Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not follow CNAME records for ANY or CNAME queries #15008

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Do not follow CNAME records for ANY or CNAME queries #15008

wants to merge 1 commit into from

Conversation

miodvallat
Copy link
Contributor

Short description

This is an attempt at fixing #5769 (not addressing the RRSIG concern at the moment, though).

Disclaimer: I have no idea what I am doing.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@miodvallat
Do not follow CNAME records for ANY or CNAME queries.
6f7e056 
The existing logic was only preventing this for CNAME queries.

Fixes PowerDNS#5769
@coveralls
Copy link

coveralls commented Jan 3, 2025
edited
Loading

Pull Request Test Coverage Report for Build 12595938391

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • 11541 unchanged lines in 185 files lost coverage.
  • Overall coverage increased (+2.5%) to 62.775%
Files with Coverage Reduction New Missed Lines %
pdns/dnsdistdist/dnsdist-session-cache.cc 1 62.86%
pdns/comment.hh 1 0.0%
pdns/recursordist/nod.hh 1 92.59%
pdns/base64.cc 1 80.6%
pdns/test-dnsrecords_cc.cc 2 95.97%
pdns/query-local-address.cc 2 89.36%
pdns/auth-packetcache.cc 2 74.35%
pdns/epollmplexer.cc 2 83.75%
pdns/recursordist/negcache.hh 2 88.24%
pdns/recursordist/rec-tcpout.cc 2 63.49%
Totals Coverage Status
Change from base Build 12589349850: 2.5%
Covered Lines: 105832
Relevant Lines: 138350
💛 - Coveralls

@miodvallat miodvallat force-pushed the cname_withheld_to_protect_the_innocent branch 2 times, most recently from e47038f to 6f7e056 Compare January 3, 2025 09:58
@Habbie
Copy link
Member

Habbie commented Jan 7, 2025

not addressing the RRSIG concern at the moment, though

reading back what I wrote there, it turns out I did not include enough information for anybody (including myself) to see what that was about. In any case the RRSIG behaviour I see today (without your PR) looks just fine.

@Habbie
Copy link
Member

Habbie commented Jan 7, 2025

This patch looks right. I wonder if any the wildcard, LUA and DNAME paths contain a similar bug, though. But this is an improvement in any case. Can you add a test?

@miodvallat
Copy link
Contributor Author

Can you add a test?

I am struggling with getting the existing tests to pass at the moment - a couple of the existing tests need oracle changes, but then further steps in the CI fail because they reuse the same tests and apparently don't need any change...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auth needs review rec
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@miodvallat @coveralls @Habbie