+!
+
+mysqldiff 1 "check that we cleaned up correctly"

regression-tests/tests/1dyndns-correct-zone/description

@@ -0,0 +1,2 @@
+When writing a record to a child zone, while the name also exists (occluded)
+in the parent zone, make sure the update ends up in the child zone.

regression-tests/tests/1dyndns-correct-zone/expected_result

@@ -0,0 +1,49 @@
+* Check that the name cannot be found
+1	sub.test.dyndns.	IN	SOA	3600	ns1.test.dyndns. ahu.example.dyndns. [serial] 28800 7200 604800 86400
+Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='occluded.sub.test.dyndns.', qtype=ANY
+* Create the occluded name in the parent zone
+Answer:
+;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: [id]
+;; flags: qr aa; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
+;; ZONE SECTION:
+;test.dyndns.			IN	SOA
+
+* Check that the name cannot be found
+1	sub.test.dyndns.	IN	SOA	3600	ns1.test.dyndns. ahu.example.dyndns. [serial] 28800 7200 604800 86400
+Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='occluded.sub.test.dyndns.', qtype=ANY
+* Create a record in the child zone
+Answer:
+;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: [id]
+;; flags: qr aa; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
+;; ZONE SECTION:
+;sub.test.dyndns.		IN	SOA
+
+* Check that the child zone record is visible
+0	occluded.sub.test.dyndns.	IN	CNAME	3600	child.
+Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='occluded.sub.test.dyndns.', qtype=A
+* Remove child record
+Answer:
+;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: [id]
+;; flags: qr aa; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
+;; ZONE SECTION:
+;sub.test.dyndns.		IN	SOA
+
+* Check that the occluded name is invisible again
+1	sub.test.dyndns.	IN	SOA	3600	ns1.test.dyndns. ahu.example.dyndns. [serial] 28800 7200 604800 86400
+Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='occluded.sub.test.dyndns.', qtype=ANY
+* Remove parent record
+Answer:
+;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: [id]
+;; flags: qr aa; ZONE: 1, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
+;; ZONE SECTION:
+;test.dyndns.			IN	SOA
+
+check that we cleaned up correctly
+--- Start: diff start step.1 ---
+no difference
+--- End: diff start step.1 ---
+

regression-tests/tests/1dyndns-update-delegate-in-between/expected_result.nsec3

@@ -286,8 +286,8 @@ Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='b.b.host.test.dyndns.', qtype=ANY
 1	fgun0ru4oe3g76tr551hg97mpu37b6mi.test.dyndns.	IN	NSEC3	86400	1 [flags] 1 abcd FQU365VN7BR5CSV8CG6NE9V8HA6D008P
 1	fgun0ru4oe3g76tr551hg97mpu37b6mi.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
-1	lresbbp3lv8blgj9fsgtdmm4q7vj3d6j.test.dyndns.	IN	NSEC3	86400	1 [flags] 1 abcd Q75PNOE7PB74PND6OGN44T5BTUURBHRF A RRSIG
-1	lresbbp3lv8blgj9fsgtdmm4q7vj3d6j.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
+1	ncja3un028k84h59aoloj6bh06s80071.test.dyndns.	IN	NSEC3	86400	1 [flags] 1 abcd Q75PNOE7PB74PND6OGN44T5BTUURBHRF NS
+1	ncja3un028k84h59aoloj6bh06s80071.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
 1	r9s1cj8dkmnmenjn95sti8nhh9utpq9k.test.dyndns.	IN	NSEC3	86400	1 [flags] 1 abcd S30OPRHQREKH5SUH6L530KD668ELK9OS
 1	r9s1cj8dkmnmenjn95sti8nhh9utpq9k.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
 1	test.dyndns.	IN	RRSIG	3600	SOA 13 2 3600 [expiry] [inception] [keytag] test.dyndns. ...

regression-tests/tests/1dyndns-update-nsec3params-with-others/expected_result

@@ -21,7 +21,7 @@ Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='test.dyndns.', qtype=NSEC3PARAM
 1	ac2jl1kik929tr9i5rfcmbucm547n51a.test.dyndns.	IN	NSEC3	86400	1 [flags] 10 dcbe EE295AK1NDT9O0RLL1A4RPPB4NAOV4QM
 1	ac2jl1kik929tr9i5rfcmbucm547n51a.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
-1	lavvds84bcal6n6qnavn3q1u4jcpjev9.test.dyndns.	IN	NSEC3	86400	1 [flags] 10 dcbe PE3H59F3RU6VID4OK0T4TSU6D0NDRVHS A RRSIG
+1	lavvds84bcal6n6qnavn3q1u4jcpjev9.test.dyndns.	IN	NSEC3	86400	1 [flags] 10 dcbe N6N81NDT5KU73E19K457TOUB8E6D2LPM A RRSIG
 1	lavvds84bcal6n6qnavn3q1u4jcpjev9.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
 1	test.dyndns.	IN	RRSIG	3600	SOA 13 2 3600 [expiry] [inception] [keytag] test.dyndns. ...
 1	test.dyndns.	IN	SOA	3600	ns1.test.dyndns. ahu.example.dyndns. [serial] 28800 7200 604800 86400

regression-tests/tests/1dyndns-update-nsec3params-with-others/expected_result.nsec3

@@ -23,7 +23,7 @@ Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='test.dyndns.', qtype=NSEC3PARAM
 1	ac2jl1kik929tr9i5rfcmbucm547n51a.test.dyndns.	IN	NSEC3	86400	1 [flags] 10 dcbe EE295AK1NDT9O0RLL1A4RPPB4NAOV4QM
 1	ac2jl1kik929tr9i5rfcmbucm547n51a.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
-1	lavvds84bcal6n6qnavn3q1u4jcpjev9.test.dyndns.	IN	NSEC3	86400	1 [flags] 10 dcbe PE3H59F3RU6VID4OK0T4TSU6D0NDRVHS A RRSIG
+1	lavvds84bcal6n6qnavn3q1u4jcpjev9.test.dyndns.	IN	NSEC3	86400	1 [flags] 10 dcbe N6N81NDT5KU73E19K457TOUB8E6D2LPM A RRSIG
 1	lavvds84bcal6n6qnavn3q1u4jcpjev9.test.dyndns.	IN	RRSIG	86400	NSEC3 13 3 86400 [expiry] [inception] [keytag] test.dyndns. ...
 1	test.dyndns.	IN	RRSIG	3600	SOA 13 2 3600 [expiry] [inception] [keytag] test.dyndns. ...
 1	test.dyndns.	IN	SOA	3600	ns1.test.dyndns. ahu.example.dyndns. [serial] 28800 7200 604800 86400