fergalmoran/DnsServer
1
0
Fork 0
mirror of https://github.com/fergalmoran/DnsServer.git synced 2026-03-06 21:45:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

AuthZoneTree: fixed bug in FindNSec3ProofOfNonExistenceNxDomain() that caused infinite loop in some scenarios and removed cancellation code.

Browse Source
This commit is contained in:
Shreyas Zare
2024-12-21 15:27:39 +05:30
parent 9f880ce4fb
commit db193e217c
1 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
DnsServerCore/Dns/Trees/AuthZoneTree.cs
View File

@@ -893,7 +893,7 @@ namespace DnsServerCore.Dns.Trees
return nsecRecords;
}
public IReadOnlyList<DnsResourceRecord> FindNSec3ProofOfNonExistenceNxDomain(string domain, bool isWildcardAnswer, CancellationToken cancellationToken)
public IReadOnlyList<DnsResourceRecord> FindNSec3ProofOfNonExistenceNxDomain(string domain, bool isWildcardAnswer)
{
List<DnsResourceRecord> nsec3Records = new List<DnsResourceRecord>(3 * 2);
@@ -905,8 +905,6 @@ namespace DnsServerCore.Dns.Trees
while (true)
{
cancellationToken.ThrowIfCancellationRequested();
AuthZone previousNSec3Zone = FindPreviousSubDomainZone(zoneName, currentOwnerName);
if (previousNSec3Zone is null)
break;
@@ -926,18 +924,13 @@ namespace DnsServerCore.Dns.Trees
//didnt find previous NSEC3; find the last NSEC3
currentOwnerName = hashedOwnerName;
while (true)
//find first auth zone
AuthZone nextNSec3Zone = GetAuthZone(zoneName, currentOwnerName);
if (nextNSec3Zone is null)
nextNSec3Zone = FindNextSubDomainZone(zoneName, currentOwnerName);
while (nextNSec3Zone is not null)
{
cancellationToken.ThrowIfCancellationRequested();
AuthZone nextNSec3Zone = GetAuthZone(zoneName, currentOwnerName);
if (nextNSec3Zone is null)
{
nextNSec3Zone = FindNextSubDomainZone(zoneName, currentOwnerName);
if (nextNSec3Zone is null)
break;
}
IReadOnlyList<DnsResourceRecord> nextNSec3Records = nextNSec3Zone.QueryRecords(DnsResourceRecordType.NSEC3, true);
if (nextNSec3Records.Count > 0)
{
@@ -955,6 +948,9 @@ namespace DnsServerCore.Dns.Trees
{
currentOwnerName = nextNSec3Zone.Name;
}
//find next auth zone
nextNSec3Zone = FindNextSubDomainZone(zoneName, currentOwnerName);
}
}
@@ -1009,8 +1005,6 @@ namespace DnsServerCore.Dns.Trees
while (true)
{
cancellationToken.ThrowIfCancellationRequested();
string nextCloserName = DnsNSEC3RecordData.GetNextCloserName(domain, closestEncloser);
hashedNextCloserName = nsec3Param.ComputeHashedOwnerNameBase32HexString(nextCloserName) + (closestAuthority.Name.Length > 0 ? "." + closestAuthority.Name : "");
@@ -1075,7 +1069,7 @@ namespace DnsServerCore.Dns.Trees
return nsecRecords;
}
public IReadOnlyList<DnsResourceRecord> FindNSec3ProofOfNonExistenceNoData(AuthZone zone, ApexZone apexZone, CancellationToken cancellationToken)
public IReadOnlyList<DnsResourceRecord> FindNSec3ProofOfNonExistenceNoData(AuthZone zone, ApexZone apexZone)
{
IReadOnlyList<DnsResourceRecord> nsec3ParamRecords = apexZone.GetRecords(DnsResourceRecordType.NSEC3PARAM);
if (nsec3ParamRecords.Count == 0)
@@ -1088,7 +1082,7 @@ namespace DnsServerCore.Dns.Trees
if (nsec3Zone is null)
{
//this is probably since the domain in request is for an nsec3 record owner name
return FindNSec3ProofOfNonExistenceNxDomain(zone.Name, false, cancellationToken);
return FindNSec3ProofOfNonExistenceNxDomain(zone.Name, false);
}
return FindNSec3ProofOfNonExistenceNoData(nsec3Zone);