diff --git a/CHANGES b/CHANGES index 9d1faf51db..e109229657 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +2900. [bug] The placeholder negative caching element was not + properly constructed triggering a INSIST in + dns_ncache_towire(). [RT #21346] + 2890. [bug] Handle the introduction of new trusted-keys and DS, DLV RRsets better. [RT #21097] diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl index 2041fa7f4c..e83de2630b 100644 --- a/bin/tests/system/resolver/ans2/ans.pl +++ b/bin/tests/system/resolver/ans2/ans.pl @@ -15,7 +15,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: ans.pl,v 1.7.18.2 2007/12/02 23:46:31 tbox Exp $ +# $Id: ans.pl,v 1.7.18.3 2010/06/03 00:21:52 marka Exp $ # # Ad hoc name server @@ -61,6 +61,11 @@ for (;;) { # Data for the "cname + other data / 2" test: same RRs in opposite order $packet->push("answer", new Net::DNS::RR("cname2.example.com 300 A 1.2.3.4")); $packet->push("answer", new Net::DNS::RR("cname2.example.com 300 CNAME cname2.example.com")); + } elsif ($qname =~ /^nodata\.example\.net$/i) { + $packet->header->aa(1); + } elsif ($qname =~ /^nxdomain\.example\.net$/i) { + $packet->header->aa(1); + $packet->header->rcode(NXDOMAIN) } else { # Data for the "bogus referrals" test $packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com")); diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 87ca59c47e..fcbcb75b92 100644 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -15,13 +15,27 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.7 2004/03/05 05:02:27 marka Exp $ +# $Id: tests.sh,v 1.7.18.1 2010/06/03 00:21:52 marka Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh status=0 +echo "I:checking non-cachable NXDOMAIN response handling" +ret=0 +$DIG +tcp nxdomain.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 +grep "status: NXDOMAIN" dig.out > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +echo "I:checking non-cachable NODATA response handling" +ret=0 +$DIG +tcp nodata.example.net @10.53.0.1 a -p 5300 > dig.out || ret=1 +grep "status: NOERROR" dig.out > /dev/null || ret=1 + +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` echo "I:checking handling of bogus referrals" # If the server has the "INSIST(!external)" bug, this query will kill it. $DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 @@ -35,5 +49,6 @@ $DIG +tcp cname2.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 echo "I:check that server is still running" $DIG +tcp www.example.com. a @10.53.0.1 -p 5300 >/dev/null || status=1 + echo "I:exit status: $status" exit $status diff --git a/lib/dns/ncache.c b/lib/dns/ncache.c index 5791c5f542..8c3ca9c346 100644 --- a/lib/dns/ncache.c +++ b/lib/dns/ncache.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: ncache.c,v 1.36.18.6 2010/06/03 00:07:58 marka Exp $ */ +/* $Id: ncache.c,v 1.36.18.7 2010/06/03 00:21:52 marka Exp $ */ /*! \file */ @@ -237,10 +237,9 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, * Copy the type and a zero rdata count to the buffer. */ isc_buffer_availableregion(&buffer, &r); - if (r.length < 4) + if (r.length < 5) return (ISC_R_NOSPACE); - isc_buffer_putuint16(&buffer, 0); - isc_buffer_putuint16(&buffer, 0); + isc_buffer_putuint16(&buffer, 0); /* type */ /* * RFC2308, section 5, says that negative answers without * SOAs should not be cached. @@ -258,6 +257,9 @@ dns_ncache_add(dns_message_t *message, dns_db_t *cache, dns_dbnode_t *node, trust = dns_trust_authauthority; } else trust = dns_trust_additional; + isc_buffer_putuint8(&buffer, trust); /* trust */ + isc_buffer_putuint16(&buffer, 0); /* count */ + /* * Now add it to the cache. */