diff --git a/CHANGES b/CHANGES index 844f508044..0be65bf389 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +2900. [bug] The placeholder negative caching element was not + properly constructed triggering a INSIST in + dns_ncache_towire(). [RT #21346] + 2899. [port] win32: Support linking against OpenSSL 1.0.0. 2898. [bug] nslookup leaked memory when -domain=value was diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl index 25932f6bc0..c4e9ee3f0f 100644 --- a/bin/tests/system/resolver/ans2/ans.pl +++ b/bin/tests/system/resolver/ans2/ans.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.13 2009/11/04 02:15:30 marka Exp $ +# $Id: ans.pl,v 1.14 2010/05/19 06:39:50 marka Exp $ # # Ad hoc name server @@ -84,6 +84,11 @@ for (;;) { # delegation to avoid automatic acceptance for subdomain aliases $packet->push("authority", new Net::DNS::RR("example.net 300 NS ns.example.net")); $packet->push("additional", new Net::DNS::RR("ns.example.net 300 A 10.53.0.3")); + } elsif ($qname =~ /^nodata\.example\.net$/i) { + $packet->header->aa(1); + } elsif ($qname =~ /^nxdomain\.example\.net$/i) { + $packet->header->aa(1); + $packet->header->rcode(NXDOMAIN); } elsif ($qname =~ /sub\.example\.org/) { # Data for CNAME/DNAME filtering. The final answers are # expected to be accepted regardless of the filter setting. diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 98c3fc63e6..ce376b97b6 100644 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -15,13 +15,27 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.11 2009/05/29 23:47:49 tbox Exp $ +# $Id: tests.sh,v 1.12 2010/05/19 06:39:50 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 +echo "I:checking non-cachable NXDOMAIN response handling" +ret=0 +$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 +grep "status: NXDOMAIN" dig.out > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking non-cachable NODATA response handling" +ret=0 +$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 +grep "status: NOERROR" dig.out > /dev/null || ret=1 + +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` echo "I:checking handling of bogus referrals" # If the server has the "INSIST(!external)" bug, this query will kill it. $DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 @@ -105,5 +119,6 @@ grep "status: NOERROR" dig.out > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` + echo "I:exit status: $status" exit $status diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index 73684ad17d..d1b97444c0 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.48 2010/05/18 06:28:29 marka Exp $ */ +/* $Id: ncache.c,v 1.49 2010/05/19 06:39:50 marka Exp $ */ /*! \file */ @@ -248,10 +248,9 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, * Copy the type and a zero rdata count to the buffer. */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 4) + if (r.length < 5) return (ISC_R_NOSPACE); - isc_buffer_putuint16(&buffer, 0); - isc_buffer_putuint16(&buffer, 0); + isc_buffer_putuint16(&buffer, 0); /* type */ /* * RFC2308, section 5, says that negative answers without * SOAs should not be cached. @@ -269,6 +268,9 @@ dns_ncache_addoptout(dns_message_t *message, dns_db_t *cache, trust = dns_trust_authauthority; } else trust = dns_trust_additional; + isc_buffer_putuint8(&buffer, trust); /* trust */ + isc_buffer_putuint16(&buffer, 0); /* count */ + /* * Now add it to the cache. */