2c0af7
From 02412bfe731d0cb229eb22f0ca4e8fbaed601cbe Mon Sep 17 00:00:00 2001
2c0af7
From: Mark Andrews <marka@isc.org>
2c0af7
Date: Fri, 27 May 2016 09:59:46 +1000
2c0af7
Subject: [PATCH] 4377.   [bug]           Don't reuse zero TTL responses beyond
2c0af7
 the current                         client set (excludes ANY/SIG/RRSIG
2c0af7
 queries).                         [RT #42142]
2c0af7
2c0af7
(cherry picked from commit aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7)
2c0af7
2c0af7
REDIRECT macro is 9.11.0+
2c0af7
---
2c0af7
 bin/named/query.c                 | 31 +++++++++++++++
2c0af7
 bin/tests/system/zero/ans5/ans.pl | 81 +++++++++++++++++++++++++++++++++++++++
2c0af7
 bin/tests/system/zero/ns1/root.db |  2 +
2c0af7
 bin/tests/system/zero/tests.sh    | 13 +++++++
2c0af7
 4 files changed, 127 insertions(+)
2c0af7
 create mode 100644 bin/tests/system/zero/ans5/ans.pl
2c0af7
2c0af7
diff --git a/bin/named/query.c b/bin/named/query.c
2c0af7
index 2c44e9ff53..3b402f1d01 100644
2c0af7
--- a/bin/named/query.c
2c0af7
+++ b/bin/named/query.c
2c0af7
@@ -6816,6 +6816,37 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
2c0af7
 		goto cleanup;
2c0af7
 
2c0af7
 	case DNS_R_CNAME:
2c0af7
+		/*
2c0af7
+		 * If we have a zero ttl from the cache refetch it.
2c0af7
+		 */
2c0af7
+		if (!is_zone && event == NULL && rdataset->ttl == 0 &&
2c0af7
+		    RECURSIONOK(client))
2c0af7
+		{
2c0af7
+			if (dns_rdataset_isassociated(rdataset))
2c0af7
+				dns_rdataset_disassociate(rdataset);
2c0af7
+			if (sigrdataset != NULL &&
2c0af7
+			    dns_rdataset_isassociated(sigrdataset))
2c0af7
+				dns_rdataset_disassociate(sigrdataset);
2c0af7
+			if (node != NULL)
2c0af7
+				dns_db_detachnode(db, &node);
2c0af7
+
2c0af7
+			result = query_recurse(client, qtype,
2c0af7
+					       client->query.qname,
2c0af7
+					       NULL, NULL, resuming);
2c0af7
+			if (result == ISC_R_SUCCESS) {
2c0af7
+				client->query.attributes |=
2c0af7
+					NS_QUERYATTR_RECURSING;
2c0af7
+				if (dns64)
2c0af7
+					client->query.attributes |=
2c0af7
+						NS_QUERYATTR_DNS64;
2c0af7
+				if (dns64_exclude)
2c0af7
+					client->query.attributes |=
2c0af7
+					      NS_QUERYATTR_DNS64EXCLUDE;
2c0af7
+			} else
2c0af7
+				RECURSE_ERROR(result);
2c0af7
+			goto cleanup;
2c0af7
+		}
2c0af7
+
2c0af7
 		/*
2c0af7
 		 * Keep a copy of the rdataset.  We have to do this because
2c0af7
 		 * query_addrrset may clear 'rdataset' (to prevent the
2c0af7
diff --git a/bin/tests/system/zero/ans5/ans.pl b/bin/tests/system/zero/ans5/ans.pl
2c0af7
new file mode 100644
2c0af7
index 0000000000..9dfa18e444
2c0af7
--- /dev/null
2c0af7
+++ b/bin/tests/system/zero/ans5/ans.pl
2c0af7
@@ -0,0 +1,81 @@
2c0af7
+#!/usr/bin/perl -w
2c0af7
+#
2c0af7
+# Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
2c0af7
+#
2c0af7
+# Permission to use, copy, modify, and/or distribute this software for any
2c0af7
+# purpose with or without fee is hereby granted, provided that the above
2c0af7
+# copyright notice and this permission notice appear in all copies.
2c0af7
+#
2c0af7
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2c0af7
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2c0af7
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2c0af7
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2c0af7
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2c0af7
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2c0af7
+# PERFORMANCE OF THIS SOFTWARE.
2c0af7
+
2c0af7
+#
2c0af7
+# Don't respond if the "norespond" file exists; otherwise respond to
2c0af7
+# any A or AAAA query.
2c0af7
+#
2c0af7
+
2c0af7
+use IO::File;
2c0af7
+use IO::Socket;
2c0af7
+use Net::DNS;
2c0af7
+use Net::DNS::Packet;
2c0af7
+
2c0af7
+my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.5",
2c0af7
+   LocalPort => 5300, Proto => "udp") or die "$!";
2c0af7
+
2c0af7
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
2c0af7
+print $pidf "$$\n" or die "cannot write pid file: $!";
2c0af7
+$pidf->close or die "cannot close pid file: $!";
2c0af7
+sub rmpid { unlink "ans.pid"; exit 1; };
2c0af7
+
2c0af7
+$SIG{INT} = \&rmpid;
2c0af7
+$SIG{TERM} = \&rmpid;
2c0af7
+
2c0af7
+my $octet = 0;
2c0af7
+
2c0af7
+for (;;) {
2c0af7
+	$sock->recv($buf, 512);
2c0af7
+
2c0af7
+	print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
2c0af7
+
2c0af7
+	my $packet;
2c0af7
+
2c0af7
+	if ($Net::DNS::VERSION > 0.68) {
2c0af7
+		$packet = new Net::DNS::Packet(\$buf, 0);
2c0af7
+		$@ and die $@;
2c0af7
+	} else {
2c0af7
+		my $err;
2c0af7
+		($packet, $err) = new Net::DNS::Packet(\$buf, 0);
2c0af7
+		$err and die $err;
2c0af7
+	}
2c0af7
+
2c0af7
+	print "REQUEST:\n";
2c0af7
+	$packet->print;
2c0af7
+
2c0af7
+	$packet->header->qr(1);
2c0af7
+
2c0af7
+	my @questions = $packet->question;
2c0af7
+	my $qname = $questions[0]->qname;
2c0af7
+	my $qtype = $questions[0]->qtype;
2c0af7
+
2c0af7
+	$packet->header->aa(1);
2c0af7
+	if ($qtype eq "A") {
2c0af7
+		$packet->push("answer",
2c0af7
+			      new Net::DNS::RR($qname .
2c0af7
+					       " 0 A 192.0.2." . $octet));
2c0af7
+		$octet = $octet + 1;
2c0af7
+	} elsif ($qtype eq "AAAA") {
2c0af7
+		$packet->push("answer",
2c0af7
+			      new Net::DNS::RR($qname .
2c0af7
+						" 300 AAAA 2001:db8:beef::1"));
2c0af7
+	}
2c0af7
+
2c0af7
+	$sock->send($packet->data);
2c0af7
+	print "RESPONSE:\n";
2c0af7
+	$packet->print;
2c0af7
+	print "\n";
2c0af7
+}
2c0af7
diff --git a/bin/tests/system/zero/ns1/root.db b/bin/tests/system/zero/ns1/root.db
2c0af7
index 69aca86fb8..beb97cb693 100644
2c0af7
--- a/bin/tests/system/zero/ns1/root.db
2c0af7
+++ b/bin/tests/system/zero/ns1/root.db
2c0af7
@@ -22,3 +22,5 @@ example. NS ns2.example.
2c0af7
 ns2.example. A 10.53.0.2
2c0af7
 example. NS ns4.example.
2c0af7
 ns4.example. A 10.53.0.4
2c0af7
+increment. NS incrementns.
2c0af7
+incrementns A 10.53.0.5
2c0af7
diff --git a/bin/tests/system/zero/tests.sh b/bin/tests/system/zero/tests.sh
2c0af7
index 15c2906a92..bbb78f0fd8 100644
2c0af7
--- a/bin/tests/system/zero/tests.sh
2c0af7
+++ b/bin/tests/system/zero/tests.sh
2c0af7
@@ -44,5 +44,18 @@ done
2c0af7
 if [ $ret != 0 ]; then echo "I:failed"; fi
2c0af7
 status=`expr $status + $ret`
2c0af7
 
2c0af7
+echo "I:check repeated recursive lookups of non recurring zero ttl responses get new values"
2c0af7
+count=`(
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+dig +short -p 5300 @10.53.0.3 foo.increment
2c0af7
+) | sort -u | wc -l `
2c0af7
+if [ $count -ne 7 ] ; then echo "I:failed (count=$count)"; ret=1; fi
2c0af7
+status=`expr $status + $ret`
2c0af7
+
2c0af7
 echo "I:exit status: $status"
2c0af7
 exit $status
2c0af7
-- 
2c0af7
2.14.4
2c0af7