Commit 3a3c7f52 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[master] Merge branch 'trac2586'

parents 24b3e0cb 8d1f4d45
......@@ -1372,17 +1372,11 @@ TEST_P(QueryTest, nxdomainWithNSEC) {
}
TEST_P(QueryTest, nxdomainWithNSEC2) {
// there seems to be a bug in the SQLite3 (or database in general) data
// source and this doesn't work (Trac #2586).
if (GetParam() == SQLITE3) {
return;
}
// See comments about no_txt. In this case the best possible wildcard
// is derived from the next domain of the NSEC that proves NXDOMAIN, and
// the NSEC to provide the non existence of wildcard is different from
// the first NSEC.
query.process(*list_, Name("(.no.example.com"), qtype, response,
query.process(*list_, Name("!.no.example.com"), qtype, response,
true);
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
NULL, (string(soa_minttl_txt) +
......@@ -1392,19 +1386,12 @@ TEST_P(QueryTest, nxdomainWithNSEC2) {
string("mx.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC") + "\n" +
string(nsec_no_txt) + "\n" +
string(").no.example.com. 3600 IN RRSIG ") +
string("&.no.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")).c_str(),
NULL, mock_finder->getOrigin());
}
TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
// there seems to be a bug in the SQLite3 (or database in general) data
// source and this doesn't work. This is probably the same type of bug
// as nxdomainWithNSEC2 (Trac #2586).
if (GetParam() == SQLITE3) {
return;
}
// See comments about nz_txt. In this case we only need one NSEC,
// which proves both NXDOMAIN and the non existence of wildcard.
query.process(*list_, Name("nx.no.example.com"), qtype, response,
......@@ -1414,7 +1401,7 @@ TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_no_txt) + "\n" +
string(").no.example.com. 3600 IN RRSIG ") +
string("&.no.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")).c_str(),
NULL, mock_finder->getOrigin());
}
......@@ -1528,7 +1515,7 @@ TEST_P(QueryTest, nxrrsetWithNSEC) {
TEST_P(QueryTest, emptyNameWithNSEC) {
// Empty non terminal with DNSSEC proof. This is one of the cases of
// Section 3.1.3.2 of RFC4035.
// mx.example.com. NSEC ).no.example.com. proves no.example.com. is a
// mx.example.com. NSEC &.no.example.com. proves no.example.com. is a
// non empty terminal node. Note that it also implicitly proves there
// should be no closer wildcard match (because the empty name is an
// exact match), so we only need one NSEC.
......
......@@ -150,32 +150,32 @@ t.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 e
;; the best possible wildcard is below the "next domain" of the NSEC RR that
;; proves the NXDOMAIN, i.e.,
;; mx.example.com. (exist)
;; (.no.example.com. (qname, NXDOMAIN)
;; ).no.example.com. (exist)
;; !.no.example.com. (qname, NXDOMAIN)
;; &.no.example.com. (exist)
;; *.no.example.com. (best possible wildcard, not exist)
;var=no_txt
\).no.example.com. 3600 IN AAAA 2001:db8::53
&.no.example.com. 3600 IN AAAA 2001:db8::53
;; NSEC records.
;var=nsec_apex_txt
example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
;var=
example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;var=nsec_mx_txt
mx.example.com. 3600 IN NSEC \).no.example.com. MX NSEC RRSIG
mx.example.com. 3600 IN NSEC &.no.example.com. MX NSEC RRSIG
;var=
mx.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;var=nsec_no_txt
\).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
&.no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
;var=
\).no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
&.no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
;; non existence of wildcard. The following records will be used for that
;; test.
;; ).no.example.com. (exist, whose NSEC proves everything)
;; &.no.example.com. (exist, whose NSEC proves everything)
;; *.no.example.com. (best possible wildcard, not exist)
;; nx.no.example.com. (NXDOMAIN)
;; nz.no.example.com. (exist)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment