Browse Source

[1612] simply return servfail

rather than trying to be smart
Jelte Jansen 13 years ago
parent
commit
d93639f9d8
2 changed files with 6 additions and 16 deletions
  1. 3 13
      src/bin/auth/auth_srv.cc
  2. 3 3
      src/bin/auth/tests/auth_srv_unittest.cc

+ 3 - 13
src/bin/auth/auth_srv.cc

@@ -479,12 +479,12 @@ AuthSrv::processMessage(const IOMessage& io_message, MessagePtr message,
         return;
     }
 
+    bool send_answer = true;
     try {
         // update per opcode statistics counter.  This can only be reliable
         // after TSIG check succeeds.
         impl_->counters_.inc(message->getOpcode());
 
-        bool send_answer = true;
         if (message->getOpcode() == Opcode::NOTIFY()) {
             send_answer = impl_->processNotify(io_message, message, buffer,
                                                tsig_context);
@@ -508,22 +508,12 @@ AuthSrv::processMessage(const IOMessage& io_message, MessagePtr message,
                                                         buffer, tsig_context);
             }
         }
-
-        impl_->resumeServer(server, message, send_answer);
-    } catch (const isc::Unexpected&) {
-        // If the error was unexpected protocol, don't even bother responding
-        // (If we see other Unexpected's here, we should probably change to
-        // a specific exception for unknown protocol)
-        impl_->resumeServer(server, message, false);
     } catch (const isc::Exception&) {
-        // For ISC Exceptions, respond with servfail
         makeErrorMessage(message, buffer, Rcode::SERVFAIL());
-        impl_->resumeServer(server, message, true);
     } catch (...) {
-        // Drop the query on any other exceptions (do we want servfail here
-        // too?)
-        impl_->resumeServer(server, message, false);
+        makeErrorMessage(message, buffer, Rcode::SERVFAIL());
     }
+    impl_->resumeServer(server, message, send_answer);
 }
 
 bool

+ 3 - 3
src/bin/auth/tests/auth_srv_unittest.cc

@@ -1254,7 +1254,7 @@ TEST_F(AuthSrvTest, queryWithInMemoryClientProxyFindZoneStdException) {
 
     setupThrow(&server, CONFIG_INMEMORY_EXAMPLE, throw_at_find_zone,
                        false);
-    EXPECT_FALSE(dnsserv.hasAnswer());
+    processAndCheckSERVFAIL();
 }
 
 // Throw isc::Exception at getOrigin(), should result in SERVFAIL
@@ -1302,7 +1302,7 @@ TEST_F(AuthSrvTest, queryWithInMemoryClientProxyFindStdException) {
     createDataFromFile("nsec3query_nodnssec_fromWire.wire");
     setupThrow(&server, CONFIG_INMEMORY_EXAMPLE, throw_at_find,
                        false);
-    EXPECT_FALSE(dnsserv.hasAnswer());
+    processAndCheckSERVFAIL();
 }
 
 // Throw isc::Exception in findNSEC3(), should result in SERVFAIL
@@ -1324,7 +1324,7 @@ TEST_F(AuthSrvTest, queryWithInMemoryClientProxyFindNSEC3StdException) {
     createRequestPacket(request_message, IPPROTO_UDP);
     setupThrow(&server, CONFIG_INMEMORY_EXAMPLE, throw_at_find_nsec3,
                        false);
-    EXPECT_FALSE(dnsserv.hasAnswer());
+    processAndCheckSERVFAIL();
 }
 
 }