Merge branch '3439-stop-resolving-invalid-names-in-resume_dslookup' into 'main'
Stop resolving invalid names in resume_dslookup() Closes #3439 See merge request isc-projects/bind9!6563
This commit is contained in:
Michał Kępień
7
CHANGES
7
CHANGES
@@ -1,3 +1,10 @@
|
||||
5925. [bug] With a forwarder configured for all queries, resolution
|
||||
failures encountered during DS chasing could trigger
|
||||
assertion failures due to a logic bug in
|
||||
resume_dslookup() that caused it to call
|
||||
dns_resolver_createfetch() with an invalid name.
|
||||
[GL #3439]
|
||||
|
||||
5924. [func] When it's necessary to use AXFR to respond to an
|
||||
IXFR request, a message explaining the reason
|
||||
is now logged at level info. [GL #2683]
|
||||
|
||||
@@ -40,6 +40,12 @@ Feature Changes
|
||||
Bug Fixes
|
||||
~~~~~~~~~
|
||||
|
||||
- When running as a validating resolver forwarding all queries to
|
||||
another resolver, :iscman:`named` could crash with an assertion
|
||||
failure. These crashes occurred when the configured forwarder sent a
|
||||
broken DS response and :iscman:`named` failed its attempts to find a
|
||||
proper one instead. This has been fixed. :gl:`#3439`
|
||||
|
||||
- A DNS compression would be applied on the root zone name if it is repeatedly
|
||||
used in the same RRSet. :gl:`#3423`
|
||||
|
||||
|
||||
@@ -7343,22 +7343,34 @@ resume_dslookup(isc_task_t *task, isc_event_t *event) {
|
||||
}
|
||||
|
||||
/*
|
||||
* Get domain and nameservers from fctx->nsfetch
|
||||
* before we destroy it.
|
||||
* Get domain from fctx->nsfetch before we destroy it.
|
||||
*/
|
||||
domain = dns_fixedname_initname(&fixed);
|
||||
dns_name_copy(fctx->nsfetch->private->domain, domain);
|
||||
|
||||
/*
|
||||
* If the chain of resume_dslookup() invocations managed to
|
||||
* chop off enough labels from the original DS owner name to
|
||||
* reach the top of the namespace, no further progress can be
|
||||
* made. Interrupt the DS chasing process, returning SERVFAIL.
|
||||
*/
|
||||
if (dns_name_equal(fctx->nsname, domain)) {
|
||||
dns_resolver_destroyfetch(&fctx->nsfetch);
|
||||
fctx_done_detach(&fctx, DNS_R_SERVFAIL);
|
||||
return;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get nameservers from fctx->nsfetch before we destroy it.
|
||||
*/
|
||||
dns_rdataset_init(&nameservers);
|
||||
if (dns_rdataset_isassociated(
|
||||
&fctx->nsfetch->private->nameservers)) {
|
||||
domain = dns_fixedname_initname(&fixed);
|
||||
dns_name_copy(fctx->nsfetch->private->domain, domain);
|
||||
if (dns_name_equal(fctx->nsname, domain)) {
|
||||
dns_resolver_destroyfetch(&fctx->nsfetch);
|
||||
fctx_done_detach(&fctx, DNS_R_SERVFAIL);
|
||||
return;
|
||||
}
|
||||
dns_rdataset_clone(&fctx->nsfetch->private->nameservers,
|
||||
&nameservers);
|
||||
nsrdataset = &nameservers;
|
||||
} else {
|
||||
domain = NULL;
|
||||
}
|
||||
|
||||
dns_resolver_destroyfetch(&fctx->nsfetch);
|
||||
|
||||
Reference in New Issue
Block a user