Commit 9b1d96cc authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1583] added a test case of run time collision for wildcard no data + NSEC3

case.
parent bc105b59
......@@ -252,6 +252,11 @@ Query::addNXRRsetProof(ZoneFinder& finder,
// Case for RFC5155 Section 7.2.5
const ZoneFinder::FindNSEC3Result result(finder.findNSEC3(qname_,
true));
// We know there's no exact match for the qname, so findNSEC3() should
// return both closest and next proofs. If the latter is NULL, it
// means a run time collision (or the zone is broken in other way).
// In that case addRRset() will throw, and it will be converted to
// SERVFAIL.
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<AbstractRRset>(
result.closest_proof), dnssec_);
......
......@@ -1369,6 +1369,21 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC3) {
NULL, mock_finder->getOrigin());
}
TEST_F(QueryTest, wildcardNxrrsetWithNSEC3Collision) {
// Similar to the previous case, but emulating run time collision by
// returning NULL in the next closer proof for the closest encloser
// proof.
mock_finder->setNSEC3Flag(true);
ZoneFinder::FindNSEC3Result nsec3(true, 0, textToRRset(nsec3_apex_txt),
ConstRRsetPtr());
mock_finder->setNSEC3Result(&nsec3);
// Message::addRRset() will detect it and throw InvalidParameter.
EXPECT_THROW(Query(memory_client, Name("www1.uwild.example.com"),
RRType::TXT(), response, true).process(),
isc::InvalidParameter);
}
TEST_F(QueryTest, wildcardEmptyWithNSEC) {
// Empty WILDCARD with DNSSEC proof. We should have SOA, NSEC that proves
// the NXDOMAIN and their RRSIGs. In this case we need two NSEC RRs,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment