diff --git a/pdns/recursordist/pdns_recursor.cc b/pdns/recursordist/pdns_recursor.cc index d3d3c4e75f52..c8d77549c9ae 100644 --- a/pdns/recursordist/pdns_recursor.cc +++ b/pdns/recursordist/pdns_recursor.cc @@ -779,6 +779,9 @@ int getFakeAAAARecords(const DNSName& qname, ComboAddress prefix, vectorsortlist.getOrderCmp(comboWriter->d_source)) { stable_sort(ret.begin(), ret.end(), *listToSort); diff --git a/pdns/recursordist/syncres.cc b/pdns/recursordist/syncres.cc index e88fc6fd8e33..6ffa9af9062a 100644 --- a/pdns/recursordist/syncres.cc +++ b/pdns/recursordist/syncres.cc @@ -2727,6 +2727,7 @@ bool SyncRes::doCNAMECacheCheck(const DNSName& qname, const QType qtype, vector< // so you can't trust that a real lookup will have been made. res = doResolve(newTarget, qtype, ret, depth + 1, beenthere, cnameContext); LOG(prefix << qname << ": Updating validation state for response to " << qname << " from " << context.state << " with the state from the DNAME/CNAME quest: " << cnameContext.state << endl); + pdns::dedupRecords(ret); // multiple NSECS coudl be added, #14120 updateValidationState(qname, context.state, cnameContext.state, prefix); return true; @@ -4434,9 +4435,11 @@ void SyncRes::sanitizeRecordsPass2(const std::string& prefix, LWResult& lwr, con } lwr.d_records = std::move(vec); } +#ifdef notyet if (auto count = pdns::dedupRecords(lwr.d_records); count > 0) { LOG(prefix << qname << ": Removed " << count << " duplicate records from response received from " << auth << endl); } +#endif } void SyncRes::rememberParentSetIfNeeded(const DNSName& domain, const vector& newRecords, unsigned int depth, const string& prefix) diff --git a/pdns/recursordist/test-syncres_cc5.cc b/pdns/recursordist/test-syncres_cc5.cc index e0eb6a4d1ae3..a1e873e02ebf 100644 --- a/pdns/recursordist/test-syncres_cc5.cc +++ b/pdns/recursordist/test-syncres_cc5.cc @@ -1575,6 +1575,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); return LWResult::Result::Success; } + // The code below introduces duplicate NSEC3 records if (address == ComboAddress("192.0.2.1:53")) { setLWResult(res, 0, true, false, true); /* no data */ @@ -1603,8 +1604,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); - /* the duplicated NSEC3 should have been dedupped */ - BOOST_REQUIRE_EQUAL(ret.size(), 8U); + /* the duplicated NSEC3 have not been dedupped */ + BOOST_REQUIRE_EQUAL(ret.size(), 9U); BOOST_CHECK_EQUAL(queriesCount, 4U); /* again, to test the cache */ @@ -1612,8 +1613,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); - /* the duplicated NSEC3 should have been dedupped */ - BOOST_REQUIRE_EQUAL(ret.size(), 8U); + /* the duplicated NSEC3 have not been dedupped */ + BOOST_REQUIRE_EQUAL(ret.size(), 9U); BOOST_CHECK_EQUAL(queriesCount, 4U); }