Commit Diff
Diff:
09388d59860bb993d940adeed676a50662f76d82
c3f4f9005c124e1e6079d87a4078161ccf3b6799
Commit:
c3f4f9005c124e1e6079d87a4078161ccf3b6799
Tree:
ff13fa58723ddf82e88609f78e8147f6b28b6716
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Mon Feb 18 14:59:55 2019 UTC
Message:
instead of goto'ing all over the place and doing extra ENT checks, do the ent check once in lookup_zone() and return with ERR_NODATA if we are an ENT. While here fix the reply_nodata() (which is part of reply_noerror() now) and fix the dnssec part so that we can give a right dnssec answer on ENT.
blob - 58099551490cdcfd91c1d88bc3c4d5b057bfede4
blob + 5dd95b84a769a5e0977c3ee087c0f25f861c1606
--- db.c
+++ db.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: db.c,v 1.6 2019/02/15 15:11:34 pjp Exp $
+ * $Id: db.c,v 1.7 2019/02/18 14:59:55 pjp Exp $
*/
#include "ddd-include.h"
@@ -41,6 +41,8 @@ int add_rr(struct rbtree *rbt, char *name, int len, u_
int display_rr(struct rrset *rrset);
int rotate_rr(struct rrset *rrset);
+extern void dolog(int, char *, ...);
+
extern char * convert_name(char *, int);
int
@@ -126,6 +128,7 @@ dddbget(ddDB *db, ddDBT *key, ddDBT *data)
{
struct node find, *res;
+ memset(&find, 0, sizeof(struct node));
strlcpy(find.domainname, key->data, sizeof(find.domainname));
find.len = key->size;
@@ -230,6 +233,9 @@ find_rrset(ddDB *db, char *name, int len)
static struct rbtree *rb;
ddDBT key, data;
+ if (name == NULL || len == 0)
+ return NULL;
+
memset(&key, 0, sizeof(key));
memset(&data, 0, sizeof(data));
@@ -242,6 +248,7 @@ find_rrset(ddDB *db, char *name, int len)
if ((rb = calloc(1, sizeof(struct rbtree))) == NULL)
return NULL;
+
memcpy((char *)rb, (char *)data.data, sizeof(struct rbtree));
blob - d425a84305aa56e27d8e7572a349b5f76eecbd3d
blob + a21f3d9ad221ddefc37a886969d57c98f69988de
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.52 2019/02/18 11:16:49 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.53 2019/02/18 14:59:55 pjp Exp $
*/
#include "ddd-include.h"
@@ -1393,6 +1393,7 @@ mainloop(struct cfg *cfg, struct imsgbuf **ibuf)
ssize_t n, datalen;
+
replybuf = calloc(1, 65536);
if (replybuf == NULL) {
dolog(LOG_ERR, "calloc: %s\n", strerror(errno));
@@ -1794,83 +1795,78 @@ axfrentry:
goto udpout;
break;
case ERR_NXDOMAIN:
- /* check if our question is for an ENT */
- if (check_ent(question->hdr->name, question->hdr->namelen) == 1) {
- if (dnssec) {
- goto udpnoerror;
- } else {
- snprintf(replystring, DNS_MAXNAME, "NODATA");
- build_reply(&sreply, so, buf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
- slen = reply_nodata(&sreply, NULL);
- goto udpout;
- break;
- }
+ /*
+ * lookup_zone could not find an RR for the
+ * question at all -> nxdomain
+ */
+ snprintf(replystring, DNS_MAXNAME, "NXDOMAIN");
+
+ /*
+ * lookup an authoritative soa
+ */
+
+ if (rbt0 != NULL) {
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, rbt0, NULL, aregion, istcp, \
+ 0, NULL, replybuf);
+
+ slen = reply_nxdomain(&sreply, cfg->db);
+ }
+ goto udpout;
+ break;
+
+ case ERR_NODATA:
+ if (rbt1) {
+ free(rbt1);
+ rbt1 = NULL;
+ }
+
+ rbt1 = get_soa(cfg->db, question);
+ if (rbt1 != NULL) {
+ snprintf(replystring, DNS_MAXNAME, "NODATA");
+ build_reply(&sreply, so, buf, len, question, from, fromlen, rbt1, rbt0, aregion, istcp, 0, NULL, replybuf);
+ slen = reply_nodata(&sreply, cfg->db);
} else {
- goto udpnxdomain;
+ snprintf(replystring, DNS_MAXNAME, "DROP");
}
+ goto udpout;
+ break;
+
case ERR_NOERROR:
- /*
- * this is hackish not sure if this should be here
- */
+ /*
+ * this is hackish not sure if this should be here
+ */
-udpnoerror:
+ snprintf(replystring, DNS_MAXNAME, "NOERROR");
- snprintf(replystring, DNS_MAXNAME, "NOERROR");
+ /*
+ * lookup an authoritative soa
+ */
- /*
- * lookup an authoritative soa
- */
-
- if (rbt0) {
- free (rbt0);
- rbt0 = NULL;
- }
+ if (rbt0) {
+ free (rbt0);
+ rbt0 = NULL;
+ }
- rbt0 = get_soa(cfg->db, question);
- if (rbt0 != NULL) {
+ rbt0 = get_soa(cfg->db, question);
+ if (rbt0 != NULL) {
+ build_reply(&sreply, so, buf, len, question, from, \
+ fromlen, rbt0, NULL, aregion, istcp, 0,
+ NULL, replybuf);
- build_reply(&sreply, so, buf, len, question, from, \
- fromlen, rbt0, NULL, aregion, istcp, 0,
- NULL, replybuf);
+ slen = reply_noerror(&sreply, cfg->db);
+ }
- slen = reply_noerror(&sreply, cfg->db);
- }
- goto udpout;
+ goto udpout;
}
}
switch (type0) {
case 0:
-udpnxdomain:
- if (check_ent(question->hdr->name, question->hdr->namelen) == 1) {
- if (dnssec) {
- goto udpnoerror;
- } else {
- snprintf(replystring, DNS_MAXNAME, "NODATA");
- build_reply(&sreply, so, buf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
- slen = reply_nodata(&sreply, NULL);
- goto udpout;
- }
- }
-
- /*
- * lookup_zone could not find an RR for the
- * question at all -> nxdomain
- */
- snprintf(replystring, DNS_MAXNAME, "NXDOMAIN");
-
- /*
- * lookup an authoritative soa
- */
-
- if (rbt0 != NULL) {
- build_reply(&sreply, so, buf, len, question, from, \
- fromlen, rbt0, NULL, aregion, istcp, \
- 0, NULL, replybuf);
-
- slen = reply_nxdomain(&sreply, cfg->db);
- }
- goto udpout;
+ /* XXX type0==0 replies were before
+ * handled with nxdomain
+ */
+ break;
case DNS_TYPE_CNAME:
csd = find_rr(rbt0, DNS_TYPE_SOA);
if (csd == NULL)
@@ -2623,27 +2619,45 @@ tcploop(struct cfg *cfg, struct imsgbuf **ibuf)
slen = reply_refused(&sreply, NULL);
goto tcpout;
break;
- case ERR_NXDOMAIN:
- /* check if our question is for an ENT */
- if (check_ent(question->hdr->name, question->hdr->namelen) == 1) {
- if (dnssec) {
- goto tcpnoerror;
- } else {
- snprintf(replystring, DNS_MAXNAME, "NODATA");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
- slen = reply_nodata(&sreply, NULL);
+ case ERR_NODATA:
+ if (rbt0) {
+ free(rbt0);
+ rbt0 = NULL;
+ }
+
+ rbt0 = get_soa(cfg->db, question);
+ if (rbt0 != NULL) {
+ snprintf(replystring, DNS_MAXNAME, "NODATA");
+ build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
+ slen = reply_nodata(&sreply, cfg->db);
+ } else {
+ snprintf(replystring, DNS_MAXNAME, "DROP");
+ }
+
goto tcpout;
break;
- }
- } else {
- goto tcpnxdomain;
- }
+
+ case ERR_NXDOMAIN:
+ snprintf(replystring, DNS_MAXNAME, "NXDOMAIN");
+
+ /*
+ * lookup an authoritative soa
+ */
+ if (rbt0 != NULL) {
+
+ build_reply( &sreply, so, pbuf, len, question,
+ from, fromlen, rbt0, NULL,
+ aregion, istcp, 0, NULL,
+ replybuf);
+
+ slen = reply_nxdomain(&sreply, cfg->db);
+ }
+ goto tcpout;
case ERR_NOERROR:
/*
* this is hackish not sure if this should be here
*/
-tcpnoerror:
snprintf(replystring, DNS_MAXNAME, "NOERROR");
/*
@@ -2672,39 +2686,10 @@ tcpnoerror:
switch (type0) {
case 0:
- /* check for ents */
- if (check_ent(question->hdr->name, question->hdr->namelen) == 1) {
- if (dnssec) {
- goto tcpnoerror;
- } else {
- snprintf(replystring, DNS_MAXNAME, "NODATA");
- build_reply(&sreply, so, pbuf, len, question, from, fromlen, rbt0, NULL, aregion, istcp, 0, NULL, replybuf);
- slen = reply_nodata(&sreply, NULL);
- goto tcpout;
- }
- }
-
-
- /*
- * lookup_zone could not find an RR for the
- * question at all -> nxdomain
+ /* XXX type0==0 replies were before
+ * handled with nxdomain
*/
-tcpnxdomain:
- snprintf(replystring, DNS_MAXNAME, "NXDOMAIN");
-
- /*
- * lookup an authoritative soa
- */
- if (rbt0 != NULL) {
-
- build_reply( &sreply, so, pbuf, len, question,
- from, fromlen, rbt0, NULL,
- aregion, istcp, 0, NULL,
- replybuf);
-
- slen = reply_nxdomain(&sreply, cfg->db);
- }
- goto tcpout;
+ break;
case DNS_TYPE_CNAME:
csd = find_rr(rbt0, DNS_TYPE_SOA);
if (csd == NULL)
blob - ca516ef35a3a4672f183cd218673bf5b52ff10e6
blob + 3f2132a5939808015d4626cc07d639bd656644f7
--- dnssec.c
+++ dnssec.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: dnssec.c,v 1.21 2019/02/15 15:11:34 pjp Exp $
+ * $Id: dnssec.c,v 1.22 2019/02/18 14:59:55 pjp Exp $
*/
#include "ddd-include.h"
@@ -222,6 +222,7 @@ find_next_closer_nsec3(char *zonename, int zonelen, ch
return (NULL);
}
+#if 0
char *
find_match_nsec3_ent(char *zonename, int zonelen, char *hashname)
{
@@ -263,6 +264,7 @@ find_match_nsec3_ent(char *zonename, int zonelen, char
return (n3->domainname);
}
+#endif
char *
find_match_nsec3(char *zonename, int zonelen, char *hashname)
@@ -431,8 +433,7 @@ find_nsec(char *name, int namelen, struct rbtree *rbt,
dn = ((struct domainnames *)table) + j;
#if DEBUG
- if (debug)
- printf("%s\n", dn->name);
+ printf("%s\n", dn->name);
#endif
if (strcmp(dn->next, ".") == 0)
@@ -1081,10 +1082,11 @@ find_nsec3_match_qname(char *name, int namelen, struct
char *backname;
char *dname;
int backnamelen;
- struct rbtree *rbt0;
+ struct rbtree *rbt0 = NULL;
struct rrset *rrset = NULL;
struct rr *rrp = NULL;
+
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) == NULL) {
return NULL;
}
@@ -1102,13 +1104,17 @@ find_nsec3_match_qname(char *name, int namelen, struct
dolog(LOG_INFO, "hashname = %s\n", hashname);
#endif
+#if 0
if (check_ent(name, namelen))
dname = find_match_nsec3_ent(rbt->zone, rbt->zonelen, hashname);
else
- dname = find_match_nsec3(rbt->zone, rbt->zonelen, hashname);
+#endif
+
+ dname = find_match_nsec3(rbt->zone, rbt->zonelen, hashname);
- if (dname == NULL)
+ if (dname == NULL) {
return NULL;
+ }
/* found it, get it via db after converting it */
@@ -1117,11 +1123,13 @@ find_nsec3_match_qname(char *name, int namelen, struct
#endif
backname = dns_label(dname, &backnamelen);
-
+ if (backname == NULL) {
+ return NULL;
+ }
+
rbt0 = find_rrset(db, backname, backnamelen);
if (rbt0 == NULL) {
free (backname);
- free (rbt0);
return (NULL);
}
blob - f9236051ebbc54dee4f4223ea28f2f0bab17a2bd
blob + 11471fa097c6c99e4f83f8ff15b23f85604edc1b
--- reply.c
+++ reply.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: reply.c,v 1.67 2019/02/15 19:46:58 pjp Exp $
+ * $Id: reply.c,v 1.68 2019/02/18 14:59:55 pjp Exp $
*/
#include "ddd-include.h"
@@ -4419,7 +4419,6 @@ reply_noerror(struct sreply *sreply, ddDB *db)
int rruniq = 0;
-
if (istcp) {
replysize = 65535;
}
@@ -6007,73 +6006,5 @@ reply_badvers(struct sreply *sreply, ddDB *db)
int
reply_nodata(struct sreply *sreply, ddDB *db)
{
- char *reply = sreply->replybuf;
- struct dns_header *odh;
- u_int16_t outlen;
-
- int so = sreply->so;
- char *buf = sreply->buf;
- int len = sreply->len;
- struct question *q = sreply->q;
- struct sockaddr *sa = sreply->sa;
- int salen = sreply->salen;
- int istcp = sreply->istcp;
- int replysize = 512;
- int retlen = -1;
-
- if (istcp) {
- replysize = 65535;
- }
-
- if (!istcp && q->edns0len > 512)
- replysize = q->edns0len;
-
- odh = (struct dns_header *)&reply[0];
- outlen = sizeof(struct dns_header);
-
- if (len > replysize) {
- return (retlen);
-
- }
-
- memcpy(reply, buf, sizeof(struct dns_header) + q->hdr->namelen + 4);
- memset((char *)&odh->query, 0, sizeof(u_int16_t));
-
- outlen += (q->hdr->namelen + 4);
-
- SET_DNS_REPLY(odh);
- SET_DNS_AUTHORITATIVE(odh);
- SET_DNS_RCODE_NOERR(odh);
-
- HTONS(odh->query);
-
- odh->question = htons(1);
- odh->answer = 0;
- odh->nsrr = 0;
- odh->additional = 0;
-
- if (istcp) {
- char *tmpbuf;
- u_int16_t *plen;
-
- tmpbuf = malloc(outlen + 2);
- if (tmpbuf == NULL) {
- dolog(LOG_INFO, "malloc: %s\n", strerror(errno));
- }
- plen = (u_int16_t *)tmpbuf;
- *plen = htons(outlen);
-
- memcpy(&tmpbuf[2], reply, outlen);
-
- if ((retlen = send(so, tmpbuf, outlen + 2, 0)) < 0) {
- dolog(LOG_INFO, "send: %s\n", strerror(errno));
- }
- free(tmpbuf);
- } else {
- if ((retlen = sendto(so, reply, outlen, 0, sa, salen)) < 0) {
- dolog(LOG_INFO, "sendto: %s\n", strerror(errno));
- }
- }
-
- return (retlen);
+ return (reply_noerror(sreply, db));
}
blob - 6f68fbf9e38c0863aada8ab69dc69a3296536798
blob + c9504b29ced991b8d2513286b1aeae55ff22fc01
--- util.c
+++ util.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: util.c,v 1.19 2019/02/15 20:30:11 pjp Exp $
+ * $Id: util.c,v 1.20 2019/02/18 14:59:55 pjp Exp $
*/
#include "ddd-include.h"
@@ -64,6 +64,7 @@ extern struct rbtree * find_rrset(ddDB *db, char *name
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
extern int add_rr(struct rbtree *rbt, char *name, int len, u_int16_t rrtype, void *rdata);
extern int display_rr(struct rrset *rrset);
+extern int check_ent(char *, int);
/* internals */
@@ -245,6 +246,11 @@ lookup_zone(ddDB *db, struct question *question, int *
*returnval = 0;
if ((rbt = find_rrset(db, p, plen)) == NULL) {
+ if (check_ent(p, plen) == 1) {
+ *lzerrno = ERR_NODATA;
+ *returnval = -1;
+ return NULL;
+ }
nsec3:
/*
* We have a condition where a record does not exist but we
repomaster@centroid.eu