-
Notifications
You must be signed in to change notification settings - Fork 921
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not follow CNAME records for ANY or CNAME queries #15008
base: master
Are you sure you want to change the base?
Do not follow CNAME records for ANY or CNAME queries #15008
Conversation
Pull Request Test Coverage Report for Build 12887559896Details
💛 - Coveralls |
e47038f
to
6f7e056
Compare
reading back what I wrote there, it turns out I did not include enough information for anybody (including myself) to see what that was about. In any case the RRSIG behaviour I see today (without your PR) looks just fine. |
This patch looks right. I wonder if any the wildcard, LUA and DNAME paths contain a similar bug, though. But this is an improvement in any case. Can you add a test? |
I am struggling with getting the existing tests to pass at the moment - a couple of the existing tests need oracle changes, but then further steps in the CI fail because they reuse the same tests and apparently don't need any change... |
6f7e056
to
32f3173
Compare
@@ -1,5 +1,7 @@ | |||
0 nxd.example.com. 120 IN CNAME nxdomain.example.com. | |||
0 nxd.example.com. 120 IN RRSIG CNAME 13 3 120 [expiry] [inception] [keytag] example.com. ... | |||
0 nxd.example.com. 86400 IN NSEC outpost.example.com. CNAME RRSIG NSEC |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this extra output is unexpected. If anything I would expect some responses to become smaller!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i wonder if we should be setting weDone
when we match-but-don't-follow a CNAME?
The existing logic was only preventing this for CNAME queries. Fixes PowerDNS#5769
32f3173
to
46928eb
Compare
Short description
This is an attempt at fixing #5769 (not addressing the RRSIG concern at the moment, though).
Disclaimer: I have no idea what I am doing.
Checklist
I have: