bind_star_handling with wildcards that match multiple labels
Andrew Agno
maradns at agno.net
Mon May 28 16:41:54 EDT 2007
Sorry I haven't been able to respond before this, but the original
problem I had is still present in 1.2.12.06 when I set
bind_star_handling=2. That is, with the following mararc and csv2
files, a query for x.y.example.net fails with NXDOMAIN, whereas a query
for x.example.net correctly returns 127.0.0.3.
mararc:
ipv4_bind_addresses = "127.0.0.1"
verbose_level=3
chroot_dir = "/tmp/mara/etc/maradns"
csv2 = {}
bind_star_handling = 2
csv2["example.net."] = "db.example.net"
db.example.net:
/ttl 60
example.net. NS ns.example.net.
ns.example.net. 127.0.0.1
a.example.net. 127.0.0.2
*.example.net. 127.0.0.3
Wildcard CNAME records have the same problems they had before, with
bind_star_handling=1:
- using *.example.net. CNAME a.example.net.
- x.y.example.net won't work
- x.example.net works correctly
When bind_star_handling=2, all queries that would match the wildcard
CNAME return NXDOMAIN. I'm guessing that the CNAME code was not updated
at the same time as the A record code, but I haven't really
investigated.
The following patch fixes wildcard A records for me:
--- server/MaraDNS.c 2007-05-28 11:19:58.000000000 -0700
+++ /tmp/MaraDNS-mine.c 2007-05-28 11:26:03.000000000 -0700
@@ -3669,26 +3669,28 @@
if(spot_data.value != 0 && spot_data.datatype == MARA_DNS_LIST) {
always_not_there = 4;
}
+ else {
+ /* Anally strict RFC 1034 section 4.3.3 compliance. If you
+ * have b.example.com and *.example.com, a.b.example.com does
+ * *not* match the star record */
+ if(bind_star_handling == 2) {
+ int r;
+ r = star_collision(lookfor,bighash);
+ if(r == -1) {
+ goto serv_fail;
+ } else if(r == 1) {
+ udpnotfound(nxstore,header.id,sock,0,origq,0,desires_recursion,
+ ect,(always_not_there & 3));
+ js_destroy(lookfor); js_destroy(origq); js_destroy(lc);
+ return JS_SUCCESS;
+ }
+ }
+ }
if(change_rtype(lookfor,rtype_saver) == JS_ERROR) {
goto serv_fail;
}
}
- /* Anally strict RFC 1034 section 4.3.3 compliance. If you
- * have b.example.com and *.example.com, a.b.example.com does
- * *not* match the star record */
- if(bind_star_handling == 2) {
- int r;
- r = star_collision(lookfor,bighash);
- if(r == -1) {
- goto serv_fail;
- } else if(r == 1) {
- udpnotfound(nxstore,header.id,sock,0,origq,0,desires_recursion,
- ect,(always_not_there & 3));
- js_destroy(lookfor); js_destroy(origq); js_destroy(lc);
- return JS_SUCCESS;
- }
- }
/* OK, maybe there is a star record "above". In other words,
handle the case when they ask for foo.bar.example.com and we have
@@ -3696,21 +3698,6 @@
while(bobbit_starlabel(lookfor) > 0) {
int rtype_saver = 1;
- /* If bind_star_handling is really high, look for any collision
- * that breaks RFC1034 section 4.3.3 compliance */
- if(bind_star_handling == 2) {
- int r;
- r = star_collision(lookfor,bighash);
- if(r == -1) {
- goto serv_fail;
- } else if(r == 1) {
- udpnotfound(nxstore,header.id,sock,0,origq,0,desires_recursion,
- ect,(always_not_there & 3));
- js_destroy(lookfor); js_destroy(origq); js_destroy(lc);
- return JS_SUCCESS;
- }
- }
-
if(bind_star_handling >= 1) {
rtype_saver = get_rtype(lookfor);
}
@@ -3735,6 +3722,22 @@
spot_data.datatype == MARA_DNS_LIST) {
always_not_there = 4;
}
+ else {
+ /* If bind_star_handling is really high, look for any collision
+ * that breaks RFC1034 section 4.3.3 compliance */
+ if(bind_star_handling == 2) {
+ int r;
+ r = star_collision(lookfor,bighash);
+ if(r == -1) {
+ goto serv_fail;
+ } else if(r == 1) {
+ udpnotfound(nxstore,header.id,sock,0,origq,0,desires_recursion,
+ ect,(always_not_there & 3));
+ js_destroy(lookfor); js_destroy(origq); js_destroy(lc);
+ return JS_SUCCESS;
+ }
+ }
+ }
if(change_rtype(lookfor,rtype_saver) == JS_ERROR) {
goto serv_fail;
}
More information about the list
mailing list