From 69cb6eb0c73b85ccb2d520b9598961da094ced74 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 30 Apr 2022 12:18:33 +0530 Subject: [PATCH] CacheZoneManager: Updated ResolveAdditionalRecords() to add RRSIG for additional records. Updated Query() to return response with EDNS only when request had EDNS. --- .../Dns/ZoneManagers/CacheZoneManager.cs | 25 ++++++++++++------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/DnsServerCore/Dns/ZoneManagers/CacheZoneManager.cs b/DnsServerCore/Dns/ZoneManagers/CacheZoneManager.cs index 796aaca9..01421b8e 100644 --- a/DnsServerCore/Dns/ZoneManagers/CacheZoneManager.cs +++ b/DnsServerCore/Dns/ZoneManagers/CacheZoneManager.cs @@ -224,7 +224,7 @@ namespace DnsServerCore.Dns.ZoneManagers } } - private IReadOnlyList GetAdditionalRecords(IReadOnlyList refRecords, bool serveStale) + private IReadOnlyList GetAdditionalRecords(IReadOnlyList refRecords, bool serveStale, bool dnssecOk) { List additionalRecords = new List(); @@ -235,21 +235,21 @@ namespace DnsServerCore.Dns.ZoneManagers case DnsResourceRecordType.NS: DnsNSRecordData nsRecord = refRecord.RDATA as DnsNSRecordData; if (nsRecord is not null) - ResolveAdditionalRecords(refRecord, nsRecord.NameServer, serveStale, additionalRecords); + ResolveAdditionalRecords(refRecord, nsRecord.NameServer, serveStale, dnssecOk, additionalRecords); break; case DnsResourceRecordType.MX: DnsMXRecordData mxRecord = refRecord.RDATA as DnsMXRecordData; if (mxRecord is not null) - ResolveAdditionalRecords(refRecord, mxRecord.Exchange, serveStale, additionalRecords); + ResolveAdditionalRecords(refRecord, mxRecord.Exchange, serveStale, dnssecOk, additionalRecords); break; case DnsResourceRecordType.SRV: DnsSRVRecordData srvRecord = refRecord.RDATA as DnsSRVRecordData; if (srvRecord is not null) - ResolveAdditionalRecords(refRecord, srvRecord.Target, serveStale, additionalRecords); + ResolveAdditionalRecords(refRecord, srvRecord.Target, serveStale, dnssecOk, additionalRecords); break; } @@ -258,7 +258,7 @@ namespace DnsServerCore.Dns.ZoneManagers return additionalRecords; } - private void ResolveAdditionalRecords(DnsResourceRecord refRecord, string domain, bool serveStale, List additionalRecords) + private void ResolveAdditionalRecords(DnsResourceRecord refRecord, string domain, bool serveStale, bool dnssecOk, List additionalRecords) { IReadOnlyList glueRecords = refRecord.GetGlueRecords(); if (glueRecords.Count > 0) @@ -271,6 +271,13 @@ namespace DnsServerCore.Dns.ZoneManagers { added = true; additionalRecords.Add(glueRecord); + + if (dnssecOk) + { + IReadOnlyList rrsigRecords = glueRecord.GetRecordInfo().RRSIGRecords; + if (rrsigRecords is not null) + additionalRecords.AddRange(rrsigRecords); + } } } @@ -429,7 +436,7 @@ namespace DnsServerCore.Dns.ZoneManagers IReadOnlyList closestAuthority = delegation.QueryRecords(DnsResourceRecordType.NS, false, true); if ((closestAuthority.Count > 0) && (closestAuthority[0].Type == DnsResourceRecordType.NS) && (closestAuthority[0].Name.Length > 0)) //dont trust root name servers from cache! { - IReadOnlyList additional = GetAdditionalRecords(closestAuthority, false); + IReadOnlyList additional = GetAdditionalRecords(closestAuthority, false, false); return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, request.RecursionDesired, true, false, false, DnsResponseCode.NoError, request.Question, null, closestAuthority, additional); } @@ -592,7 +599,7 @@ namespace DnsServerCore.Dns.ZoneManagers case DnsResourceRecordType.NS: case DnsResourceRecordType.MX: case DnsResourceRecordType.SRV: - additional = GetAdditionalRecords(answers, serveStaleAndResetExpiry); + additional = GetAdditionalRecords(answers, serveStaleAndResetExpiry, request.DnssecOk); break; } @@ -618,7 +625,7 @@ namespace DnsServerCore.Dns.ZoneManagers options = new EDnsOption[] { new EDnsOption(EDnsOptionCode.EXTENDED_DNS_ERROR, new EDnsExtendedDnsErrorOption(EDnsExtendedDnsErrorCode.StaleAnswer, null)) }; } - return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, request.RecursionDesired, true, answers[0].DnssecStatus == DnssecStatus.Secure, request.CheckingDisabled, DnsResponseCode.NoError, request.Question, answers, authority, additional, _dnsServer.UdpPayloadSize, ednsFlags, options); + return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, request.RecursionDesired, true, answers[0].DnssecStatus == DnssecStatus.Secure, request.CheckingDisabled, DnsResponseCode.NoError, request.Question, answers, authority, additional, request.EDNS is null ? ushort.MinValue : _dnsServer.UdpPayloadSize, ednsFlags, options); } } else @@ -665,7 +672,7 @@ namespace DnsServerCore.Dns.ZoneManagers if (request.DnssecOk) closestAuthority = AddDSRecordsTo(delegation, serveStaleAndResetExpiry, closestAuthority); - IReadOnlyList additional = GetAdditionalRecords(closestAuthority, serveStaleAndResetExpiry); + IReadOnlyList additional = GetAdditionalRecords(closestAuthority, serveStaleAndResetExpiry, request.DnssecOk); return new DnsDatagram(request.Identifier, true, DnsOpcode.StandardQuery, false, false, request.RecursionDesired, true, closestAuthority[0].DnssecStatus == DnssecStatus.Secure, request.CheckingDisabled, DnsResponseCode.NoError, request.Question, null, closestAuthority, additional); }