Tests, OKs?
diff --git doc/ChangeLog doc/ChangeLog
index 9bcf7de6ab6..018c484aac3 100644
--- doc/ChangeLog
+++ doc/ChangeLog
@@ -1,3 +1,45 @@
+24 November 2020: Wouter
+ - Merge PR #141: ZONEMD RR type.
+ - tag for 4.3.4rc1.
+
+23 November 2020: Wouter
+ - Fix #142: NODATA answers missin SOA in authority section after
+ CNAME chain.
+ - Fix for CVE-2020-28935 : Fix that symlink does not interfere
+ with chown of pidfile.
+ - fix writepid for retvalue 0.
+
+9 November 2020: Wouter
+ - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
+ - Fix to check nscount in previous fix for EDNS in formerr response
+ when there is no question.
+
+28 October 2020: Wouter
+ - Remove unused init_cfg_parse routine from configlexer.
+
+20 October 2020: Wouter
+ - Fix to add missing closest encloser NSEC3 for wildcard nodata type
+ DS answer.
+
+14 October 2020: Wouter
+ - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.
+
+13 October 2020: Wouter
+ - Fix missing parenthesis on size of fix to init buffer.
+
+12 October 2020: Wouter
+ - Fix #127: two minor `-Wcast-qual` cleanups
+ - Fix #126: minor header hygiene
+ - Fix #125: include config.h in compat/setproctitle.c and fix prototype
of `setproctitle`
+ - Fix #133: fix 0-init of local ( stack ) buffer.
+
+8 October 2020: Wouter
+ - tag for 4.3.3 release
+ - current repository contains 4.3.4 in development.
+ - Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
+ - Fix #128: Fix that the invalid port number is logged for sendmmsg
+ failed: Invalid argument.
+
1 October 2020: Wouter
- tag for 4.3.3rc1 release.
diff --git config.h.in config.h.in
index 4940c8e28ec..c528729cc75 100644
--- config.h.in
+++ config.h.in
@@ -946,7 +946,7 @@ char *nsd_strptime(const char *s, const char *format,
struct tm *tm);
#ifdef __linux__
#define HAVE_SETPROCTITLE 1
#include <stdarg.h>
-void setproctitle(char *fmt, ...);
+void setproctitle(const char *fmt, ...);
#endif
#endif
diff --git configlexer.lex configlexer.lex
index bb4dd3499c4..7ed3deb2f1f 100644
--- configlexer.lex
+++ configlexer.lex
@@ -36,16 +36,6 @@ struct inc_state {
};
static struct inc_state* config_include_stack = NULL;
static int inc_depth = 0;
-static int inc_prev = 0;
-static int num_args = 0;
-
-void init_cfg_parse(void)
-{
- config_include_stack = NULL;
- inc_depth = 0;
- inc_prev = 0;
- num_args = 0;
-}
static void config_start_include(const char* filename)
{
diff --git configure configure
index 1e8b73a0cd6..349068f5d0c 100644
--- configure
+++ configure
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for NSD 4.3.3.
+# Generated by GNU Autoconf 2.69 for NSD 4.3.4.
#
# Report bugs to <nsd-b...@nlnetlabs.nl>.
#
@@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='NSD'
PACKAGE_TARNAME='nsd'
-PACKAGE_VERSION='4.3.3'
-PACKAGE_STRING='NSD 4.3.3'
+PACKAGE_VERSION='4.3.4'
+PACKAGE_STRING='NSD 4.3.4'
PACKAGE_BUGREPORT='nsd-b...@nlnetlabs.nl'
PACKAGE_URL=''
@@ -1314,7 +1314,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures NSD 4.3.3 to adapt to many kinds of systems.
+\`configure' configures NSD 4.3.4 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1376,7 +1376,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of NSD 4.3.3:";;
+ short | recursive ) echo "Configuration of NSD 4.3.4:";;
esac
cat <<\_ACEOF
@@ -1536,7 +1536,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-NSD configure 4.3.3
+NSD configure 4.3.4
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2245,7 +2245,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by NSD $as_me 4.3.3, which was
+It was created by NSD $as_me 4.3.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -10835,7 +10835,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by NSD $as_me 4.3.3, which was
+This file was extended by NSD $as_me 4.3.4, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -10897,7 +10897,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-NSD config.status 4.3.3
+NSD config.status 4.3.4
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff --git configure.ac configure.ac
index cc13d344127..06e2f0e3b7e 100644
--- configure.ac
+++ configure.ac
@@ -5,7 +5,7 @@ dnl
sinclude(acx_nlnetlabs.m4)
sinclude(dnstap/dnstap.m4)
-AC_INIT(NSD,4.3.3,nsd-b...@nlnetlabs.nl)
+AC_INIT(NSD,4.3.4,nsd-b...@nlnetlabs.nl)
AC_CONFIG_HEADER([config.h])
#
@@ -1344,7 +1344,7 @@ char *nsd_strptime(const char *s, const char *format,
struct tm *tm);
#ifdef __linux__
#define HAVE_SETPROCTITLE 1
#include <stdarg.h>
-void setproctitle(char *fmt, ...);
+void setproctitle(const char *fmt, ...);
#endif
#endif
])
diff --git dname.c dname.c
index 2432f65f62e..6b9e964e147 100644
--- dname.c
+++ dname.c
@@ -109,7 +109,9 @@ dname_make_wire_from_packet(uint8_t *buf, buffer_type
*packet,
const uint8_t *label;
ssize_t mark = -1;
- memset(visited, 0, (buffer_limit(packet)+7)/8);
+ if(sizeof(visited)<(buffer_limit(packet)+7)/8)
+ memset(visited, 0, sizeof(visited));
+ else memset(visited, 0, (buffer_limit(packet)+7)/8);
while (!done) {
if (!buffer_available(packet, 1)) {
diff --git dns.c dns.c
index a5e4ad4c9a0..7375b296b04 100644
--- dns.c
+++ dns.c
@@ -308,8 +308,13 @@ static rrtype_descriptor_type
rrtype_descriptors[(RRTYPE_DESCRIPTORS_LENGTH+1)]
/* 62 - CSYNC */
{ TYPE_CSYNC, "CSYNC", T_CSYNC, 3, 3, { RDATA_WF_LONG, RDATA_WF_SHORT,
RDATA_WF_BINARY }, { RDATA_ZF_LONG, RDATA_ZF_SHORT, RDATA_ZF_NSEC } },
- /* 63 */
- { 63, NULL, T_UTYPE, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } },
+ /* 63 - ZONEMD */
+ { TYPE_ZONEMD, "ZONEMD", T_ZONEMD, 4, 4,
+ { RDATA_WF_LONG, /* serial */
+ RDATA_WF_BYTE, /* scheme */
+ RDATA_WF_BYTE, /* hash Algorithm */
+ RDATA_WF_BINARY }, /* digest */
+ { RDATA_ZF_PERIOD, RDATA_ZF_BYTE, RDATA_ZF_BYTE, RDATA_ZF_HEX } },
/* 64 */
{ 64, NULL, T_UTYPE, 1, 1, { RDATA_WF_BINARY }, { RDATA_ZF_UNKNOWN } },
/* 65 */
diff --git dns.h dns.h
index 7caea75eebe..b7d4a280cf3 100644
--- dns.h
+++ dns.h
@@ -141,6 +141,7 @@ typedef enum nsd_rc nsd_rc_type;
#define TYPE_CDNSKEY 60 /* RFC 7344 */
#define TYPE_OPENPGPKEY 61 /* RFC 7929 */
#define TYPE_CSYNC 62 /* RFC 7477 */
+#define TYPE_ZONEMD 63 /* draft-ietf-dnsop-dns-zone-digest */
#define TYPE_SPF 99 /* RFC 4408 */
diff --git doc/RELNOTES doc/RELNOTES
index def95dfd85d..9bb1202601f 100644
--- doc/RELNOTES
+++ doc/RELNOTES
@@ -1,5 +1,30 @@
NSD RELEASE NOTES
+4.3.4
+================
+FEATURES:
+ - Merge PR #141: ZONEMD RR type.
+BUG FIXES:
+ - Fix #129: ambiguous use of errno, in log message if sendmmsg fails.
+ - Fix #128: Fix that the invalid port number is logged for sendmmsg
+ failed: Invalid argument.
+ - Fix #127: two minor `-Wcast-qual` cleanups
+ - Fix #126: minor header hygiene
+ - Fix #125: include config.h in compat/setproctitle.c and fix
+ prototype of `setproctitle`
+ - Fix #133: fix 0-init of local ( stack ) buffer.
+ - Fix missing parenthesis on size of fix to init buffer.
+ - Fix #134: IPV4_MINIMAL_RESPONSE_SIZE vs EDNS_MAX_MESSAGE_LEN.
+ - Fix to add missing closest encloser NSEC3 for wildcard nodata type
+ DS answer.
+ - Remove unused init_cfg_parse routine from configlexer.
+ - Fix #138: NSD returns non-EDNS answer when QUESTION is empty.
+ - Fix #142: NODATA answers missin SOA in authority section after
+ CNAME chain.
+ - Fix for CVE-2020-28935 : Fix that symlink does not interfere
+ with chown of pidfile.
+
+
4.3.3
================
FEATURES:
diff --git nsd-checkconf.8.in nsd-checkconf.8.in
index 8f3dc7c2989..5355b408580 100644
--- nsd-checkconf.8.in
+++ nsd-checkconf.8.in
@@ -1,4 +1,4 @@
-.TH "nsd\-checkconf" "8" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3"
+.TH "nsd\-checkconf" "8" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git nsd-checkzone.8.in nsd-checkzone.8.in
index 88fb1d18744..27195a65517 100644
--- nsd-checkzone.8.in
+++ nsd-checkzone.8.in
@@ -1,4 +1,4 @@
-.TH "nsd\-checkzone" "8" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3"
+.TH "nsd\-checkzone" "8" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4"
.\" Copyright (c) 2014, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git nsd-control.8.in nsd-control.8.in
index 7b695eaf225..56ef19386a9 100644
--- nsd-control.8.in
+++ nsd-control.8.in
@@ -1,4 +1,4 @@
-.TH "nsd\-control" "8" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3"
+.TH "nsd\-control" "8" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4"
.\" Copyright (c) 2011, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git nsd.8.in nsd.8.in
index eacac97dfa1..cec7a9761eb 100644
--- nsd.8.in
+++ nsd.8.in
@@ -1,9 +1,9 @@
-.TH "NSD" "8" "Oct 8, 2020" "NLnet Labs" "NSD 4.3.3"
+.TH "NSD" "8" "Dec 1, 2020" "NLnet Labs" "NSD 4.3.4"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
.B nsd
-\- Name Server Daemon (NSD) version 4.3.3.
+\- Name Server Daemon (NSD) version 4.3.4.
.SH "SYNOPSIS"
.B nsd
.RB [ \-4 ]
diff --git nsd.c nsd.c
index 14561e5e361..28b294e8903 100644
--- nsd.c
+++ nsd.c
@@ -744,26 +744,43 @@ readpid(const char *file)
int
writepid(struct nsd *nsd)
{
- FILE * fd;
+ int fd;
char pidbuf[32];
+ size_t count = 0;
if(!nsd->pidfile || !nsd->pidfile[0])
return 0;
snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long) nsd->pid);
- if ((fd = fopen(nsd->pidfile, "w")) == NULL ) {
+ if((fd = open(nsd->pidfile, O_WRONLY | O_CREAT | O_TRUNC
+#ifdef O_NOFOLLOW
+ | O_NOFOLLOW
+#endif
+ , 0644)) == -1) {
log_msg(LOG_ERR, "cannot open pidfile %s: %s",
nsd->pidfile, strerror(errno));
return -1;
}
- if (!write_data(fd, pidbuf, strlen(pidbuf))) {
- log_msg(LOG_ERR, "cannot write pidfile %s: %s",
- nsd->pidfile, strerror(errno));
- fclose(fd);
- return -1;
+ while(count < strlen(pidbuf)) {
+ ssize_t r = write(fd, pidbuf+count, strlen(pidbuf)-count);
+ if(r == -1) {
+ if(errno == EAGAIN || errno == EINTR)
+ continue;
+ log_msg(LOG_ERR, "cannot write pidfile %s: %s",
+ nsd->pidfile, strerror(errno));
+ close(fd);
+ return -1;
+ } else if(r == 0) {
+ log_msg(LOG_ERR, "cannot write any bytes to "
+ "pidfile %s: write returns 0 bytes written",
+ nsd->pidfile);
+ close(fd);
+ return -1;
+ }
+ count += r;
}
- fclose(fd);
+ close(fd);
if (chown(nsd->pidfile, nsd->uid, nsd->gid) == -1) {
log_msg(LOG_ERR, "cannot chown %u.%u %s: %s",
diff --git nsd.conf.5.in nsd.conf.5.in
index e705586952f..bd8589d6978 100644
--- nsd.conf.5.in
+++ nsd.conf.5.in
@@ -1,4 +1,4 @@
-.TH "nsd.conf" "5" "Oct 8, 2020" "NLnet Labs" "nsd 4.3.3"
+.TH "nsd.conf" "5" "Dec 1, 2020" "NLnet Labs" "nsd 4.3.4"
.\" Copyright (c) 2001\-2008, NLnet Labs. All rights reserved.
.\" See LICENSE for the license.
.SH "NAME"
diff --git nsec3.c nsec3.c
index ef7c5ee6f96..c49014016cd 100644
--- nsec3.c
+++ nsec3.c
@@ -1077,6 +1077,17 @@ nsec3_answer_nodata(struct query* query, struct answer*
answer,
}
/* query->zone must be the parent zone */
nsec3_add_ds_proof(query, answer, original, 0);
+ /* if the DS is from a wildcard match */
+ if (original==original->wildcard_child_closest_match
+ &&
label_is_wildcard(dname_name(domain_dname(original)))) {
+ /* denial for wildcard is already there */
+ /* add parent proof to have a closest encloser proof
for wildcard parent */
+ /* in other words: nsec3 matching closest encloser */
+ if(original->parent && original->parent->nsec3 &&
+ original->parent->nsec3->nsec3_is_exact)
+ nsec3_add_rrset(query, answer,
AUTHORITY_SECTION,
+ original->parent->nsec3->nsec3_cover);
+ }
}
/* the nodata is result from a wildcard match */
else if (original==original->wildcard_child_closest_match
diff --git options.h options.h
index fdbd1c5f20b..14a7f88bfef 100644
--- options.h
+++ options.h
@@ -10,7 +10,6 @@
#ifndef OPTIONS_H
#define OPTIONS_H
-#include "config.h"
#include <stdarg.h>
#include "region-allocator.h"
#include "rbtree.h"
diff --git packet.h packet.h
index 097e9660f31..ed08dfae1d6 100644
--- packet.h
+++ packet.h
@@ -140,7 +140,7 @@ struct query;
#define MAXRRSPP 10240 /* Maximum number of rr's per
packet */
#define MAX_COMPRESSED_DNAMES MAXRRSPP /* Maximum number of compressed
domains. */
#define MAX_COMPRESSION_OFFSET 16383 /* Compression pointers are 14 bit. */
-#define IPV4_MINIMAL_RESPONSE_SIZE 1460 /* Recommended minimal edns
size for IPv4 */
+#define IPV4_MINIMAL_RESPONSE_SIZE 1232 /* Recommended minimal edns
size for IPv4 */
#define IPV6_MINIMAL_RESPONSE_SIZE 1220 /* Recommended minimal edns
size for IPv6 */
/* use round robin rotation */
diff --git query.c query.c
index 56eabd6ab19..5cdc877753d 100644
--- query.c
+++ query.c
@@ -918,9 +918,7 @@ answer_soa(struct query *query, answer_type *answer)
static void
answer_nodata(struct query *query, answer_type *answer, domain_type *original)
{
- if (query->cname_count == 0) {
- answer_soa(query, answer);
- }
+ answer_soa(query, answer);
#ifdef NSEC3
if (query->edns.dnssec_ok && query->zone->nsec3_param) {
@@ -1450,6 +1448,25 @@ query_process(query_type *q, nsd_type *nsd)
/* Dont bother to answer more than one question at once... */
if (QDCOUNT(q->packet) != 1) {
+ if(QDCOUNT(q->packet) == 0 && ANCOUNT(q->packet) == 0 &&
+ NSCOUNT(q->packet) == 0 && ARCOUNT(q->packet) == 1 &&
+ buffer_limit(q->packet) >= QHEADERSZ+OPT_LEN+
+ OPT_RDATA) {
+ /* add edns section to answer */
+ buffer_set_position(q->packet, QHEADERSZ);
+ if (edns_parse_record(&q->edns, q->packet, q, nsd)) {
+ if(process_edns(nsd, q) == NSD_RC_OK) {
+ int opcode = OPCODE(q->packet);
+ (void)query_error(q, NSD_RC_FORMAT);
+ query_add_optional(q, nsd);
+ FLAGS_SET(q->packet, FLAGS(q->packet) &
0x0100U);
+ /* Preserve the RD flag. Clear
the rest. */
+ OPCODE_SET(q->packet, opcode);
+ QR_SET(q->packet);
+ return QUERY_PROCESSED;
+ }
+ }
+ }
FLAGS_SET(q->packet, 0);
return query_formerr(q, nsd);
}
diff --git query.h query.h
index 0a511f5931b..2497f6f5fa9 100644
--- query.h
+++ query.h
@@ -87,9 +87,9 @@ struct query {
/*
* The number of CNAMES followed. After a CNAME is followed
- * we no longer change the RCODE to NXDOMAIN and no longer add
- * SOA records to the authority section in case of NXDOMAIN
- * and NODATA.
+ * we no longer clear AA for a delegation and do not REFUSE
+ * or SERVFAIL if the destination zone of the CNAME does not exist,
+ * or is configured but not present.
* Also includes number of DNAMES followed.
*/
int cname_count;
diff --git server.c server.c
index aaeaa6db574..b666d0c63d9 100644
--- server.c
+++ server.c
@@ -3373,7 +3373,7 @@ handle_udp(int fd, short event, void* arg)
#endif
errno == EAGAIN) {
/* block to wait until send buffer avail */
- int flag;
+ int flag, errstore;
if((flag = fcntl(fd, F_GETFL)) == -1) {
log_msg(LOG_ERR, "cannot fcntl F_GETFL:
%s", strerror(errno));
flag = 0;
@@ -3382,6 +3382,7 @@ handle_udp(int fd, short event, void* arg)
if(fcntl(fd, F_SETFL, flag) == -1)
log_msg(LOG_ERR, "cannot fcntl F_SETFL
0: %s", strerror(errno));
sent = nsd_sendmmsg(fd, &msgs[i], recvcount-i,
0);
+ errstore = errno;
flag |= O_NONBLOCK;
if(fcntl(fd, F_SETFL, flag) == -1)
log_msg(LOG_ERR, "cannot fcntl F_SETFL
O_NONBLOCK: %s", strerror(errno));
@@ -3389,6 +3390,7 @@ handle_udp(int fd, short event, void* arg)
i += sent;
continue;
}
+ errno = errstore;
}
/* don't log transient network full errors, unless
* on higher verbosity */
@@ -3398,8 +3400,8 @@ handle_udp(int fd, short event, void* arg)
#endif
errno != EAGAIN) {
const char* es = strerror(errno);
- char a[48];
- addr2str(&queries[i]->addr, a, sizeof(a));
+ char a[64];
+ addrport2str(&queries[i]->addr, a, sizeof(a));
log_msg(LOG_ERR, "sendmmsg [0]=%s count=%d
failed: %s", a, (int)(recvcount-i), es);
}
#ifdef BIND8_STATS
diff --git util.h util.h
index 9d243a311ba..d0b942869a2 100644
--- util.h
+++ util.h
@@ -230,9 +230,9 @@ static inline uint16_t
read_uint16(const void *src)
{
#ifdef ALLOW_UNALIGNED_ACCESSES
- return ntohs(* (uint16_t *) src);
+ return ntohs(* (const uint16_t *) src);
#else
- uint8_t *p = (uint8_t *) src;
+ const uint8_t *p = (const uint8_t *) src;
return (p[0] << 8) | p[1];
#endif
}
@@ -241,9 +241,9 @@ static inline uint32_t
read_uint32(const void *src)
{
#ifdef ALLOW_UNALIGNED_ACCESSES
- return ntohl(* (uint32_t *) src);
+ return ntohl(* (const uint32_t *) src);
#else
- uint8_t *p = (uint8_t *) src;
+ const uint8_t *p = (const uint8_t *) src;
return (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
#endif
}
@@ -251,7 +251,7 @@ read_uint32(const void *src)
static inline uint64_t
read_uint64(const void *src)
{
- uint8_t *p = (uint8_t *) src;
+ const uint8_t *p = (const uint8_t *) src;
return
((uint64_t)p[0] << 56) |
((uint64_t)p[1] << 48) |
diff --git zparser.y zparser.y
index 0b2e9554f25..7306ac13216 100644
--- zparser.y
+++ zparser.y
@@ -68,7 +68,7 @@ nsec3_add_params(const char* hash_algo_str, const char*
flag_str,
%token <type> T_AXFR T_MAILB T_MAILA T_DS T_DLV T_SSHFP T_RRSIG T_NSEC T_DNSKEY
%token <type> T_SPF T_NSEC3 T_IPSECKEY T_DHCID T_NSEC3PARAM T_TLSA T_URI
%token <type> T_NID T_L32 T_L64 T_LP T_EUI48 T_EUI64 T_CAA T_CDS T_CDNSKEY
-%token <type> T_OPENPGPKEY T_CSYNC T_AVC T_SMIMEA
+%token <type> T_OPENPGPKEY T_CSYNC T_ZONEMD T_AVC T_SMIMEA
/* other tokens */
%token DOLLAR_TTL DOLLAR_ORIGIN NL SP
@@ -670,6 +670,8 @@ type_and_rdata:
| T_OPENPGPKEY sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); }
| T_CSYNC sp rdata_csync
| T_CSYNC sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); }
+ | T_ZONEMD sp rdata_zonemd
+ | T_ZONEMD sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); }
| T_URI sp rdata_uri
| T_URI sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); }
| T_UTYPE sp rdata_unknown { $$ = $1; parse_unknown_rdata($1, $3); }
@@ -1122,6 +1124,16 @@ rdata_csync: STR sp STR nsec_seq
}
;
+/* draft-ietf-dnsop-dns-zone-digest */
+rdata_zonemd: STR sp STR sp STR sp str_sp_seq trail
+ {
+ zadd_rdata_wireformat(zparser_conv_serial(parser->region, $1.str));
/* serial */
+ zadd_rdata_wireformat(zparser_conv_byte(parser->region, $3.str));
/* scheme */
+ zadd_rdata_wireformat(zparser_conv_byte(parser->region, $5.str));
/* hash algorithm */
+ zadd_rdata_wireformat(zparser_conv_hex(parser->region, $7.str,
$7.len)); /* digest */
+ }
+ ;
+
rdata_unknown: URR sp STR sp str_sp_seq trail
{
/* $2 is the number of octets, currently ignored */
--
I'm not entirely sure you are real.
