Opened 8 years ago

Closed 8 years ago

#1701 closed defect (fixed)

in-mem ds dnssec wildcard response error

Reported by: jelte Owned by: jinmei
Priority: high Milestone: Sprint-20120306
Component: b10-auth Version:
Keywords: Cc:
CVSS Scoring: Parent Tickets:
Sensitive: no Defect Severity: N/A
Sub-Project: DNS Feature Depending on Ticket:
Estimated Difficulty: 3 Add Hours to Ticket: 0
Total Hours: 1.75 Internal?: no

Description

In #1696, I found one problem with the DNSSEC NSEC3 responses, but the error is not necessarily NSEC3-related (also reproduced with a normal signed zone); When answering a dnssec query with a expanded wildcard response, the RRSIG for the wildcard is omitted.

Putting this in current sprint, as I think it should be relatively easy to fix and we should fix this before next week.

Subtickets

Change History (8)

comment:1 Changed 8 years ago by jinmei

  • Owner set to jinmei
  • Status changed from new to accepted

comment:2 Changed 8 years ago by jinmei

trac1701 is ready for review.

I've merged trac1696 (lettuce tests) and enabled the commented-out
tests that failed due to this bug, to see if it works at the system
level too. The first commit is just for merge and should be ignored
for review.

I expect #1696 will be merged quite soon, but if not we could just
cherry-pick the main fix (starting from e467963).

Although it could be a "user-visible" fix, I don't plan to add a
changelog entry for it as in-memory hasn't even supported signed zone
at all until very recently (not in the previous release or older).

comment:3 Changed 8 years ago by jinmei

  • Owner changed from jinmei to UnAssigned
  • Status changed from accepted to reviewing

comment:4 Changed 8 years ago by jelte

  • Owner changed from UnAssigned to jelte

comment:5 follow-up: Changed 8 years ago by jelte

  • Owner changed from jelte to jinmei

Looks good, can be merged.

since merging this now would include 1696-so-far, i suggest you do it after you've checked 1696 and it's been merged (or perhaps i can merge this back into 1696 before i merge 1696)

comment:6 in reply to: ↑ 5 ; follow-up: Changed 8 years ago by jinmei

Replying to jelte:

Looks good, can be merged.

since merging this now would include 1696-so-far, i suggest you do it after you've checked 1696 and it's been merged (or perhaps i can merge this back into 1696 before i merge 1696)

Okay, I'll wait to see if 1696 is merged first, and if it doesn't
happen within this week I'll cherry-pick the bug fix part of this
branch to master. Until then I'll keep this ticket open, still
assigned to me.

comment:7 in reply to: ↑ 6 Changed 8 years ago by jinmei

Replying to jinmei:

since merging this now would include 1696-so-far, i suggest you do it after you've checked 1696 and it's been merged (or perhaps i can merge this back into 1696 before i merge 1696)

Okay, I'll wait to see if 1696 is merged first, and if it doesn't
happen within this week I'll cherry-pick the bug fix part of this
branch to master. Until then I'll keep this ticket open, still
assigned to me.

So, I've merged the fix part of the branch to master. I'm closing
this ticket.

comment:8 Changed 8 years ago by jinmei

  • Estimated Difficulty changed from 0 to 3
  • Resolution set to fixed
  • Status changed from reviewing to closed
  • Total Hours changed from 0 to 1.75

btw: I've given an estimation of 3 to this ticket at my discretion.

Note: See TracTickets for help on using tickets.