make additional lookups smarter about trailing dots. make pdnssec err…

…or about trailing dots in names. make pdnssec warn about trailing dots in names inside content. strip dot from SRV hostnames during axfr. Patches by Ruben d'Arco. Fixes PowerDNS#289. git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2748 d19b8d6e-7fed-0310-83ef-9ca221ded41b
mind04 · Oct 4, 2012 · ee85e58 · ee85e58
1 parent 67384d8
commit ee85e58
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 14 deletions.
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
@@ -362,15 +362,11 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
 
     vector<DNSResourceRecord> crrs;
 
-    for(vector<DNSResourceRecord *>::const_iterator i=arrs.begin();
-        i!=arrs.end();	++i) 
+    for(vector<DNSResourceRecord *>::const_iterator i=arrs.begin(); i!=arrs.end(); ++i) 
       crrs.push_back(**i);
 
     // we now have a copy, push_back on packet might reallocate!
-    for(vector<DNSResourceRecord>::const_iterator i=crrs.begin();
-        i!=crrs.end();
-        ++i) {
-
+    for(vector<DNSResourceRecord>::const_iterator i=crrs.begin(); i!=crrs.end(); ++i) {
       if(r->d.aa && !i->qname.empty() && i->qtype.getCode()==QType::NS && !B.getSOA(i->qname,sd,p)) { // drop AA in case of non-SOA-level NS answer, except for root referral
         r->setA(false);
         //	i->d_place=DNSResourceRecord::AUTHORITY; // XXX FIXME

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
@@ -270,7 +270,7 @@ int checkZone(DNSSECKeeper& dk, const std::string& zone)
   } 
   sd.db->list(zone, sd.domain_id);
   DNSResourceRecord rr;
-  uint64_t numrecords=0, numerrors=0;
+  uint64_t numrecords=0, numerrors=0, numwarnings=0;
 
   while(sd.db->get(rr)) {
     if(!rr.qtype.getCode())
@@ -283,20 +283,32 @@ int checkZone(DNSSECKeeper& dk, const std::string& zone)
     }
 
     if(rr.qtype.getCode() == QType::URL || rr.qtype.getCode() == QType::MBOXFW) {
-      cout<<"The recordtype "<<rr.qtype.getName()<<" for record '"<<rr.qname<<"' is no longer supported."<<endl;
+      cout<<"[Error] The recordtype "<<rr.qtype.getName()<<" for record '"<<rr.qname<<"' is no longer supported."<<endl;
       numerrors++;
       continue;
     }
 
+    if (rr.qname[rr.qname.size()-1] == '.') {
+      cout<<"[Error] Record '"<<rr.qname<<"' has a trailing dot. PowerDNS will ignore this record!"<<endl;
+      numerrors++;
+    }
+
+
     if(rr.qtype.getCode() == QType::MX || rr.qtype.getCode() == QType::SRV) 
       rr.content = lexical_cast<string>(rr.priority)+" "+rr.content;
 
+    if ( (rr.qtype.getCode() == QType::NS || rr.qtype.getCode() == QType::SRV || rr.qtype.getCode() == QType::MX) &&
+         rr.content[rr.content.size()-1] == '.') {
+      cout<<"[Warning] The record "<<rr.qname<<" with type "<<rr.qtype.getName()<<" has a trailing dot in the content ("<<rr.content<<"). Your backend might not work well with this."<<endl;
+      numwarnings++;
+    }
+
     if(rr.qtype.getCode() == QType::TXT && !rr.content.empty() && rr.content[0]!='"')
       rr.content = "\""+rr.content+"\"";  
 
     if(rr.auth == 0 && rr.qtype.getCode()!=QType::NS && rr.qtype.getCode()!=QType::A && rr.qtype.getCode()!=QType::AAAA)
     {
-      cout<<"Following record is auth=0, run pdnssec rectify-zone?: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
+      cout<<"[Error] Following record is auth=0, run pdnssec rectify-zone?: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
       numerrors++;
     }
     try {
@@ -305,13 +317,13 @@ int checkZone(DNSSECKeeper& dk, const std::string& zone)
     }
     catch(std::exception& e) 
     {
-      cout<<"Following record had a problem: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
-      cout<<"Error was: "<<e.what()<<endl;
+      cout<<"[Error] Following record had a problem: "<<rr.qname<<" IN " <<rr.qtype.getName()<< " " << rr.content<<endl;
+      cout<<"[Error] Error was: "<<e.what()<<endl;
       numerrors++;
     }
     numrecords++;
   }
-  cout<<"Checked "<<numrecords<<" records of '"<<zone<<"', "<<numerrors<<" errors"<<endl;
+  cout<<"Checked "<<numrecords<<" records of '"<<zone<<"', "<<numerrors<<" errors, "<<numwarnings<<" warnings."<<endl;
   return numerrors;
 }
 

diff --git a/pdns/slavecommunicator.cc b/pdns/slavecommunicator.cc
@@ -158,8 +158,8 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
         return;
       }
     } else {
-		laddr.sin4.sin_family = 0;
-	}
+		  laddr.sin4.sin_family = 0;
+    }
 
     AXFRRetriever retriever(raddr, domain.c_str(), tsigkeyname, tsigalgorithm, tsigsecret,
 		(laddr.sin4.sin_family == 0) ? NULL : &laddr);
@@ -208,6 +208,8 @@ void CommunicatorClass::suck(const string &domain,const string &remote)
         }
 
         i->domain_id=domain_id;
+        if (i->qtype.getCode() == QType::SRV)
+          i->content = stripDot(i->content);
 #if 0
         if(i->qtype.getCode()>=60000)
           throw DBException("Database can't store unknown record type "+lexical_cast<string>(i->qtype.getCode()-1024));