Commit 4162e2da authored by Vladimír Čunát's avatar Vladimír Čunát

validator: fix CNAME to NXDOMAIN in a single answer

Real example: cname.nohats.ca
This case was handled for forwarding only, presumably because it
happened more often (no need to be withing single zone to be within
single answer); now the approach is the same.
parent 93da58f1
Bugfixes
--------
- validation: fix SERVFAIL in case of CNAME to NXDOMAIN in a single zone
Knot Resolver 2.2.0 (2018-03-28) Knot Resolver 2.2.0 (2018-03-28)
================================ ================================
......
...@@ -954,9 +954,11 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt) ...@@ -954,9 +954,11 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt)
} }
} }
/* Validate non-existence proof if not positive answer. */ /* Validate non-existence proof if not positive answer.
if (!qry->flags.CACHED && pkt_rcode == KNOT_RCODE_NXDOMAIN && * In case of CNAME, iterator scheduled a sibling query for the target,
(!qry->flags.FORWARD || !qry->flags.CNAME)) { * so we just drop the negative piece of information and don't try to prove it.
* TODO: not ideal; with aggressive cache we'll at least avoid the extra packet. */
if (!qry->flags.CACHED && pkt_rcode == KNOT_RCODE_NXDOMAIN && !qry->flags.CNAME) {
/* @todo If knot_pkt_qname(pkt) is used instead of qry->sname then the tests crash. */ /* @todo If knot_pkt_qname(pkt) is used instead of qry->sname then the tests crash. */
if (!has_nsec3) { if (!has_nsec3) {
ret = kr_nsec_name_error_response_check(pkt, KNOT_AUTHORITY, qry->sname); ret = kr_nsec_name_error_response_check(pkt, KNOT_AUTHORITY, qry->sname);
...@@ -979,9 +981,9 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt) ...@@ -979,9 +981,9 @@ static int validate(kr_layer_t *ctx, knot_pkt_t *pkt)
/* @todo WTH, this needs API that just tries to find a proof and the caller /* @todo WTH, this needs API that just tries to find a proof and the caller
* doesn't have to worry about NSEC/NSEC3 * doesn't have to worry about NSEC/NSEC3
* @todo rework this */ * @todo rework this
if (!qry->flags.CACHED && (pkt_rcode == KNOT_RCODE_NOERROR) && * CNAME: same as the NXDOMAIN case above */
(!qry->flags.FORWARD || !qry->flags.CNAME)) { if (!qry->flags.CACHED && pkt_rcode == KNOT_RCODE_NOERROR && !qry->flags.CNAME) {
bool no_data = (an->count == 0 && knot_wire_get_aa(pkt->wire)); bool no_data = (an->count == 0 && knot_wire_get_aa(pkt->wire));
if (no_data) { if (no_data) {
/* @todo /* @todo
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment