1 |
hwoarang 09/11/10 13:53:35 |
2 |
|
3 |
Added: adns-1.4-cnamechain.patch |
4 |
Log: |
5 |
Fix cname issue ( bug #292545 ). EAPI2fy it |
6 |
(Portage version: 2.2_rc49/cvs/Linux x86_64) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 net-libs/adns/files/adns-1.4-cnamechain.patch |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/adns/files/adns-1.4-cnamechain.patch?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-libs/adns/files/adns-1.4-cnamechain.patch?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: adns-1.4-cnamechain.patch |
15 |
=================================================================== |
16 |
[ADNS] Re: CNAME chains |
17 |
Brad Spencer spencer at infointeractive.com |
18 |
Mon, 28 Aug 2006 14:43:00 -0300 |
19 |
|
20 |
Previous message: CNAME chains |
21 |
Next message: CNAME chains option |
22 |
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] |
23 |
--pf9I7BMVVzbSWLtt |
24 |
Content-Type: text/plain; charset=us-ascii |
25 |
Content-Disposition: inline |
26 |
|
27 |
On Fri, Aug 25, 2006 at 11:36:04AM -0700, William Ahern wrote: |
28 |
> On Fri, Aug 25, 2006 at 09:39:01AM +0100, peter burden wrote: |
29 |
> > Hello, |
30 |
> > Is there any way to make ADNS follow CNAME chains ? |
31 |
> > |
32 |
> > I have set the adns_qf_cname_loose query flag and it seems OK for a |
33 |
> > single |
34 |
> > CNAME - e.g. (output from 'dig') |
35 |
|
36 |
I posted a small patch back in 2003 that made changes to adns so that |
37 |
it would follow CNAME chains. See |
38 |
|
39 |
http://www.chiark.greenend.org.uk/pipermail/adns-discuss/2003/001072.html |
40 |
|
41 |
The patch included in that post is against an old adns version, so I |
42 |
have attached my latest version of the patch to this message. (I have |
43 |
not tested that the attached patch applied cleanly to the current adns |
44 |
source, but it may be slightly more in sync with the current version.) |
45 |
|
46 |
> CNAME chains are technically not allowed. Such chains are violations of the |
47 |
> specifications. Also, I believe MX host lookups returning CNAMEs (i.e. MX |
48 |
> yahoo.com -> A mail.yahoo.com -> CNAME foo) is also illegal. |
49 |
|
50 |
I have also been told that CNAME chains are illegal, but I can not |
51 |
find any actual text that says that a resolver should fail when it |
52 |
encounters them. In fact, RFC 1034 Section 3.6.2 says: |
53 |
|
54 |
Domain names in RRs which point at another name should always point at |
55 |
the primary name and not the alias. This avoids extra indirections in |
56 |
accessing information. For example, the address to name RR for the |
57 |
above host should be: |
58 |
|
59 |
52.0.0.10.IN-ADDR.ARPA IN PTR C.ISI.EDU |
60 |
|
61 |
rather than pointing at USC-ISIC.ARPA. |
62 |
|
63 |
The above implies that CNAME chains are illegal, IMO. But then, the |
64 |
next sentence is: |
65 |
|
66 |
Of course, by the robustness principle, domain software should not |
67 |
fail when presented with CNAME chains or loops; CNAME chains |
68 |
should be followed and CNAME loops signalled as an error. |
69 |
|
70 |
This advice, coupled with the fact that CNAME chains exist in the |
71 |
wild, triggered me to create the patch in the first place. My patch |
72 |
doesn't detect loops, but instead simply won't follow chains longer |
73 |
than a certain (hard-coded) size. |
74 |
|
75 |
Hope this helps! |
76 |
|
77 |
-- |
78 |
------------------------------------------------------------------ |
79 |
Brad Spencer - spencer@×××××××××××××××.com - "It's quite nice..." |
80 |
Systems Architect | InfoInterActive Corp. | A Canadian AOL Company |
81 |
|
82 |
--pf9I7BMVVzbSWLtt |
83 |
Content-Type: text/plain; charset=us-ascii |
84 |
Content-Disposition: attachment; filename="cname_chains.diff" |
85 |
|
86 |
Index: src/internal.h |
87 |
=================================================================== |
88 |
RCS file: /iia/cvsroot/3rdParty/gnu/adns/adns-1.0/src/internal.h,v |
89 |
retrieving revision 1.3 |
90 |
retrieving revision 1.4 |
91 |
diff -u -p -r1.3 -r1.4 |
92 |
--- src/internal.h 2 Oct 2003 17:01:46 -0000 1.3 |
93 |
+++ src/internal.h 2 Oct 2003 17:14:29 -0000 1.4 |
94 |
@@ -206,6 +206,9 @@ struct adns__query { |
95 |
int cname_dglen, cname_begin; |
96 |
/* If non-0, has been allocated using . */ |
97 |
|
98 |
+ int cname_alias_hops_left; |
99 |
+ /* The number of cname alias hops we will allow */ |
100 |
+ |
101 |
vbuf search_vb; |
102 |
int search_origlen, search_pos, search_doneabs; |
103 |
/* Used by the searching algorithm. The query domain in textual form |
104 |
Index: src/query.c |
105 |
=================================================================== |
106 |
RCS file: /iia/cvsroot/3rdParty/gnu/adns/adns-1.0/src/query.c,v |
107 |
retrieving revision 1.3 |
108 |
retrieving revision 1.4 |
109 |
diff -u -p -r1.3 -r1.4 |
110 |
--- src/query.c 2 Oct 2003 17:01:47 -0000 1.3 |
111 |
+++ src/query.c 2 Oct 2003 17:14:29 -0000 1.4 |
112 |
@@ -63,6 +63,8 @@ static adns_query query_alloc(adns_state |
113 |
|
114 |
qu->cname_dgram= 0; |
115 |
qu->cname_dglen= qu->cname_begin= 0; |
116 |
+ /* Allow CNAME chains up to some sane limit */ |
117 |
+ qu->cname_alias_hops_left = 10; |
118 |
|
119 |
adns__vbuf_init(&qu->search_vb); |
120 |
qu->search_origlen= qu->search_pos= qu->search_doneabs= 0; |
121 |
Index: src/reply.c |
122 |
=================================================================== |
123 |
RCS file: /iia/cvsroot/3rdParty/gnu/adns/adns-1.0/src/reply.c,v |
124 |
retrieving revision 1.3 |
125 |
retrieving revision 1.4 |
126 |
diff -u -p -r1.3 -r1.4 |
127 |
--- src/reply.c 2 Oct 2003 17:01:47 -0000 1.3 |
128 |
+++ src/reply.c 2 Oct 2003 17:14:30 -0000 1.4 |
129 |
@@ -191,12 +191,13 @@ void adns__procdgram(adns_state ads, con |
130 |
if (qu->flags & adns_qf_cname_forbid) { |
131 |
adns__query_fail(qu,adns_s_prohibitedcname); |
132 |
return; |
133 |
- } else if (qu->cname_dgram) { /* Ignore second and subsequent CNAME(s) */ |
134 |
+ } else if (qu->cname_dgram && --(qu->cname_alias_hops_left) <= 0) { /* Don't follow "too long" CNAME chains */ |
135 |
adns__debug(ads,serv,qu,"allegedly canonical name %s" |
136 |
- " is actually alias for %s", qu->answer->cname, |
137 |
+ " is actually alias for %s and aliases too deep", |
138 |
+ qu->answer->cname, |
139 |
adns__diag_domain(ads,serv,qu, &qu->vb, |
140 |
dgram,dglen,rdstart)); |
141 |
- adns__query_fail(qu,adns_s_prohibitedcname); |
142 |
+ adns__query_fail(qu,adns_s_norecurse); |
143 |
return; |
144 |
} else if (wantedrrs) { /* Ignore CNAME(s) after RR(s). */ |
145 |
adns__debug(ads,serv,qu,"ignoring CNAME (to %s) coexisting with RR", |
146 |
|
147 |
--pf9I7BMVVzbSWLtt-- |