4015. [bug] Nameservers that are skipped due to them being

CNAMEs were not being logged. They are now logged to category 'cname' as per BIND 8. [RT #37935] (cherry picked from commit ea3aa401bc)
2014-12-03 11:34:07 +11:00
parent a93397ba03
commit bbc8cca27d
13 changed files with 81 additions and 0 deletions
--- a/4
+++ b/4
@@ -1,3 +1,7 @@
+4015.	[bug]		Nameservers that are skipped due to them being
+			CNAMEs were not being logged. They are now logged
+			to category 'cname' as per BIND 8. [RT #37935]
+
 4014.	[bug]		When including a master file origin_changed was
 			not being properly set leading to a potentially
 			spurious 'inherited owner' warning. [RT #37919]
--- a/bin/tests/system/resolver/ns4/root.db
+++ b/bin/tests/system/resolver/ns4/root.db
@@ -24,3 +24,4 @@ $TTL 300
 				)
 .			NS	a.root-servers.nil.
 a.root-servers.nil.	A	10.53.0.4
+all-cnames		NS	cname.tld
--- a/bin/tests/system/resolver/ns4/tld1.db
+++ b/bin/tests/system/resolver/ns4/tld1.db
@@ -27,3 +27,5 @@ ns			A	10.53.0.4
 $TTL 5
 to-be-removed 		NS	ns.to-be-removed
 ns.to-be-removed	A	10.53.0.6
+cname			CNAME	ns7
+ns7			A	10.53.0.7
--- a/bin/tests/system/resolver/ns4/tld2.db
+++ b/bin/tests/system/resolver/ns4/tld2.db
@@ -24,3 +24,5 @@ $TTL 300
 				)
@			NS	ns.tld.
 ns			A	10.53.0.4
+cname			CNAME	ns7
+ns7			A	10.53.0.7
--- a/bin/tests/system/resolver/ns7/all-cnames.db
+++ b/bin/tests/system/resolver/ns7/all-cnames.db
@@ -0,0 +1,23 @@
+; Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+$TTL 300
+@ 			IN SOA	marka.isc.org. ns.server. (
+				2010   	; serial
+				600         	; refresh
+				600         	; retry
+				1200    	; expire
+				600       	; minimum
+				)
+@			NS	cname.tld.
--- a/bin/tests/system/resolver/ns7/named1.conf
+++ b/bin/tests/system/resolver/ns7/named1.conf
@@ -50,3 +50,8 @@ zone "server" {
 	file "server.db";
 	allow-update { any; };
 };
+
+zone "all-cnames" {
+	type master;
+	file "all-cnames.db";
+};
--- a/bin/tests/system/resolver/ns7/named2.conf
+++ b/bin/tests/system/resolver/ns7/named2.conf
@@ -44,3 +44,8 @@ zone "." {
 	type hint;
 	file "root.hint";
 };
+
+zone "all-cnames" {
+	type master;
+	file "all-cnames.db";
+};
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -415,5 +415,14 @@ grep ';1\.0\.0\.127\.in-addr\.arpa\..*IN.*PTR$' dig.out.3.${n} > /dev/null || re
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+n=`expr $n + 1`
+echo "I:check that CNAME nameserver is logged correctly (${n})"
+ret=0
+$DIG soa all-cnames @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
+grep "status: SERVFAIL" dig.out.ns5.test${n} > /dev/null || ret=1
+grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'all-cnames/SOA'" ns5/named.run > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
--- a/doc/arm/Bv9ARM-book.xml
+++ b/doc/arm/Bv9ARM-book.xml
@@ -4331,6 +4331,17 @@ category notify { null; };
 		    </para>
 		  </entry>
 		</row>
+		<row rowsep="0">
+		  <entry colname="1">
+		    <para><command>cname</command></para>
+		  </entry>
+		  <entry colname="2">
+		    <para>
+		      Logs nameservers that are skipped due to them being
+		      a CNAME rather than A / AAAA records.
+		    </para>
+		  </entry>
+		</row>
 	      </tbody>
 	    </tgroup>
 	  </informaltable>
--- a/doc/arm/notes.xml
+++ b/doc/arm/notes.xml
@@ -103,6 +103,15 @@
      <listitem>
 	<para>
 	  Added support for OPENPGPKEY type.
+        </para>
+      </listitem>
+      <listitem>
+	<para>
+	  When encountering an authoritative name server whose name is
+	  an alias pointing to another name, the resolver treats
+	  this as an error and skips to the next server. Previously
+	  this happened silently; now the error will be logged to
+	  the newly-created "cname" log category.
 	</para>
      </listitem>
    </itemizedlist>
--- a/lib/dns/include/dns/log.h
+++ b/lib/dns/include/dns/log.h
@@ -44,6 +44,7 @@ LIBDNS_EXTERNAL_DATA extern isc_logmodule_t dns_modules[];
 #define DNS_LOGCATEGORY_EDNS_DISABLED	(&dns_categories[11])
 #define DNS_LOGCATEGORY_RPZ		(&dns_categories[12])
 #define DNS_LOGCATEGORY_RRL		(&dns_categories[13])
+#define DNS_LOGCATEGORY_CNAME		(&dns_categories[14])

 /* Backwards compatibility. */
 #define DNS_LOGCATEGORY_GENERAL		ISC_LOGCATEGORY_GENERAL
--- a/lib/dns/log.c
+++ b/lib/dns/log.c
@@ -46,6 +46,7 @@ LIBDNS_EXTERNAL_DATA isc_logcategory_t dns_categories[] = {
 	{ "edns-disabled", 0 },
 	{ "rpz",	0 },
 	{ "rate-limit",	0 },
+	{ "cname",	0 },
 	{ NULL, 	0 }
 };

--- a/lib/dns/resolver.c
+++ b/lib/dns/resolver.c
@@ -2504,11 +2504,19 @@ findname(fetchctx_t *fctx, dns_name_t *name, in_port_t port,
 				     fctx->depth + 1, fctx->qc, &find);
 	if (result != ISC_R_SUCCESS) {
 		if (result == DNS_R_ALIAS) {
+			char namebuf[DNS_NAME_FORMATSIZE];
+
 			/*
 			 * XXXRTH  Follow the CNAME/DNAME chain?
 			 */
 			dns_adb_destroyfind(&find);
 			fctx->adberr++;
+			dns_name_format(name, namebuf, sizeof(namebuf));
+			isc_log_write(dns_lctx, DNS_LOGCATEGORY_CNAME,
+				      DNS_LOGMODULE_RESOLVER, ISC_LOG_INFO,
+				      "skipping nameserver '%s' because it "
+				      "is a CNAME, while resolving '%s'",
+				      namebuf, fctx->info);
 		}
 	} else if (!ISC_LIST_EMPTY(find->list)) {
 		/*