Commit 32d9c527 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1570] added a real test for "above delegation" that fails and fixed it

in the implementation.
parent 47bca52b
......@@ -257,13 +257,24 @@ Query::addAuthAdditional(ZoneFinder& finder) {
namespace {
// A simple wrapper for DataSourceClient::findZone(). Normally we can simply
// check the closest zone to the qname, but for type DS query we need to
// look into the parent zone.
findZone(const DataSourceClient& client, const Name& qname, RRType qtype) {
if (qtype != RRType::DS()) {
return (client.findZone(qname));
return (client.findZone(qname.split(1)));
Query::process() {
const bool qtype_is_any = (qtype_ == RRType::ANY());
response_.setHeaderFlag(Message::HEADERFLAG_AA, false);
const DataSourceClient::FindResult result =
// Found a zone which is the nearest ancestor to QNAME
const DataSourceClient::FindResult result = findZone(datasrc_client_,
qname_, qtype_);
// If we have no matching authoritative zone for the query name, return
// REFUSED. In short, this is to be compatible with BIND 9, but the
......@@ -272,16 +283,19 @@ Query::process() {
if (result.code != result::SUCCESS &&
result.code != result::PARTIALMATCH) {
response_.setHeaderFlag(Message::HEADERFLAG_AA, false);
ZoneFinder& zfinder = *result.zone_finder;
// Found a zone which is the nearest ancestor to QNAME, set the AA bit
// We have authority for a zone that contain the query name (possibly
// indirectly via delegation). Look into the zone.
std::vector<ConstRRsetPtr> target;
boost::function0<ZoneFinder::FindResult> find;
const bool qtype_is_any = (qtype_ == RRType::ANY());
if (qtype_is_any) {
find = boost::bind(&ZoneFinder::findAll, &zfinder, qname_,
boost::ref(target), dnssec_opt_);
......@@ -1613,13 +1613,36 @@ TEST_F(QueryTest, findNSEC3) {
mock_finder->findNSEC3(Name(""), false));
// TODO: Check the additional/authority sections are correct. The first one
// probably misses some of the RRSigs anyway, they need to be added.
// This tests that the DS is returned above the delegation point as
// an authoritative answer, not a delegation. This is as described in
// RFC 4035, section
// This mock finder is used for some DS-query test(s) to check if the lookup
// takes place at the parent zone, not at this (broken) zone.
class BrokenChildZoneFinder : public MockZoneFinder {
BrokenChildZoneFinder(const Name& origin) :
MockZoneFinder(), origin_(origin)
virtual isc::dns::Name getOrigin() const { return (origin_); }
virtual FindResult find(const isc::dns::Name&,
const isc::dns::RRType&,
const FindOptions)
"BrokenChildZoneFinder::find shouldn't be called");
const Name origin_;
TEST_F(QueryTest, dsAboveDelegation) {
// Pretending to have authority for the child zone, too.
memory_client.addZone(ZoneFinderPtr(new BrokenChildZoneFinder(
// The following will succeed only if the search goes to the parent
// zone, not the child one we added above.
EXPECT_NO_THROW(Query(memory_client, Name(""),
RRType::DS(), response, true).process());
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment