diff options
author | Kai Blin <kai@samba.org> | 2014-02-27 23:49:24 +0100 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2014-04-01 09:26:39 +0200 |
commit | 5e62b6ef1055eefe2fc12f6f584f836011f45abd (patch) | |
tree | 52be718848a1a059fbca755b91b839d7e3a15b9f | |
parent | 8745204fa91c4d31bf6506c4b58aa25637f0d642 (diff) | |
download | samba-5e62b6ef1055eefe2fc12f6f584f836011f45abd.tar.gz |
bug #10471: Don't respond with NXDOMAIN to records that exist with another type
DNS queries for records with the wrong type need to trigger an empty
response with RCODE_OK instead of returning NXDOMAIN.
This adds a test and fixes bug #10471
Signed-off-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d9829df13317b38677d92a499134727ab31fbb0e)
-rw-r--r-- | python/samba/tests/dns.py | 16 | ||||
-rw-r--r-- | source4/dns_server/dns_query.c | 14 |
2 files changed, 24 insertions, 6 deletions
diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py index 0ac9cf4b8b4..bac8deabddc 100644 --- a/python/samba/tests/dns.py +++ b/python/samba/tests/dns.py @@ -171,6 +171,22 @@ class TestSimpleQueries(DNSTest): self.assertEquals(response.answers[0].rdata, os.getenv('SERVER_IP')) + def test_one_mx_query(self): + "create a query packet causing an empty RCODE_OK answer" + p = self.make_name_packet(dns.DNS_OPCODE_QUERY) + questions = [] + + name = "%s.%s" % (os.getenv('SERVER'), self.get_dns_domain()) + q = self.make_name_question(name, dns.DNS_QTYPE_MX, dns.DNS_QCLASS_IN) + print "asking for ", q.name + questions.append(q) + + self.finish_name_packet(p, questions) + response = self.dns_transaction_udp(p) + self.assert_dns_rcode_equals(response, dns.DNS_RCODE_OK) + self.assert_dns_opcode_equals(response, dns.DNS_OPCODE_QUERY) + self.assertEquals(response.ancount, 0) + def test_two_queries(self): "create a query packet containing two query records" p = self.make_name_packet(dns.DNS_OPCODE_QUERY) diff --git a/source4/dns_server/dns_query.c b/source4/dns_server/dns_query.c index 5414e1d9ee4..77f797bf5b2 100644 --- a/source4/dns_server/dns_query.c +++ b/source4/dns_server/dns_query.c @@ -258,7 +258,7 @@ static WERROR handle_question(struct dns_server *dns, struct dns_res_rec **answers, uint16_t *ancount) { struct dns_res_rec *ans = *answers; - WERROR werror; + WERROR werror, werror_return; unsigned int ri; struct dnsp_DnssrvRpcRecord *recs; uint16_t rec_count, ai = *ancount; @@ -275,6 +275,9 @@ static WERROR handle_question(struct dns_server *dns, return WERR_NOMEM; } + /* Set up for an NXDOMAIN reply if no match is found */ + werror_return = DNS_ERR(NAME_ERROR); + for (ri = 0; ri < rec_count; ri++) { if ((recs[ri].wType == DNS_TYPE_CNAME) && ((question->question_type == DNS_QTYPE_A) || @@ -319,28 +322,27 @@ static WERROR handle_question(struct dns_server *dns, if (!W_ERROR_IS_OK(werror)) { return werror; } + werror_return = WERR_OK; continue; } if ((question->question_type != DNS_QTYPE_ALL) && (recs[ri].wType != question->question_type)) { + werror_return = WERR_OK; continue; } werror = create_response_rr(question, &recs[ri], &ans, &ai); if (!W_ERROR_IS_OK(werror)) { return werror; } - } - - if (ai == 0) { - return DNS_ERR(NAME_ERROR); + werror_return = WERR_OK; } *ancount = ai; *answers = ans; - return WERR_OK; + return werror_return; } static NTSTATUS create_tkey(struct dns_server *dns, |