From 845854c6761571b1d8fb48dbac5f721b1114c2bb Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 14 Jan 2025 14:53:38 +0100 Subject: [PATCH 01/35] Adding build folder and IDEA project settings to gitignore --- .gitignore | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitignore b/.gitignore index fc69f1c86..addcd04fc 100644 --- a/.gitignore +++ b/.gitignore @@ -43,8 +43,12 @@ /tpkg/long/result.* /tpkg/long/.done-* /tpkg/long/*.log +build/ # Eclipse IDE Project Settings .cproject .project .settings/ + +# IDEA Project settings +.idea/ From 4e24d555bf3611666e929c1ce025e105945b556a Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 14 Jan 2025 14:54:00 +0100 Subject: [PATCH 02/35] Adding deleg feature flag --- configure.ac | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index ab6120737..7e1a3a6f6 100644 --- a/configure.ac +++ b/configure.ac @@ -966,6 +966,15 @@ case "$enable_zone_stats" in ;; esac +AC_ARG_ENABLE(deleg, AS_HELP_STRING([--enable-deleg],[Enables the use of the draft DELEG RR type])) +case "$enable_deleg" in + yes) + AC_DEFINE_UNQUOTED([USE_DELEG], [], [Define this to enable DELEG draft RR type]) + ;; + no|''|*) + ;; +esac + AC_ARG_ENABLE(checking, AS_HELP_STRING([--enable-checking],[Enable internal runtime checks])) case "$enable_checking" in yes) @@ -1083,7 +1092,7 @@ AC_INCLUDES_DEFAULT #include #endif ]) - AC_CHECK_DECL([TLS1_3_VERSION], + AC_CHECK_DECL([TLS1_3_VERSION], [AC_DEFINE([HAVE_TLS_1_3], [1], [Define if TLS 1.3 is supported by OpenSSL])], [AC_MSG_WARN([No TLS 1.3, therefore XFR-over-TLS is disabled])], [[#include ]]) From 8d1a489e7b7852e0cf18a04e5205bca3beaf7a99 Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 14 Jan 2025 14:54:16 +0100 Subject: [PATCH 03/35] Adding deleg RR type to dns --- dns.c | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--- dns.h | 3 +++ 2 files changed, 57 insertions(+), 3 deletions(-) diff --git a/dns.c b/dns.c index b60880d1c..0ddd6173c 100644 --- a/dns.c +++ b/dns.c @@ -412,7 +412,7 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM }, - { RDATA_ZF_SHORT , RDATA_ZF_DNAME + { RDATA_ZF_SHORT , RDATA_ZF_DNAME , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM @@ -484,8 +484,59 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM } }, - /* 66 */ - { 66, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, +#ifdef USE_DELEG + /* 66 DELEG*/ + { TYPE_DELEG, "DELEG", 2, MAXRDATALEN, + { RDATA_WF_SHORT /* SvcFieldPriority */ + , RDATA_WF_UNCOMPRESSED_DNAME /* SvcDomainName */ + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM /* SvcFieldValue */ + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + }, + { RDATA_ZF_SHORT , RDATA_ZF_DNAME + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + } }, +#else + { 60, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, +#endif /* 67 */ { 67, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, /* 68 */ diff --git a/dns.h b/dns.h index dcd25bbcc..76ac69eb4 100644 --- a/dns.h +++ b/dns.h @@ -145,6 +145,9 @@ typedef enum nsd_rc nsd_rc_type; #define TYPE_ZONEMD 63 /* RFC 8976 */ #define TYPE_SVCB 64 /* RFC 9460 */ #define TYPE_HTTPS 65 /* RFC 9460 */ +#ifdef USE_DELEG +#define TYPE_DELEG 66 /* IETF DELEG draft*/ +#endif #define TYPE_SPF 99 /* RFC 4408 */ From 58ca946a495d5c211624bdf910c898c32001af05 Mon Sep 17 00:00:00 2001 From: WP Date: Wed, 15 Jan 2025 10:11:44 +0100 Subject: [PATCH 04/35] dns.c: Fixing typo in the number for unused 66 when not using deleg --- dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns.c b/dns.c index 0ddd6173c..df69d57f9 100644 --- a/dns.c +++ b/dns.c @@ -535,7 +535,7 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM } }, #else - { 60, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, + { 66, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, #endif /* 67 */ { 67, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, From 981d9f20b1cb2a396f72aa5f074e5b8972ab1705 Mon Sep 17 00:00:00 2001 From: Wouter Date: Wed, 15 Jan 2025 14:59:34 +0100 Subject: [PATCH 05/35] changing DELEG number to private use 66 -> 65280 --- dns.c | 105 +++++++++++++++++++++++++++++----------------------------- dns.h | 12 +++++-- 2 files changed, 61 insertions(+), 56 deletions(-) diff --git a/dns.c b/dns.c index df69d57f9..40f74c60e 100644 --- a/dns.c +++ b/dns.c @@ -484,59 +484,8 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM } }, -#ifdef USE_DELEG - /* 66 DELEG*/ - { TYPE_DELEG, "DELEG", 2, MAXRDATALEN, - { RDATA_WF_SHORT /* SvcFieldPriority */ - , RDATA_WF_UNCOMPRESSED_DNAME /* SvcDomainName */ - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM /* SvcFieldValue */ - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM - }, - { RDATA_ZF_SHORT , RDATA_ZF_DNAME - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM - } }, -#else + /* 66 */ { 66, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, -#endif /* 67 */ { 67, NULL, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } }, /* 68 */ @@ -948,7 +897,6 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] { TYPE_WALLET, "WALLET", 1, 1, { RDATA_WF_TEXTS }, { RDATA_ZF_TEXTS } }, /* 263 - CLA */ { TYPE_CLA, "CLA", 1, 1, { RDATA_WF_TEXTS }, { RDATA_ZF_TEXTS } }, - /* 32768 - TA */ { TYPE_TA, "TA", 4, 4, { RDATA_WF_SHORT, RDATA_WF_BYTE, RDATA_WF_BYTE, RDATA_WF_BINARY }, @@ -957,6 +905,57 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] { TYPE_DLV, "DLV", 4, 4, { RDATA_WF_SHORT, RDATA_WF_BYTE, RDATA_WF_BYTE, RDATA_WF_BINARY }, { RDATA_ZF_SHORT, RDATA_ZF_ALGORITHM, RDATA_ZF_BYTE, RDATA_ZF_HEX } }, + #ifdef USE_DELEG + /* 65280 DELEG*/ + { TYPE_DELEG, "DELEG", 2, MAXRDATALEN, + { RDATA_WF_SHORT /* SvcFieldPriority */ + , RDATA_WF_UNCOMPRESSED_DNAME /* SvcDomainName */ + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM /* SvcFieldValue */ + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM + }, + { RDATA_ZF_SHORT , RDATA_ZF_DNAME + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + , RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM, RDATA_ZF_SVCPARAM + } }, +#endif }; rrtype_descriptor_type * diff --git a/dns.h b/dns.h index 76ac69eb4..ed4326de5 100644 --- a/dns.h +++ b/dns.h @@ -145,9 +145,6 @@ typedef enum nsd_rc nsd_rc_type; #define TYPE_ZONEMD 63 /* RFC 8976 */ #define TYPE_SVCB 64 /* RFC 9460 */ #define TYPE_HTTPS 65 /* RFC 9460 */ -#ifdef USE_DELEG -#define TYPE_DELEG 66 /* IETF DELEG draft*/ -#endif #define TYPE_SPF 99 /* RFC 4408 */ @@ -174,6 +171,11 @@ typedef enum nsd_rc nsd_rc_type; #define TYPE_TA 32768 /* http://www.watson.org/~weiler/INI1999-19.pdf */ #define TYPE_DLV 32769 /* RFC 4431 */ + +#ifdef USE_DELEG +#define TYPE_DELEG 65280 /* IETF DELEG draft*/ +#endif + #define PSEUDO_TYPE_TA RRTYPE_DESCRIPTORS_LENGTH #define PSEUDO_TYPE_DLV (RRTYPE_DESCRIPTORS_LENGTH + 1) @@ -294,7 +296,11 @@ typedef struct rrtype_descriptor rrtype_descriptor_type; * * CLA + 1 */ +#ifndef USE_DELEG #define RRTYPE_DESCRIPTORS_LENGTH (TYPE_CLA + 1) +#else +#define RRTYPE_DESCRIPTORS_LENGTH (TYPE_CLA + 2) +#endif rrtype_descriptor_type *rrtype_descriptor_by_name(const char *name); rrtype_descriptor_type *rrtype_descriptor_by_type(uint16_t type); From e8a3c7a7137f89eb54d5de3c5bdb600dff8995c0 Mon Sep 17 00:00:00 2001 From: Wouter Date: Wed, 15 Jan 2025 15:02:51 +0100 Subject: [PATCH 06/35] Changing to own simdzone fork --- .gitmodules | 2 +- simdzone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitmodules b/.gitmodules index 23bd18f65..fcb3145ce 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "simdzone"] path = simdzone - url = https://github.com/NLnetLabs/simdzone.git + url = git@github.com:WP-Official/simdzone.git diff --git a/simdzone b/simdzone index 02a8eb203..61a5a541f 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 02a8eb203bec1d4fe834a762011d0bad0fdac237 +Subproject commit 61a5a541f8b85d09f1e699a11e51ee78a47c627b From d23609181a10b4b4673a3b9b75a0e43a78bbd5cb Mon Sep 17 00:00:00 2001 From: Wouter Date: Wed, 15 Jan 2025 15:45:02 +0100 Subject: [PATCH 07/35] Updating simdzone --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index 61a5a541f..9cf6bafd7 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 61a5a541f8b85d09f1e699a11e51ee78a47c627b +Subproject commit 9cf6bafd7906a33921935a36fd00bbb4cf5d0e1e From 292a3f601f2eed8d404bcbe21f11dc3fbd732f09 Mon Sep 17 00:00:00 2001 From: Wouter Date: Thu, 16 Jan 2025 14:30:33 +0100 Subject: [PATCH 08/35] Updating simdszone to parse the DELEG RR type --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index 9cf6bafd7..931dbef20 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 9cf6bafd7906a33921935a36fd00bbb4cf5d0e1e +Subproject commit 931dbef20d6b45991dcd5e1132bc7850888dd521 From 989d4e11ea8ae015a10a90cc1e00e93440262668 Mon Sep 17 00:00:00 2001 From: Wouter Date: Thu, 16 Jan 2025 15:46:13 +0100 Subject: [PATCH 09/35] Changing gitmodules clone url from ssh to https --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index fcb3145ce..ce860d1b0 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "simdzone"] path = simdzone - url = git@github.com:WP-Official/simdzone.git + url = https://github.com/WP-Official/simdzone.git From e832ec980e67fb526fd8e0882bd52b3231b7d11d Mon Sep 17 00:00:00 2001 From: WP Date: Fri, 17 Jan 2025 14:03:02 +0100 Subject: [PATCH 10/35] Updating simdzone to convert DELEG -> IDELEG --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index 931dbef20..05165f43a 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 931dbef20d6b45991dcd5e1132bc7850888dd521 +Subproject commit 05165f43ad692e529263f51f0c7b945ea5df179c From 7af4b6fc4d7d08a27cea771baa80c44874ecd38d Mon Sep 17 00:00:00 2001 From: WP Date: Fri, 17 Jan 2025 14:04:01 +0100 Subject: [PATCH 11/35] Convert DELEG -> IDELEG --- dns.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dns.c b/dns.c index 40f74c60e..3c1dc722b 100644 --- a/dns.c +++ b/dns.c @@ -907,7 +907,7 @@ static rrtype_descriptor_type rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+2)] { RDATA_ZF_SHORT, RDATA_ZF_ALGORITHM, RDATA_ZF_BYTE, RDATA_ZF_HEX } }, #ifdef USE_DELEG /* 65280 DELEG*/ - { TYPE_DELEG, "DELEG", 2, MAXRDATALEN, + { TYPE_DELEG, "IDELEG", 2, MAXRDATALEN, { RDATA_WF_SHORT /* SvcFieldPriority */ , RDATA_WF_UNCOMPRESSED_DNAME /* SvcDomainName */ , RDATA_WF_SVCPARAM, RDATA_WF_SVCPARAM /* SvcFieldValue */ From 45639e178d1faac374f029fc4776866f4c29c5b5 Mon Sep 17 00:00:00 2001 From: WP Date: Fri, 17 Jan 2025 14:06:01 +0100 Subject: [PATCH 12/35] Removing obsolete `--enable-deleg` flag in simdzone --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index 05165f43a..2a3e60d01 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 05165f43ad692e529263f51f0c7b945ea5df179c +Subproject commit 2a3e60d0190b3664ba9d01fca9a80a0ab6d5c876 From 7b6d5ccf24cf467f3313aa19229a71f5d8fde94c Mon Sep 17 00:00:00 2001 From: WP Date: Fri, 17 Jan 2025 14:08:11 +0100 Subject: [PATCH 13/35] Updating simdzone to include correct fallback matrix --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index 2a3e60d01..adbc3ef30 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 2a3e60d0190b3664ba9d01fca9a80a0ab6d5c876 +Subproject commit adbc3ef304e893572bac2e4f5c010f92c0e52b74 From 5eb676ac926cd82b882d64d509e9ba1d8075cbef Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 21 Jan 2025 17:53:59 +0100 Subject: [PATCH 14/35] Moving dname function to add label to dname.c --- dname.c | 38 ++++++++++++++++++++++++++++++ dname.h | 3 +++ xfrd-catalog-zones.c | 56 ++++++-------------------------------------- 3 files changed, 48 insertions(+), 49 deletions(-) diff --git a/dname.c b/dname.c index a253dcbb8..b929ccb95 100644 --- a/dname.c +++ b/dname.c @@ -618,3 +618,41 @@ is_dname_subdomain_of_case(const uint8_t* d, unsigned int len, /* The trailing portion is not at a label point. */ return 0; } + +dname_type* +label_plus_dname(const char* label, const dname_type* dname) +{ + static struct { + dname_type dname; + uint8_t bytes[MAXDOMAINLEN + 128 /* max number of labels */]; + } ATTR_PACKED name; + size_t i, ll; + + if (!label || !dname || dname->label_count > 127) + return NULL; + ll = strlen(label); + if ((int)dname->name_size + ll + 1 > MAXDOMAINLEN) + return NULL; + + /* In reversed order and first copy with memmove, so we can nest. + * i.e. label_plus_dname(label1, label_plus_dname(label2, dname)) + */ + memmove(name.bytes + dname->label_count + + 1 /* label_count increases by one */ + + 1 /* label type/length byte for label */ + ll, + ((void*)dname) + sizeof(dname_type) + dname->label_count, + dname->name_size); + memcpy(name.bytes + dname->label_count + + 1 /* label_count increases by one */ + + 1 /* label type/length byte for label */, label, ll); + name.bytes[dname->label_count + 1] = ll; /* label type/length byte */ + name.bytes[dname->label_count] = 0; /* first label follows last + * label_offsets element */ + for (i = 0; i < dname->label_count; i++) + name.bytes[i] = ((uint8_t*)(void*)dname)[sizeof(dname_type)+i] + + 1 /* label type/length byte for label */ + ll; + name.dname.label_count = dname->label_count + 1 /* label_count incr. */; + name.dname.name_size = dname->name_size + ll + + 1 /* label length */; + return &name.dname; +} diff --git a/dname.h b/dname.h index fecf7510c..e3ac79c8c 100644 --- a/dname.h +++ b/dname.h @@ -403,4 +403,7 @@ int dname_equal_nocase(uint8_t* a, uint8_t* b, uint16_t len); int is_dname_subdomain_of_case(const uint8_t* d, unsigned int len, const uint8_t* d2, unsigned int len2); +/** return (static) dname with label prepended to dname */ +dname_type* label_plus_dname(const char* label,const dname_type* dname); + #endif /* DNAME_H */ diff --git a/xfrd-catalog-zones.c b/xfrd-catalog-zones.c index aca612a5a..abc540684 100644 --- a/xfrd-catalog-zones.c +++ b/xfrd-catalog-zones.c @@ -26,9 +26,6 @@ static void vmake_catalog_consumer_invalid( struct xfrd_catalog_consumer_zone *consumer_zone, const char *format, va_list args); -/** return (static) dname with label prepended to dname */ -static dname_type* label_plus_dname(const char* label,const dname_type* dname); - /** delete the catalog member zone */ static void catalog_del_consumer_member_zone( struct xfrd_catalog_consumer_zone* consumer_zone, @@ -303,44 +300,6 @@ make_catalog_consumer_valid(struct xfrd_catalog_consumer_zone *consumer_zone) } } -static dname_type* -label_plus_dname(const char* label, const dname_type* dname) -{ - static struct { - dname_type dname; - uint8_t bytes[MAXDOMAINLEN + 128 /* max number of labels */]; - } ATTR_PACKED name; - size_t i, ll; - - if (!label || !dname || dname->label_count > 127) - return NULL; - ll = strlen(label); - if ((int)dname->name_size + ll + 1 > MAXDOMAINLEN) - return NULL; - - /* In reversed order and first copy with memmove, so we can nest. - * i.e. label_plus_dname(label1, label_plus_dname(label2, dname)) - */ - memmove(name.bytes + dname->label_count - + 1 /* label_count increases by one */ - + 1 /* label type/length byte for label */ + ll, - ((void*)dname) + sizeof(dname_type) + dname->label_count, - dname->name_size); - memcpy(name.bytes + dname->label_count - + 1 /* label_count increases by one */ - + 1 /* label type/length byte for label */, label, ll); - name.bytes[dname->label_count + 1] = ll; /* label type/length byte */ - name.bytes[dname->label_count] = 0; /* first label follows last - * label_offsets element */ - for (i = 0; i < dname->label_count; i++) - name.bytes[i] = ((uint8_t*)(void*)dname)[sizeof(dname_type)+i] - + 1 /* label type/length byte for label */ + ll; - name.dname.label_count = dname->label_count + 1 /* label_count incr. */; - name.dname.name_size = dname->name_size + ll - + 1 /* label length */; - return &name.dname; -} - static void catalog_del_consumer_member_zone( struct xfrd_catalog_consumer_zone* consumer_zone, @@ -420,7 +379,7 @@ const char *invalid_catalog_consumer_zone(struct zone_options* zone) if (!zone || !zone_is_catalog_consumer(zone)) msg = NULL; - else if (!xfrd) + else if (!xfrd) msg = "asked for catalog information outside of xfrd process"; else if (!xfrd->catalog_consumer_zones) @@ -596,7 +555,7 @@ xfrd_process_catalog_consumer_zone( * NOT be processed (see Section 5.1). */ if (rrset->rr_count != 1) { - make_catalog_consumer_invalid(consumer_zone, + make_catalog_consumer_invalid(consumer_zone, "only a single PTR RR expected on '%s'", domain_to_string(member_id)); return; @@ -671,7 +630,7 @@ xfrd_process_catalog_consumer_zone( else if (!(pattern = default_pattern = catalog_member_pattern(consumer_zone))) { - make_catalog_consumer_invalid(consumer_zone, + make_catalog_consumer_invalid(consumer_zone, "missing 'group.%s' TXT RR and no default " "pattern from \"catalog-member-pattern\"", domain_to_string(member_id)); @@ -692,7 +651,7 @@ xfrd_process_catalog_consumer_zone( dname_to_string(cursor_member_id(cursor), NULL))); - while (cursor != RBTREE_NULL && + while (cursor != RBTREE_NULL && (cmp = dname_compare( domain_dname(member_id), cursor_member_id(cursor))) > 0) { @@ -764,7 +723,7 @@ xfrd_process_catalog_consumer_zone( #endif /* It is a catalog consumer member, * so no need to check if it was a - * catalog producer member zone to + * catalog producer member zone to * delete and add */ zopt->pattern = pattern; @@ -1103,7 +1062,7 @@ try_buffer_write_TXT(buffer_type* packet, const dname_type* name, return 1; } buffer_set_position(packet, mark); - return 0; + return 0; } static void @@ -1199,7 +1158,7 @@ xfrd_process_catalog_producer_zone( xfr_writer_add_TXT(&xw, label_plus_dname("version" , producer_name), "2"); goto add_member_zones; - } + } /* IXFR */ xfr_writer_add_SOA(&xw, producer_name, xw.old_serial); while(producer_zone->to_delete) { @@ -1282,4 +1241,3 @@ void xfrd_process_catalog_producer_zones() xfrd_process_catalog_producer_zone(producer_zone); } } - From 3dc70fd4e55e684de6e15d7c849d7fae460a7c19 Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 21 Jan 2025 21:45:24 +0100 Subject: [PATCH 15/35] Adding additional function to combine two labels --- dname.c | 40 ++++++++++++++++++++++++++++++++++++++++ dname.h | 6 +++++- 2 files changed, 45 insertions(+), 1 deletion(-) diff --git a/dname.c b/dname.c index b929ccb95..4bdc87c9d 100644 --- a/dname.c +++ b/dname.c @@ -656,3 +656,43 @@ label_plus_dname(const char* label, const dname_type* dname) + 1 /* label length */; return &name.dname; } + +dname_type* +labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, const dname_type* dname) +{ + static struct { + dname_type dname; + uint8_t bytes[MAXDOMAINLEN + 128 /* max number of labels */]; + } ATTR_PACKED name; + size_t i; + uint8_t copied_label_size; + copied_label_size = 0; + if (!labels || !dname || dname->label_count > 127 || !amount_to_be_copied || + amount_to_be_copied > labels->label_count) + return NULL; + + for (i = 0; i < amount_to_be_copied; i++) + { + copied_label_size += label_length(dname_label(labels, labels->label_count - i - 1)); + printf("%hhu\n", copied_label_size); + } + if ((int)dname->name_size + copied_label_size + 1 > MAXDOMAINLEN) + return NULL; + + name.dname.label_count = dname->label_count + amount_to_be_copied; + name.dname.name_size = dname->name_size + copied_label_size + amount_to_be_copied; + /* In reversed order and first copy with memmove, so we can nest. + * i.e. label_plus_dname(label1, label_plus_dname(label2, dname)) + */ + memmove(name.bytes + copied_label_size + name.dname.label_count + 1, ((void*)dname) + sizeof(dname_type) + dname->label_count, dname->name_size); + memcpy(name.bytes + name.dname.label_count, + ((void*)labels) + sizeof(dname_type) + labels->label_count, + copied_label_size + amount_to_be_copied); + + + name.bytes[dname->label_count] = 0; + for (i = 0; i < dname->label_count; i++) + name.bytes[i] = ((uint8_t*)(void*)dname)[sizeof(dname_type)+i] + + 1 /* label type/length byte for label */ + amount_to_be_copied; + return &name.dname; +} diff --git a/dname.h b/dname.h index e3ac79c8c..676936b70 100644 --- a/dname.h +++ b/dname.h @@ -403,7 +403,11 @@ int dname_equal_nocase(uint8_t* a, uint8_t* b, uint16_t len); int is_dname_subdomain_of_case(const uint8_t* d, unsigned int len, const uint8_t* d2, unsigned int len2); -/** return (static) dname with label prepended to dname */ +/** return dname with label prepended to dname */ dname_type* label_plus_dname(const char* label,const dname_type* dname); +/** return dname with amount_of_labels from labels prepended to dname */ +dname_type* labels_plus_dname(const dname_type* labels, + size_t amount_to_be_copied, const dname_type* dname); + #endif /* DNAME_H */ From 4b99a75e3d8005bef9ba6898005d48e7b52aebba Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 21 Jan 2025 21:46:30 +0100 Subject: [PATCH 16/35] Adding function to find IDELEG records --- namedb.c | 17 ++++++++++++++++- namedb.h | 6 +++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/namedb.c b/namedb.c index 772e038b1..940ba9695 100644 --- a/namedb.c +++ b/namedb.c @@ -34,7 +34,7 @@ allocate_domain_info(domain_table_type* table, result = (domain_type *) region_alloc(table->region, sizeof(domain_type)); #ifdef USE_RADIX_TREE - result->dname + result->dname #else result->node.key #endif @@ -600,6 +600,21 @@ domain_find_ns_rrsets(domain_type* domain, zone_type* zone, rrset_type **ns) return NULL; } +#ifdef USE_DELEG +rrset_type * +domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db) +{ + dname_type* target; + rrset_type* result; + target = label_plus_dname("_deleg", zone->apex->dname); + target = labels_plus_dname(delegation_domain->dname, + delegation_domain->dname->label_count - zone->apex->dname->label_count, + target); + result = domain_find_rrset(domain_table_find(db->domains, target), zone, TYPE_DELEG); + return result; +} +#endif + domain_type * find_dname_above(domain_type* domain, zone_type* zone) { diff --git a/namedb.h b/namedb.h index 37b4a0383..016e061f3 100644 --- a/namedb.h +++ b/namedb.h @@ -372,7 +372,7 @@ zone_type *namedb_find_zone(namedb_type *db, const dname_type *dname); /* * Delete a domain name from the domain table. Removes dname_info node. * Only deletes if usage is 0, has no rrsets and no children. Checks parents - * for deletion as well. Adjusts numberlist(domain.number), and + * for deletion as well. Adjusts numberlist(domain.number), and * wcard_child closest match. */ void domain_table_deldomain(namedb_type* db, domain_type* domain); @@ -474,4 +474,8 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone); rr_type *zone_rr_iter_next(zone_rr_iter_type *iter); +#ifdef USE_DELEG +rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db); +#endif + #endif /* NAMEDB_H */ From 021957b49a4d303ae76425950a979b8fd84909f6 Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 21 Jan 2025 21:47:40 +0100 Subject: [PATCH 17/35] Adding IDELEG search to answer_delegation --- query.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/query.c b/query.c index 6c7869c27..e64d214db 100644 --- a/query.c +++ b/query.c @@ -918,8 +918,9 @@ query_synthesize_cname(struct query* q, struct answer* answer, const dname_type* * record proving the DS RRset does not exist. */ static void -answer_delegation(query_type *query, answer_type *answer) +answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) { + rrset_type *rrset; assert(answer); assert(query->delegation_domain); assert(query->delegation_rrset); @@ -936,7 +937,6 @@ answer_delegation(query_type *query, answer_type *answer) query->delegation_domain, query->delegation_rrset); if (query->edns.dnssec_ok && zone_is_secure(query->zone)) { - rrset_type *rrset; if ((rrset = domain_find_rrset(query->delegation_domain, query->zone, TYPE_DS))) { add_rrset(query, answer, AUTHORITY_SECTION, query->delegation_domain, rrset); @@ -949,6 +949,14 @@ answer_delegation(query_type *query, answer_type *answer) query->delegation_domain, rrset); } } +#ifdef USE_DELEG + if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db))) + { + + add_rrset(query, answer, AUTHORITY_SECTION, + query->delegation_domain, rrset); + } +#endif } @@ -1506,7 +1514,7 @@ answer_lookup_zone(struct nsd *nsd, struct query *q, answer_type *answer, closest_match, closest_encloser, qname); } else { - answer_delegation(q, answer); + answer_delegation(q, answer, nsd); } } } From d80c2ef3e9dc100dc96f454b3454a422b9bb1c6a Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 21 Jan 2025 21:59:01 +0100 Subject: [PATCH 18/35] Fixing comment typo --- dname.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dname.c b/dname.c index 4bdc87c9d..7112113c4 100644 --- a/dname.c +++ b/dname.c @@ -682,7 +682,7 @@ labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, const dn name.dname.label_count = dname->label_count + amount_to_be_copied; name.dname.name_size = dname->name_size + copied_label_size + amount_to_be_copied; /* In reversed order and first copy with memmove, so we can nest. - * i.e. label_plus_dname(label1, label_plus_dname(label2, dname)) + * i.e. labels_plus_dname(labels1, 1,labels_plus_dname(label2, 2, dname)) */ memmove(name.bytes + copied_label_size + name.dname.label_count + 1, ((void*)dname) + sizeof(dname_type) + dname->label_count, dname->name_size); memcpy(name.bytes + name.dname.label_count, From dc637c2134f588a3603c18ab163b47bf5d2c110b Mon Sep 17 00:00:00 2001 From: WP Date: Wed, 22 Jan 2025 00:15:04 +0100 Subject: [PATCH 19/35] Adding RRSIG (if requested) to IDELEG --- namedb.c | 32 +++++++++++++++++++++++++++++++- namedb.h | 2 +- query.c | 8 +++++++- 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/namedb.c b/namedb.c index 940ba9695..fbdbcfc79 100644 --- a/namedb.c +++ b/namedb.c @@ -602,15 +602,45 @@ domain_find_ns_rrsets(domain_type* domain, zone_type* zone, rrset_type **ns) #ifdef USE_DELEG rrset_type * -domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db) +domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, rrset_type **rrsig) { dname_type* target; rrset_type* result; + rrset_type* signatures; + uint8_t signatures_found; + *rrsig = NULL; + signatures_found = 0; target = label_plus_dname("_deleg", zone->apex->dname); target = labels_plus_dname(delegation_domain->dname, delegation_domain->dname->label_count - zone->apex->dname->label_count, target); result = domain_find_rrset(domain_table_find(db->domains, target), zone, TYPE_DELEG); + signatures = domain_find_rrset(domain_table_find(db->domains, target), zone, TYPE_RRSIG); + + while (signatures) + { + printf("Amount found: %d\n", signatures->rr_count); + if (signatures->rrs->type != TYPE_RRSIG) break; // If not assertion on the next line fails + if (rr_rrsig_type_covered(signatures->rrs) == TYPE_DELEG) + { + signatures_found++; + if (!*rrsig) + { + *rrsig = signatures; + signatures = signatures->next; + } + else + { + rrset_type *tmp = signatures->next; + signatures->next = *rrsig; + *rrsig = signatures; + signatures = tmp; + } + } + else signatures = signatures->next; + } + (*rrsig)->rr_count = signatures_found; + return result; } #endif diff --git a/namedb.h b/namedb.h index 016e061f3..3114ae648 100644 --- a/namedb.h +++ b/namedb.h @@ -475,7 +475,7 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone); rr_type *zone_rr_iter_next(zone_rr_iter_type *iter); #ifdef USE_DELEG -rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db); +rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, rrset_type **rrsig); #endif #endif /* NAMEDB_H */ diff --git a/query.c b/query.c index e64d214db..7dc61e2ff 100644 --- a/query.c +++ b/query.c @@ -921,6 +921,9 @@ static void answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) { rrset_type *rrset; +#ifdef USE_DELEG + rrset_type *rrset_deleg_signatures; +#endif assert(answer); assert(query->delegation_domain); assert(query->delegation_rrset); @@ -950,11 +953,14 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) } } #ifdef USE_DELEG - if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db))) + if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &rrset_deleg_signatures))) { add_rrset(query, answer, AUTHORITY_SECTION, query->delegation_domain, rrset); + if (rrset_deleg_signatures && query->edns.dnssec_ok && zone_is_secure(query->zone)) + add_rrset(query, answer, AUTHORITY_SECTION, + query->delegation_domain, rrset_deleg_signatures); } #endif } From 5a9ee170f43f721ba46301fc06597f72b6e7003a Mon Sep 17 00:00:00 2001 From: WP Date: Wed, 22 Jan 2025 00:17:14 +0100 Subject: [PATCH 20/35] Removing debug statement --- dname.c | 1 - namedb.c | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/dname.c b/dname.c index 7112113c4..36bc98a6a 100644 --- a/dname.c +++ b/dname.c @@ -674,7 +674,6 @@ labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, const dn for (i = 0; i < amount_to_be_copied; i++) { copied_label_size += label_length(dname_label(labels, labels->label_count - i - 1)); - printf("%hhu\n", copied_label_size); } if ((int)dname->name_size + copied_label_size + 1 > MAXDOMAINLEN) return NULL; diff --git a/namedb.c b/namedb.c index fbdbcfc79..2e7170d6d 100644 --- a/namedb.c +++ b/namedb.c @@ -619,8 +619,7 @@ domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb while (signatures) { - printf("Amount found: %d\n", signatures->rr_count); - if (signatures->rrs->type != TYPE_RRSIG) break; // If not assertion on the next line fails + if (signatures->rrs->type != TYPE_RRSIG) break; if (rr_rrsig_type_covered(signatures->rrs) == TYPE_DELEG) { signatures_found++; From 9c0b81dc945320afadb50740f9cb24ba61e79b4b Mon Sep 17 00:00:00 2001 From: WP Date: Sun, 26 Jan 2025 14:02:42 +0100 Subject: [PATCH 21/35] Fixing owners of IDELEG RRset --- namedb.c | 42 ++++++++---------------------------------- namedb.h | 2 +- query.c | 11 ++--------- query.h | 5 +++++ 4 files changed, 16 insertions(+), 44 deletions(-) diff --git a/namedb.c b/namedb.c index 2e7170d6d..4e677966e 100644 --- a/namedb.c +++ b/namedb.c @@ -602,43 +602,17 @@ domain_find_ns_rrsets(domain_type* domain, zone_type* zone, rrset_type **ns) #ifdef USE_DELEG rrset_type * -domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, rrset_type **rrsig) +domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type** ideleg_domain) { - dname_type* target; rrset_type* result; - rrset_type* signatures; - uint8_t signatures_found; - *rrsig = NULL; - signatures_found = 0; - target = label_plus_dname("_deleg", zone->apex->dname); - target = labels_plus_dname(delegation_domain->dname, + dname_type* dname; + dname = labels_plus_dname(delegation_domain->dname, delegation_domain->dname->label_count - zone->apex->dname->label_count, - target); - result = domain_find_rrset(domain_table_find(db->domains, target), zone, TYPE_DELEG); - signatures = domain_find_rrset(domain_table_find(db->domains, target), zone, TYPE_RRSIG); - - while (signatures) - { - if (signatures->rrs->type != TYPE_RRSIG) break; - if (rr_rrsig_type_covered(signatures->rrs) == TYPE_DELEG) - { - signatures_found++; - if (!*rrsig) - { - *rrsig = signatures; - signatures = signatures->next; - } - else - { - rrset_type *tmp = signatures->next; - signatures->next = *rrsig; - *rrsig = signatures; - signatures = tmp; - } - } - else signatures = signatures->next; - } - (*rrsig)->rr_count = signatures_found; + label_plus_dname("_deleg", zone->apex->dname)); + *ideleg_domain = domain_table_find(db->domains, dname); + if (!*ideleg_domain) + return NULL; + result = domain_find_rrset(*ideleg_domain, zone, TYPE_DELEG); return result; } diff --git a/namedb.h b/namedb.h index 3114ae648..b8bdecb10 100644 --- a/namedb.h +++ b/namedb.h @@ -475,7 +475,7 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone); rr_type *zone_rr_iter_next(zone_rr_iter_type *iter); #ifdef USE_DELEG -rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, rrset_type **rrsig); +rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type **ideleg_domain); #endif #endif /* NAMEDB_H */ diff --git a/query.c b/query.c index 7dc61e2ff..aa0c8071d 100644 --- a/query.c +++ b/query.c @@ -921,9 +921,6 @@ static void answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) { rrset_type *rrset; -#ifdef USE_DELEG - rrset_type *rrset_deleg_signatures; -#endif assert(answer); assert(query->delegation_domain); assert(query->delegation_rrset); @@ -953,14 +950,10 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) } } #ifdef USE_DELEG - if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &rrset_deleg_signatures))) + if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &query->ideleg_domain))) { - - add_rrset(query, answer, AUTHORITY_SECTION, - query->delegation_domain, rrset); - if (rrset_deleg_signatures && query->edns.dnssec_ok && zone_is_secure(query->zone)) add_rrset(query, answer, AUTHORITY_SECTION, - query->delegation_domain, rrset_deleg_signatures); + query->ideleg_domain, rrset); } #endif } diff --git a/query.h b/query.h index de8e1934b..7f144b60a 100644 --- a/query.h +++ b/query.h @@ -161,6 +161,11 @@ struct query { /* if we encountered a wildcard, its domain */ domain_type *wildcard_domain; #endif + +#ifdef USE_DELEG + /* if we encountered an ideleg domain, it will be here */ + domain_type *ideleg_domain; +#endif }; From a74a5918eb4f843da0ba3d945583f40ed7e67eb7 Mon Sep 17 00:00:00 2001 From: WP Date: Sun, 26 Jan 2025 14:19:00 +0100 Subject: [PATCH 22/35] Including NSEC(3) responses when delegating an IDELEG domain --- nsec3.c | 6 +++++- query.c | 22 +++++++++++++++------- 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/nsec3.c b/nsec3.c index 9e17e6d65..07aeaa24d 100644 --- a/nsec3.c +++ b/nsec3.c @@ -360,7 +360,7 @@ hash_tree_clear(rbtree_type* tree) * then mean setting the key value of the nodes to NULL to indicate * absence of the prehash. * But since prehash structs are separatly allocated, this is no longer - * necessary as currently the prehash structs are simply recycled and + * necessary as currently the prehash structs are simply recycled and * NULLed. * * rbnode_type* n; @@ -1095,6 +1095,10 @@ nsec3_answer_delegation(struct query *query, struct answer *answer) if(!query->zone->nsec3_param) return; nsec3_add_ds_proof(query, answer, query->delegation_domain, 1); +#ifdef USE_DELEG + nsec3_add_ds_proof(query, answer, query->ideleg_domain, 1); +#endif + } int diff --git a/query.c b/query.c index aa0c8071d..f6a0cf00a 100644 --- a/query.c +++ b/query.c @@ -936,6 +936,13 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) AUTHORITY_SECTION, query->delegation_domain, query->delegation_rrset); +#ifdef USE_DELEG + if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &query->ideleg_domain))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + query->ideleg_domain, rrset); + } +#endif if (query->edns.dnssec_ok && zone_is_secure(query->zone)) { if ((rrset = domain_find_rrset(query->delegation_domain, query->zone, TYPE_DS))) { add_rrset(query, answer, AUTHORITY_SECTION, @@ -947,15 +954,16 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) } else if ((rrset = domain_find_rrset(query->delegation_domain, query->zone, TYPE_NSEC))) { add_rrset(query, answer, AUTHORITY_SECTION, query->delegation_domain, rrset); - } - } #ifdef USE_DELEG - if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &query->ideleg_domain))) - { - add_rrset(query, answer, AUTHORITY_SECTION, - query->ideleg_domain, rrset); - } + if ((rrset = domain_find_rrset(query->ideleg_domain, query->zone, TYPE_NSEC))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + query->ideleg_domain, rrset); + } #endif + + } + } } From 15613cfe89d69bcf32b6775dfeb6500c60c73a91 Mon Sep 17 00:00:00 2001 From: Wouter Date: Mon, 27 Jan 2025 14:45:05 +0100 Subject: [PATCH 23/35] Updating labels copy to prevent 0-copy NULL error --- dname.c | 5 +++-- dname.h | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/dname.c b/dname.c index 36bc98a6a..e6531ce6f 100644 --- a/dname.c +++ b/dname.c @@ -658,7 +658,7 @@ label_plus_dname(const char* label, const dname_type* dname) } dname_type* -labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, const dname_type* dname) +labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, dname_type* dname) { static struct { dname_type dname; @@ -667,7 +667,8 @@ labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, const dn size_t i; uint8_t copied_label_size; copied_label_size = 0; - if (!labels || !dname || dname->label_count > 127 || !amount_to_be_copied || + if (!amount_to_be_copied) return dname; // If the size is 0 we return the original dname + if (!labels || !dname || dname->label_count > 127 || amount_to_be_copied > labels->label_count) return NULL; diff --git a/dname.h b/dname.h index 676936b70..d0e27decd 100644 --- a/dname.h +++ b/dname.h @@ -408,6 +408,6 @@ dname_type* label_plus_dname(const char* label,const dname_type* dname); /** return dname with amount_of_labels from labels prepended to dname */ dname_type* labels_plus_dname(const dname_type* labels, - size_t amount_to_be_copied, const dname_type* dname); + size_t amount_to_be_copied, dname_type* dname); #endif /* DNAME_H */ From bbf99b12e7489cbc9f6afa00a2ae028fab7892a1 Mon Sep 17 00:00:00 2001 From: Wouter Date: Mon, 27 Jan 2025 14:45:31 +0100 Subject: [PATCH 24/35] Updating find IDELEG rrsets to also save the created dname --- namedb.c | 8 ++++---- namedb.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/namedb.c b/namedb.c index 4e677966e..b37f60a97 100644 --- a/namedb.c +++ b/namedb.c @@ -602,14 +602,14 @@ domain_find_ns_rrsets(domain_type* domain, zone_type* zone, rrset_type **ns) #ifdef USE_DELEG rrset_type * -domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type** ideleg_domain) +domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, + namedb_type* db, domain_type** ideleg_domain, dname_type** ideleg_dname) { rrset_type* result; - dname_type* dname; - dname = labels_plus_dname(delegation_domain->dname, + *ideleg_dname = labels_plus_dname(delegation_domain->dname, delegation_domain->dname->label_count - zone->apex->dname->label_count, label_plus_dname("_deleg", zone->apex->dname)); - *ideleg_domain = domain_table_find(db->domains, dname); + *ideleg_domain = domain_table_find(db->domains, *ideleg_dname); if (!*ideleg_domain) return NULL; result = domain_find_rrset(*ideleg_domain, zone, TYPE_DELEG); diff --git a/namedb.h b/namedb.h index b8bdecb10..af39db5f1 100644 --- a/namedb.h +++ b/namedb.h @@ -475,7 +475,7 @@ void zone_rr_iter_init(zone_rr_iter_type *iter, zone_type *zone); rr_type *zone_rr_iter_next(zone_rr_iter_type *iter); #ifdef USE_DELEG -rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type **ideleg_domain); +rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type **ideleg_domain, dname_type **ideleg_dname); #endif #endif /* NAMEDB_H */ From 169dabe7636db67260fcc53699bc85359fb257b7 Mon Sep 17 00:00:00 2001 From: Wouter Date: Mon, 27 Jan 2025 14:48:05 +0100 Subject: [PATCH 25/35] Changing delegation behavior of IDELEG domains to only include NSEC when the IDELEG records are not present --- query.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/query.c b/query.c index f6a0cf00a..5f90f3038 100644 --- a/query.c +++ b/query.c @@ -921,6 +921,9 @@ static void answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) { rrset_type *rrset; +#ifdef USE_DELEG + dname_type* ideleg_dname; +#endif assert(answer); assert(query->delegation_domain); assert(query->delegation_rrset); @@ -937,7 +940,24 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) query->delegation_domain, query->delegation_rrset); #ifdef USE_DELEG - if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &query->ideleg_domain))) + if ((rrset = domain_find_deleg_rrsets(query->delegation_domain, query->zone, nsd->db, &query->ideleg_domain, &ideleg_dname))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + query->ideleg_domain, rrset); + } + else if (!query->edns.dnssec_ok || !zone_is_secure(query->zone)){} + else if (!query->ideleg_domain) + { + domain_type* ideleg_closest_match; + domain_type* ideleg_encloser; + namedb_lookup(nsd->db, ideleg_dname, &ideleg_closest_match, &ideleg_encloser); + if ((rrset = domain_find_rrset(ideleg_closest_match, query->zone, TYPE_NSEC))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + ideleg_closest_match, rrset); + } + } + else if ((rrset = domain_find_rrset(query->ideleg_domain, query->zone, TYPE_NSEC))) { add_rrset(query, answer, AUTHORITY_SECTION, query->ideleg_domain, rrset); @@ -954,14 +974,6 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) } else if ((rrset = domain_find_rrset(query->delegation_domain, query->zone, TYPE_NSEC))) { add_rrset(query, answer, AUTHORITY_SECTION, query->delegation_domain, rrset); -#ifdef USE_DELEG - if ((rrset = domain_find_rrset(query->ideleg_domain, query->zone, TYPE_NSEC))) - { - add_rrset(query, answer, AUTHORITY_SECTION, - query->ideleg_domain, rrset); - } -#endif - } } } From 050ef678efcd8f45f9f5ab4bdba3f9113cdf7cbb Mon Sep 17 00:00:00 2001 From: Wouter Date: Mon, 27 Jan 2025 16:31:41 +0100 Subject: [PATCH 26/35] Removing unneeded ds proof for IDELEG --- nsec3.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/nsec3.c b/nsec3.c index 07aeaa24d..fc0bdbf08 100644 --- a/nsec3.c +++ b/nsec3.c @@ -1095,10 +1095,6 @@ nsec3_answer_delegation(struct query *query, struct answer *answer) if(!query->zone->nsec3_param) return; nsec3_add_ds_proof(query, answer, query->delegation_domain, 1); -#ifdef USE_DELEG - nsec3_add_ds_proof(query, answer, query->ideleg_domain, 1); -#endif - } int From 289649a616fd2834a6afc16e271f8adbf4f40dea Mon Sep 17 00:00:00 2001 From: Wouter Date: Mon, 27 Jan 2025 16:32:08 +0100 Subject: [PATCH 27/35] Adding NSEC3 records to IDELEG when there is no data (or NXDOMAIN) --- query.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/query.c b/query.c index 5f90f3038..e92a849e9 100644 --- a/query.c +++ b/query.c @@ -946,6 +946,30 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) query->ideleg_domain, rrset); } else if (!query->edns.dnssec_ok || !zone_is_secure(query->zone)){} +#ifdef NSEC3 + else if (query->zone->nsec3_param) + { + if (query->ideleg_domain) + { + if ((rrset = domain_find_rrset(query->ideleg_domain->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + query->ideleg_domain->nsec3->nsec3_cover, rrset); + } + } + else + { + domain_type* ideleg_closest_match; + domain_type* ideleg_encloser; + namedb_lookup(nsd->db, ideleg_dname, &ideleg_closest_match, &ideleg_encloser); + if ((rrset = domain_find_rrset(ideleg_closest_match->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + ideleg_closest_match->nsec3->nsec3_cover, rrset); + } + } + } +#endif else if (!query->ideleg_domain) { domain_type* ideleg_closest_match; From 04918aa90d50b426d4467bd6dc5933eec1c61ce1 Mon Sep 17 00:00:00 2001 From: WP Date: Mon, 3 Feb 2025 11:04:49 +0100 Subject: [PATCH 28/35] Finishing merging upstream simdzone --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index adbc3ef30..955c0bd1a 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit adbc3ef304e893572bac2e4f5c010f92c0e52b74 +Subproject commit 955c0bd1a4ebbae6e8873e053ed60cb7e4de06f0 From 0ca85e7a31be383ad56240192a7864008595ee87 Mon Sep 17 00:00:00 2001 From: WP Date: Mon, 3 Feb 2025 11:41:32 +0100 Subject: [PATCH 29/35] Finishing updating IDELEG number in hashes --- simdzone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/simdzone b/simdzone index 955c0bd1a..d720518a7 160000 --- a/simdzone +++ b/simdzone @@ -1 +1 @@ -Subproject commit 955c0bd1a4ebbae6e8873e053ed60cb7e4de06f0 +Subproject commit d720518a774bc14e5b05d074e1ebb534e94553e0 From 65d467632c34c8c77d9746223302be4e9f4d6857 Mon Sep 17 00:00:00 2001 From: WP Date: Mon, 3 Feb 2025 18:16:34 +0100 Subject: [PATCH 30/35] Fix minor styling issue --- query.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/query.c b/query.c index e92a849e9..feeefe89a 100644 --- a/query.c +++ b/query.c @@ -945,7 +945,7 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) add_rrset(query, answer, AUTHORITY_SECTION, query->ideleg_domain, rrset); } - else if (!query->edns.dnssec_ok || !zone_is_secure(query->zone)){} + else if (!query->edns.dnssec_ok || !zone_is_secure(query->zone)){} #ifdef NSEC3 else if (query->zone->nsec3_param) { From 094c60299ac048d83166754a596ff875f453e456 Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 4 Feb 2025 12:27:34 +0100 Subject: [PATCH 31/35] Adding more NSEC(3) records in response --- query.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/query.c b/query.c index feeefe89a..bb2fa2e2b 100644 --- a/query.c +++ b/query.c @@ -967,6 +967,11 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) add_rrset(query, answer, AUTHORITY_SECTION, ideleg_closest_match->nsec3->nsec3_cover, rrset); } + if ((rrset = domain_find_rrset(ideleg_closest_match->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + ideleg_closest_match->nsec3->nsec3_cover, rrset); + } } } #endif @@ -980,6 +985,11 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) add_rrset(query, answer, AUTHORITY_SECTION, ideleg_closest_match, rrset); } + if ((rrset = domain_find_rrset(ideleg_encloser, query->zone, TYPE_NSEC))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + ideleg_encloser, rrset); + } } else if ((rrset = domain_find_rrset(query->ideleg_domain, query->zone, TYPE_NSEC))) { From e1a8419b93bec77966df2c1f3a1d649ef940437f Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 4 Feb 2025 12:54:17 +0100 Subject: [PATCH 32/35] Adding more NSEC(3) records in response --- query.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/query.c b/query.c index bb2fa2e2b..68851389b 100644 --- a/query.c +++ b/query.c @@ -967,10 +967,16 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) add_rrset(query, answer, AUTHORITY_SECTION, ideleg_closest_match->nsec3->nsec3_cover, rrset); } - if ((rrset = domain_find_rrset(ideleg_closest_match->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) + if (!ideleg_encloser->nsec3) {} // temporary fix since the encloser does not have nsec3 data + else if ((rrset = domain_find_rrset(ideleg_encloser->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) { add_rrset(query, answer, AUTHORITY_SECTION, - ideleg_closest_match->nsec3->nsec3_cover, rrset); + ideleg_encloser->nsec3->nsec3_cover, rrset); + } + if ((rrset = domain_find_rrset(ideleg_closest_match->nsec3->nsec3_wcard_child_cover, query->zone, TYPE_NSEC3))) + { + add_rrset(query, answer, AUTHORITY_SECTION, + ideleg_closest_match->nsec3->nsec3_wcard_child_cover, rrset); } } } From 45ea30986c8ae57a7ef715741666c680405fa9a8 Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 4 Feb 2025 13:47:51 +0100 Subject: [PATCH 33/35] Fixing index error when copying labels --- dname.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dname.c b/dname.c index e6531ce6f..7f0c2f174 100644 --- a/dname.c +++ b/dname.c @@ -693,6 +693,6 @@ labels_plus_dname(const dname_type* labels, size_t amount_to_be_copied, dname_ty name.bytes[dname->label_count] = 0; for (i = 0; i < dname->label_count; i++) name.bytes[i] = ((uint8_t*)(void*)dname)[sizeof(dname_type)+i] - + 1 /* label type/length byte for label */ + amount_to_be_copied; + + copied_label_size /* label type/length byte for label */ + amount_to_be_copied; return &name.dname; } From 50d22104b5cfd0df65aceabc40e2a1a8ce78018b Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 4 Feb 2025 14:27:25 +0100 Subject: [PATCH 34/35] Fixing correct NSEC(3) record when having an IDELEG NXDOMAIN response --- query.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/query.c b/query.c index 68851389b..1f62c7d7c 100644 --- a/query.c +++ b/query.c @@ -961,23 +961,26 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) { domain_type* ideleg_closest_match; domain_type* ideleg_encloser; + domain_type* ideleg_next_closer; + const dname_type* to_prove; + uint8_t hash[NSEC3_HASH_LEN]; + namedb_lookup(nsd->db, ideleg_dname, &ideleg_closest_match, &ideleg_encloser); - if ((rrset = domain_find_rrset(ideleg_closest_match->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) + to_prove = dname_partial_copy(query->region, ideleg_dname, + dname_label_match_count(ideleg_dname, domain_dname(ideleg_encloser))+1); + nsec3_hash_and_store(query->zone, to_prove, hash); + nsec3_find_cover(query->zone, hash, sizeof(hash), &ideleg_next_closer); + + if ((rrset = domain_find_rrset(ideleg_next_closer, query->zone, TYPE_NSEC3))) { add_rrset(query, answer, AUTHORITY_SECTION, - ideleg_closest_match->nsec3->nsec3_cover, rrset); + ideleg_next_closer, rrset); } - if (!ideleg_encloser->nsec3) {} // temporary fix since the encloser does not have nsec3 data - else if ((rrset = domain_find_rrset(ideleg_encloser->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) + if ((rrset = domain_find_rrset(ideleg_encloser->nsec3->nsec3_cover, query->zone, TYPE_NSEC3))) { add_rrset(query, answer, AUTHORITY_SECTION, ideleg_encloser->nsec3->nsec3_cover, rrset); } - if ((rrset = domain_find_rrset(ideleg_closest_match->nsec3->nsec3_wcard_child_cover, query->zone, TYPE_NSEC3))) - { - add_rrset(query, answer, AUTHORITY_SECTION, - ideleg_closest_match->nsec3->nsec3_wcard_child_cover, rrset); - } } } #endif @@ -985,8 +988,10 @@ answer_delegation(query_type *query, answer_type *answer, const struct nsd* nsd) { domain_type* ideleg_closest_match; domain_type* ideleg_encloser; - namedb_lookup(nsd->db, ideleg_dname, &ideleg_closest_match, &ideleg_encloser); - if ((rrset = domain_find_rrset(ideleg_closest_match, query->zone, TYPE_NSEC))) + namedb_lookup(nsd->db, ideleg_dname, &ideleg_closest_match, &ideleg_encloser);; + find_covering_nsec(ideleg_closest_match, query->zone, &rrset); + + if (rrset) { add_rrset(query, answer, AUTHORITY_SECTION, ideleg_closest_match, rrset); From 4a618c72a801d2cda46c23a70780701a404e24ac Mon Sep 17 00:00:00 2001 From: WP Date: Tue, 4 Feb 2025 15:38:09 +0100 Subject: [PATCH 35/35] Adding wildcard search for IDELEG --- namedb.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ namedb.h | 2 ++ 2 files changed, 46 insertions(+) diff --git a/namedb.c b/namedb.c index b37f60a97..f525eee83 100644 --- a/namedb.c +++ b/namedb.c @@ -616,6 +616,50 @@ domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, return result; } + +rrset_type * +domain_find_deleg_wildcard_rrsets(dname_type* ideleg_dname, zone_type* zone, + region_type* region, namedb_type* db, domain_type** wildcard_match) +{ + domain_type* closest_match; + domain_type* closest_encloser; + domain_type* wildcard_child; + domain_type* match; + namedb_lookup(db, ideleg_dname, &closest_match, &closest_encloser); + wildcard_child = domain_wildcard_child(closest_encloser); + if (!wildcard_child || !wildcard_child->is_existing) + { + return NULL; + } + match = (domain_type *) region_alloc(region, + sizeof(domain_type)); +#ifdef USE_RADIX_TREE + match->rnode = NULL; + match->dname = ideleg_dname; +#else + memcpy(&match->node, &wildcard_child->node, sizeof(rbnode_type)); + match->node.parent = NULL; +#endif + match->parent = closest_encloser; + match->wildcard_child_closest_match = match; + // match->number = domain_number; + match->rrsets = wildcard_child->rrsets; + match->is_existing = wildcard_child->is_existing; +#ifdef NSEC3 + match->nsec3 = wildcard_child->nsec3; + /* copy over these entries: + match->nsec3_is_exact = wildcard_child->nsec3_is_exact; + match->nsec3_cover = wildcard_child->nsec3_cover; + match->nsec3_wcard_child_cover = wildcard_child->nsec3_wcard_child_cover; + match->nsec3_ds_parent_is_exact = wildcard_child->nsec3_ds_parent_is_exact; + match->nsec3_ds_parent_cover = wildcard_child->nsec3_ds_parent_cover; + */ + +#endif + + *wildcard_match = match; + return domain_find_rrset(wildcard_child, zone, TYPE_DELEG); +} #endif domain_type * diff --git a/namedb.h b/namedb.h index af39db5f1..f6a583c58 100644 --- a/namedb.h +++ b/namedb.h @@ -476,6 +476,8 @@ rr_type *zone_rr_iter_next(zone_rr_iter_type *iter); #ifdef USE_DELEG rrset_type *domain_find_deleg_rrsets(domain_type* delegation_domain, zone_type* zone, namedb_type* db, domain_type **ideleg_domain, dname_type **ideleg_dname); + +rrset_type *domain_find_deleg_wildcard_rrsets(dname_type* ideleg_dname, zone_type* zone, region_type* region, namedb_type* db, domain_type** wildcard_match); #endif #endif /* NAMEDB_H */