|
|
2c0af7 |
From 02412bfe731d0cb229eb22f0ca4e8fbaed601cbe Mon Sep 17 00:00:00 2001
|
|
|
2c0af7 |
From: Mark Andrews <marka@isc.org>
|
|
|
2c0af7 |
Date: Fri, 27 May 2016 09:59:46 +1000
|
|
|
2c0af7 |
Subject: [PATCH] 4377. [bug] Don't reuse zero TTL responses beyond
|
|
|
2c0af7 |
the current client set (excludes ANY/SIG/RRSIG
|
|
|
2c0af7 |
queries). [RT #42142]
|
|
|
2c0af7 |
|
|
|
2c0af7 |
(cherry picked from commit aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7)
|
|
|
2c0af7 |
|
|
|
2c0af7 |
REDIRECT macro is 9.11.0+
|
|
|
2c0af7 |
---
|
|
|
2c0af7 |
bin/named/query.c | 31 +++++++++++++++
|
|
|
2c0af7 |
bin/tests/system/zero/ans5/ans.pl | 81 +++++++++++++++++++++++++++++++++++++++
|
|
|
2c0af7 |
bin/tests/system/zero/ns1/root.db | 2 +
|
|
|
2c0af7 |
bin/tests/system/zero/tests.sh | 13 +++++++
|
|
|
2c0af7 |
4 files changed, 127 insertions(+)
|
|
|
2c0af7 |
create mode 100644 bin/tests/system/zero/ans5/ans.pl
|
|
|
2c0af7 |
|
|
|
2c0af7 |
diff --git a/bin/named/query.c b/bin/named/query.c
|
|
|
2c0af7 |
index 2c44e9ff53..3b402f1d01 100644
|
|
|
2c0af7 |
--- a/bin/named/query.c
|
|
|
2c0af7 |
+++ b/bin/named/query.c
|
|
|
2c0af7 |
@@ -6816,6 +6816,37 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
|
|
|
2c0af7 |
goto cleanup;
|
|
|
2c0af7 |
|
|
|
2c0af7 |
case DNS_R_CNAME:
|
|
|
2c0af7 |
+ /*
|
|
|
2c0af7 |
+ * If we have a zero ttl from the cache refetch it.
|
|
|
2c0af7 |
+ */
|
|
|
2c0af7 |
+ if (!is_zone && event == NULL && rdataset->ttl == 0 &&
|
|
|
2c0af7 |
+ RECURSIONOK(client))
|
|
|
2c0af7 |
+ {
|
|
|
2c0af7 |
+ if (dns_rdataset_isassociated(rdataset))
|
|
|
2c0af7 |
+ dns_rdataset_disassociate(rdataset);
|
|
|
2c0af7 |
+ if (sigrdataset != NULL &&
|
|
|
2c0af7 |
+ dns_rdataset_isassociated(sigrdataset))
|
|
|
2c0af7 |
+ dns_rdataset_disassociate(sigrdataset);
|
|
|
2c0af7 |
+ if (node != NULL)
|
|
|
2c0af7 |
+ dns_db_detachnode(db, &node);
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ result = query_recurse(client, qtype,
|
|
|
2c0af7 |
+ client->query.qname,
|
|
|
2c0af7 |
+ NULL, NULL, resuming);
|
|
|
2c0af7 |
+ if (result == ISC_R_SUCCESS) {
|
|
|
2c0af7 |
+ client->query.attributes |=
|
|
|
2c0af7 |
+ NS_QUERYATTR_RECURSING;
|
|
|
2c0af7 |
+ if (dns64)
|
|
|
2c0af7 |
+ client->query.attributes |=
|
|
|
2c0af7 |
+ NS_QUERYATTR_DNS64;
|
|
|
2c0af7 |
+ if (dns64_exclude)
|
|
|
2c0af7 |
+ client->query.attributes |=
|
|
|
2c0af7 |
+ NS_QUERYATTR_DNS64EXCLUDE;
|
|
|
2c0af7 |
+ } else
|
|
|
2c0af7 |
+ RECURSE_ERROR(result);
|
|
|
2c0af7 |
+ goto cleanup;
|
|
|
2c0af7 |
+ }
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
/*
|
|
|
2c0af7 |
* Keep a copy of the rdataset. We have to do this because
|
|
|
2c0af7 |
* query_addrrset may clear 'rdataset' (to prevent the
|
|
|
2c0af7 |
diff --git a/bin/tests/system/zero/ans5/ans.pl b/bin/tests/system/zero/ans5/ans.pl
|
|
|
2c0af7 |
new file mode 100644
|
|
|
2c0af7 |
index 0000000000..9dfa18e444
|
|
|
2c0af7 |
--- /dev/null
|
|
|
2c0af7 |
+++ b/bin/tests/system/zero/ans5/ans.pl
|
|
|
2c0af7 |
@@ -0,0 +1,81 @@
|
|
|
2c0af7 |
+#!/usr/bin/perl -w
|
|
|
2c0af7 |
+#
|
|
|
2c0af7 |
+# Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
|
|
|
2c0af7 |
+#
|
|
|
2c0af7 |
+# Permission to use, copy, modify, and/or distribute this software for any
|
|
|
2c0af7 |
+# purpose with or without fee is hereby granted, provided that the above
|
|
|
2c0af7 |
+# copyright notice and this permission notice appear in all copies.
|
|
|
2c0af7 |
+#
|
|
|
2c0af7 |
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
|
|
|
2c0af7 |
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
|
2c0af7 |
+# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
|
2c0af7 |
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
|
|
|
2c0af7 |
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
|
|
|
2c0af7 |
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
|
|
|
2c0af7 |
+# PERFORMANCE OF THIS SOFTWARE.
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+#
|
|
|
2c0af7 |
+# Don't respond if the "norespond" file exists; otherwise respond to
|
|
|
2c0af7 |
+# any A or AAAA query.
|
|
|
2c0af7 |
+#
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+use IO::File;
|
|
|
2c0af7 |
+use IO::Socket;
|
|
|
2c0af7 |
+use Net::DNS;
|
|
|
2c0af7 |
+use Net::DNS::Packet;
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+my $sock = IO::Socket::INET->new(LocalAddr => "10.53.0.5",
|
|
|
2c0af7 |
+ LocalPort => 5300, Proto => "udp") or die "$!";
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!";
|
|
|
2c0af7 |
+print $pidf "$$\n" or die "cannot write pid file: $!";
|
|
|
2c0af7 |
+$pidf->close or die "cannot close pid file: $!";
|
|
|
2c0af7 |
+sub rmpid { unlink "ans.pid"; exit 1; };
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+$SIG{INT} = \&rmpid;
|
|
|
2c0af7 |
+$SIG{TERM} = \&rmpid;
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+my $octet = 0;
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+for (;;) {
|
|
|
2c0af7 |
+ $sock->recv($buf, 512);
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ print "**** request from " , $sock->peerhost, " port ", $sock->peerport, "\n";
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ my $packet;
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ if ($Net::DNS::VERSION > 0.68) {
|
|
|
2c0af7 |
+ $packet = new Net::DNS::Packet(\$buf, 0);
|
|
|
2c0af7 |
+ $@ and die $@;
|
|
|
2c0af7 |
+ } else {
|
|
|
2c0af7 |
+ my $err;
|
|
|
2c0af7 |
+ ($packet, $err) = new Net::DNS::Packet(\$buf, 0);
|
|
|
2c0af7 |
+ $err and die $err;
|
|
|
2c0af7 |
+ }
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ print "REQUEST:\n";
|
|
|
2c0af7 |
+ $packet->print;
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ $packet->header->qr(1);
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ my @questions = $packet->question;
|
|
|
2c0af7 |
+ my $qname = $questions[0]->qname;
|
|
|
2c0af7 |
+ my $qtype = $questions[0]->qtype;
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ $packet->header->aa(1);
|
|
|
2c0af7 |
+ if ($qtype eq "A") {
|
|
|
2c0af7 |
+ $packet->push("answer",
|
|
|
2c0af7 |
+ new Net::DNS::RR($qname .
|
|
|
2c0af7 |
+ " 0 A 192.0.2." . $octet));
|
|
|
2c0af7 |
+ $octet = $octet + 1;
|
|
|
2c0af7 |
+ } elsif ($qtype eq "AAAA") {
|
|
|
2c0af7 |
+ $packet->push("answer",
|
|
|
2c0af7 |
+ new Net::DNS::RR($qname .
|
|
|
2c0af7 |
+ " 300 AAAA 2001:db8:beef::1"));
|
|
|
2c0af7 |
+ }
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
+ $sock->send($packet->data);
|
|
|
2c0af7 |
+ print "RESPONSE:\n";
|
|
|
2c0af7 |
+ $packet->print;
|
|
|
2c0af7 |
+ print "\n";
|
|
|
2c0af7 |
+}
|
|
|
2c0af7 |
diff --git a/bin/tests/system/zero/ns1/root.db b/bin/tests/system/zero/ns1/root.db
|
|
|
2c0af7 |
index 69aca86fb8..beb97cb693 100644
|
|
|
2c0af7 |
--- a/bin/tests/system/zero/ns1/root.db
|
|
|
2c0af7 |
+++ b/bin/tests/system/zero/ns1/root.db
|
|
|
2c0af7 |
@@ -22,3 +22,5 @@ example. NS ns2.example.
|
|
|
2c0af7 |
ns2.example. A 10.53.0.2
|
|
|
2c0af7 |
example. NS ns4.example.
|
|
|
2c0af7 |
ns4.example. A 10.53.0.4
|
|
|
2c0af7 |
+increment. NS incrementns.
|
|
|
2c0af7 |
+incrementns A 10.53.0.5
|
|
|
2c0af7 |
diff --git a/bin/tests/system/zero/tests.sh b/bin/tests/system/zero/tests.sh
|
|
|
2c0af7 |
index 15c2906a92..bbb78f0fd8 100644
|
|
|
2c0af7 |
--- a/bin/tests/system/zero/tests.sh
|
|
|
2c0af7 |
+++ b/bin/tests/system/zero/tests.sh
|
|
|
2c0af7 |
@@ -44,5 +44,18 @@ done
|
|
|
2c0af7 |
if [ $ret != 0 ]; then echo "I:failed"; fi
|
|
|
2c0af7 |
status=`expr $status + $ret`
|
|
|
2c0af7 |
|
|
|
2c0af7 |
+echo "I:check repeated recursive lookups of non recurring zero ttl responses get new values"
|
|
|
2c0af7 |
+count=`(
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+dig +short -p 5300 @10.53.0.3 foo.increment
|
|
|
2c0af7 |
+) | sort -u | wc -l `
|
|
|
2c0af7 |
+if [ $count -ne 7 ] ; then echo "I:failed (count=$count)"; ret=1; fi
|
|
|
2c0af7 |
+status=`expr $status + $ret`
|
|
|
2c0af7 |
+
|
|
|
2c0af7 |
echo "I:exit status: $status"
|
|
|
2c0af7 |
exit $status
|
|
|
2c0af7 |
--
|
|
|
2c0af7 |
2.14.4
|
|
|
2c0af7 |
|