Commit 46adaeae authored by Marek Vavruša's avatar Marek Vavruša

Merge branch 'fix-ns-badboys'

parents 14b34bfb 482bca02
......@@ -224,10 +224,12 @@ static int process_authority(knot_pkt_t *pkt, struct kr_request *req)
int result = KNOT_STATE_CONSUME;
const knot_pktsection_t *ns = knot_pkt_section(pkt, KNOT_AUTHORITY);
#ifdef STRICT_MODE
/* AA, terminate resolution chain. */
if (knot_wire_get_aa(pkt->wire)) {
return KNOT_STATE_CONSUME;
}
#endif
/* Update zone cut information. */
for (unsigned i = 0; i < ns->count; ++i) {
......@@ -367,6 +369,7 @@ static int prepare_query(knot_layer_t *ctx, knot_pkt_t *pkt)
static int resolve_badmsg(knot_pkt_t *pkt, struct kr_request *req, struct kr_query *query)
{
#ifndef STRICT_MODE
/* Work around broken auths/load balancers */
if (query->flags & QUERY_SAFEMODE) {
return resolve_error(pkt, req);
......@@ -374,6 +377,9 @@ static int resolve_badmsg(knot_pkt_t *pkt, struct kr_request *req, struct kr_que
query->flags |= QUERY_SAFEMODE;
return KNOT_STATE_DONE;
}
#else
return resolve_error(pkt, req);
#endif
}
/** Resolve input query or continue resolution with followups.
......
......@@ -137,15 +137,6 @@ static uint32_t packet_ttl(knot_pkt_t *pkt)
{
bool has_ttl = false;
uint32_t ttl = UINT32_MAX;
/* Fetch SOA from authority. */
const knot_pktsection_t *ns = knot_pkt_section(pkt, KNOT_AUTHORITY);
for (unsigned i = 0; i < ns->count; ++i) {
const knot_rrset_t *rr = knot_pkt_rr(ns, i);
if (rr->type == KNOT_RRTYPE_SOA) {
ttl = knot_soa_minimum(&rr->rrs);
break;
}
}
/* Get minimum entry TTL in the packet */
for (knot_section_t i = KNOT_ANSWER; i <= KNOT_ADDITIONAL; ++i) {
const knot_pktsection_t *sec = knot_pkt_section(pkt, i);
......
; config options
server:
target-fetch-policy: "3 2 1 0 0"
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
CONFIG_END
SCENARIO_BEGIN Test iterator with NS falsely declaring referral answer as authoritative.
; K.ROOT-SERVERS.NET.
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id
REPLY QR NOERROR
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS K.ROOT-SERVERS.NET.
SECTION ADDITIONAL
K.ROOT-SERVERS.NET. IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
; False declaration here
REPLY QR AA NOERROR
SECTION QUESTION
MORECOWBELL. IN A
SECTION AUTHORITY
MORECOWBELL. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode qtype qname
ADJUST copy_id copy_query
REPLY QR AA NOERROR
SECTION QUESTION
CATALYST.MORECOWBELL. IN A
SECTION ANSWER
CATALYST.MORECOWBELL. IN A 10.20.30.40
SECTION AUTHORITY
CATALYST.MORECOWBELL. IN NS a.gtld-servers.net.
ENTRY_END
RANGE_END
STEP 1 QUERY
ENTRY_BEGIN
REPLY RD
SECTION QUESTION
catalyst.morecowbell. IN A
ENTRY_END
; recursion happens here.
STEP 10 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA NOERROR
SECTION QUESTION
catalyst.morecowbell. IN A
SECTION ANSWER
catalyst.morecowbell. IN A 10.20.30.40
ENTRY_END
SCENARIO_END
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment