diff --git a/bin/named/query.c b/bin/named/query.c index d780671..ecfe1a8 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -5674,7 +5674,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) dns_rpz_st_t *rpz_st; isc_boolean_t resuming; int line = -1; - isc_boolean_t dns64_exclude, dns64; + isc_boolean_t dns64_exclude, dns64, rpz; isc_boolean_t nxrewrite = ISC_FALSE; isc_boolean_t redirected = ISC_FALSE; dns_clientinfomethods_t cm; @@ -5687,6 +5687,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) char mbuf[BUFSIZ]; char qbuf[DNS_NAME_FORMATSIZE]; #endif + dns_name_t *rpzqname; CTRACE(ISC_LOG_DEBUG(3), "query_find"); @@ -5712,7 +5713,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) zone = NULL; need_wildcardproof = ISC_FALSE; empty_wild = ISC_FALSE; - dns64_exclude = dns64 = ISC_FALSE; + dns64_exclude = dns64 = rpz = ISC_FALSE; options = 0; resuming = ISC_FALSE; is_zone = ISC_FALSE; @@ -5881,6 +5882,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) authoritative = ISC_FALSE; version = NULL; need_wildcardproof = ISC_FALSE; + rpz = ISC_FALSE; if (client->view->checknames && !dns_rdata_checkowner(client->query.qname, @@ -6016,11 +6018,29 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) } /* - * Now look for an answer in the database. + * Now look for an answer in the database. If this is a dns64 + * AAAA lookup on a rpz database adjust the qname. */ - result = dns_db_findext(db, client->query.qname, version, type, + if (dns64 && rpz) + rpzqname = client->query.rpz_st->qname; + else + rpzqname = client->query.qname; + + result = dns_db_findext(db, rpzqname, version, type, client->query.dboptions, client->now, &node, fname, &cm, &ci, rdataset, sigrdataset); + /* + * Fixup fname and sigrdataset. + */ + if (dns64 && rpz) { + isc_result_t rresult; + + rresult = dns_name_copy(client->query.qname, fname, NULL); + RUNTIME_CHECK(rresult == ISC_R_SUCCESS); + if (sigrdataset != NULL && + dns_rdataset_isassociated(sigrdataset)) + dns_rdataset_disassociate(sigrdataset); + } resume: CTRACE(ISC_LOG_DEBUG(3), "query_find: resume"); @@ -6223,10 +6243,12 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) case DNS_RPZ_POLICY_NXDOMAIN: result = DNS_R_NXDOMAIN; nxrewrite = ISC_TRUE; + rpz = ISC_TRUE; break; case DNS_RPZ_POLICY_NODATA: result = DNS_R_NXRRSET; nxrewrite = ISC_TRUE; + rpz = ISC_TRUE; break; case DNS_RPZ_POLICY_RECORD: result = rpz_st->m.result; @@ -6246,6 +6268,7 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rdataset->ttl = ISC_MIN(rdataset->ttl, rpz_st->m.ttl); } + rpz = ISC_TRUE; break; case DNS_RPZ_POLICY_WILDCNAME: result = dns_rdataset_first(rdataset); @@ -6288,7 +6311,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) NS_CLIENTATTR_WANTAD); client->message->flags &= ~DNS_MESSAGEFLAG_AD; query_putrdataset(client, &sigrdataset); - rpz_st->q.is_zone = is_zone; is_zone = ISC_TRUE; rpz_log_rewrite(client, ISC_FALSE, rpz_st->m.policy, rpz_st->m.type, zone, rpz_st->qname); @@ -6671,15 +6693,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rdataset = NULL; sigrdataset = NULL; type = qtype = dns_rdatatype_a; - rpz_st = client->query.rpz_st; - if (rpz_st != NULL) { - /* - * Arrange for RPZ rewriting of any A records. - */ - if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0) - is_zone = rpz_st->q.is_zone; - rpz_st_clear(client); - } dns64 = ISC_TRUE; goto db_find; } @@ -6994,15 +7007,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) sigrdataset = NULL; fname = NULL; type = qtype = dns_rdatatype_a; - rpz_st = client->query.rpz_st; - if (rpz_st != NULL) { - /* - * Arrange for RPZ rewriting of any A records. - */ - if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0) - is_zone = rpz_st->q.is_zone; - rpz_st_clear(client); - } dns64 = ISC_TRUE; goto db_find; } @@ -7516,15 +7520,6 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype) rdataset = NULL; sigrdataset = NULL; type = qtype = dns_rdatatype_a; - rpz_st = client->query.rpz_st; - if (rpz_st != NULL) { - /* - * Arrange for RPZ rewriting of any A records. - */ - if ((rpz_st->state & DNS_RPZ_REWRITTEN) != 0) - is_zone = rpz_st->q.is_zone; - rpz_st_clear(client); - } dns64_exclude = dns64 = ISC_TRUE; goto db_find; } diff --git a/lib/dns/message.c b/lib/dns/message.c index 49710a7..10954ee 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -1213,8 +1213,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, { isc_region_t r; unsigned int count, rdatalen; - dns_name_t *name; - dns_name_t *name2; + dns_name_t *name = NULL; + dns_name_t *name2 = NULL; dns_offsets_t *offsets; dns_rdataset_t *rdataset; dns_rdatalist_t *rdatalist; @@ -1224,7 +1224,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, dns_rdata_t *rdata; dns_ttl_t ttl; dns_namelist_t *section; - isc_boolean_t free_name, free_rdataset; + isc_boolean_t free_name = ISC_FALSE, free_rdataset = ISC_FALSE; isc_boolean_t preserve_order, best_effort, seen_problem; isc_boolean_t issigzero; diff --git a/lib/dns/rdataset.c b/lib/dns/rdataset.c index ab02d32..f70dae9 100644 --- a/lib/dns/rdataset.c +++ b/lib/dns/rdataset.c @@ -337,6 +337,7 @@ towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name, */ REQUIRE(DNS_RDATASET_VALID(rdataset)); + REQUIRE(rdataset->methods != NULL); REQUIRE(countp != NULL); REQUIRE((order == NULL) == (order_arg == NULL)); REQUIRE(cctx != NULL && cctx->mctx != NULL);