Attachment 9734 Details for Bug 10471 – Fix the invalid NXDOMAIN return.

[patch] Fix the invalid NXDOMAIN return.

0001-bug-10471-Don-t-respond-with-NXDOMAIN-to-records-tha.patch (text/plain), 3.22 KB, created by Kai Blin on 2014-02-27 22:51:50 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Kai Blin

Created: 2014-02-27 22:51:50 UTC

Size: 3.22 KB

patch

obsolete

>From f3e72ade57aa32f6e3c49c0a6b5deb81ee8c70ed Mon Sep 17 00:00:00 2001
>From: Kai Blin <kai@samba.org>
>Date: Thu, 27 Feb 2014 23:49:24 +0100
>Subject: [PATCH] bug #10471: Don't respond with NXDOMAIN to records that exist
> with another type
>
>DNS queries for records with the wrong type need to trigger an empty
>response with RCODE_OK instead of returning NXDOMAIN.
>
>This adds a test and fixes bug #10471
>
>Signed-off-by: Kai Blin <kai@samba.org>
>---
> python/samba/tests/dns.py      | 16 ++++++++++++++++
> source4/dns_server/dns_query.c | 14 ++++++++------
> 2 files changed, 24 insertions(+), 6 deletions(-)
>
>diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
>index 0ac9cf4..bac8dea 100644
>--- a/python/samba/tests/dns.py
>+++ b/python/samba/tests/dns.py
>@@ -171,6 +171,22 @@ class TestSimpleQueries(DNSTest):
>         self.assertEquals(response.answers[0].rdata,
>                           os.getenv('SERVER_IP'))
> 
>+    def test_one_mx_query(self):
>+        "create a query packet causing an empty RCODE_OK answer"
>+        p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
>+        questions = []
>+
>+        name = "%s.%s" % (os.getenv('SERVER'), self.get_dns_domain())
>+        q = self.make_name_question(name, dns.DNS_QTYPE_MX, dns.DNS_QCLASS_IN)
>+        print "asking for ", q.name
>+        questions.append(q)
>+
>+        self.finish_name_packet(p, questions)
>+        response = self.dns_transaction_udp(p)
>+        self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK)
>+        self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY)
>+        self.assertEquals(response.ancount, 0)
>+
>     def test_two_queries(self):
>         "create a query packet containing two query records"
>         p = self.make_name_packet(dns.DNS_OPCODE_QUERY)
>diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c
>index 5414e1d..77f797b 100644
>--- a/source4/dns_server/dns_query.c
>+++ b/source4/dns_server/dns_query.c
>@@ -258,7 +258,7 @@ static WERROR handle_question(struct dns_server *dns,
> 			      struct dns_res_rec **answers, uint16_t *ancount)
> {
> 	struct dns_res_rec *ans = *answers;
>-	WERROR werror;
>+	WERROR werror, werror_return;
> 	unsigned int ri;
> 	struct dnsp_DnssrvRpcRecord *recs;
> 	uint16_t rec_count, ai = *ancount;
>@@ -275,6 +275,9 @@ static WERROR handle_question(struct dns_server *dns,
> 		return WERR_NOMEM;
> 	}
> 
>+	/* Set up for an NXDOMAIN reply if no match is found */
>+	werror_return = DNS_ERR(NAME_ERROR);
>+
> 	for (ri = 0; ri < rec_count; ri++) {
> 		if ((recs[ri].wType == DNS_TYPE_CNAME) &&
> 		    ((question->question_type == DNS_QTYPE_A) ||
>@@ -319,28 +322,27 @@ static WERROR handle_question(struct dns_server *dns,
> 			if (!W_ERROR_IS_OK(werror)) {
> 				return werror;
> 			}
>+			werror_return = WERR_OK;
> 
> 
> 			continue;
> 		}
> 		if ((question->question_type != DNS_QTYPE_ALL) &&
> 		    (recs[ri].wType != question->question_type)) {
>+			werror_return = WERR_OK;
> 			continue;
> 		}
> 		werror = create_response_rr(question, &recs[ri], &ans, &ai);
> 		if (!W_ERROR_IS_OK(werror)) {
> 			return werror;
> 		}
>-	}
>-
>-	if (ai == 0) {
>-		return DNS_ERR(NAME_ERROR);
>+		werror_return = WERR_OK;
> 	}
> 
> 	*ancount = ai;
> 	*answers = ans;
> 
>-	return WERR_OK;
>+	return werror_return;
> }
> 
> static NTSTATUS create_tkey(struct dns_server *dns,
>-- 
>1.8.1.2
>

Actions: View

Attachments on bug 10471: 9724 | 9725 | 9734 | 9771