Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
Kea
Commits
f9593f5d
Commit
f9593f5d
authored
Feb 14, 2012
by
Jelte Jansen
Browse files
[1582] comments and dox
parent
0db8f9c9
Changes
3
Hide whitespace changes
Inline
Side-by-side
src/bin/auth/query.cc
View file @
f9593f5d
...
...
@@ -248,7 +248,8 @@ Query::addNXRRsetProof(ZoneFinder& finder,
boost
::
const_pointer_cast
<
AbstractRRset
>
(
result
.
closest_proof
),
dnssec_
);
// For qtype == DS, next_proof could be set
// (Do we want to double-check for opt-out here?)
// (We could check for opt-out here, but that's really the
// responsibility of the datasource)
if
(
qtype_ds
&&
result
.
next_proof
!=
ConstRRsetPtr
())
{
response_
.
addRRset
(
Message
::
SECTION_AUTHORITY
,
boost
::
const_pointer_cast
<
AbstractRRset
>
(
...
...
src/bin/auth/query.h
View file @
f9593f5d
...
...
@@ -88,8 +88,9 @@ private:
/// \brief Adds NSEC denial proof for the given NXRRset result
///
/// NSEC records, if available (signaled by isNSECSigned(), are added
/// to the authority section.
/// If available, NSEC or NSEC3 records are added to the authority
/// section (depending on whether isNSECSigned() or isNSEC3Signed()
/// returns true.
///
/// \param finder The ZoneFinder that was used to search for the missing
/// data
...
...
src/bin/auth/tests/query_unittest.cc
View file @
f9593f5d
...
...
@@ -1699,26 +1699,32 @@ TEST_F(QueryTest, nxrrsetMissingNSEC3) {
response
,
true
).
process
(),
Query
::
BadNSEC3
);
}
// Check the exact matching NSEC3 is returned for NXRRSET and qtype DS
TEST_F
(
QueryTest
,
nxrrsetWithNSEC3_ds_exact
)
{
mock_finder
->
setNSEC3Flag
(
true
);
// This delegation has no DS, but does have a matching NSEC3 record
// (See RFC5155 section 7.2.4)
Query
(
memory_client
,
Name
(
"unsigned-delegation.example.com."
),
RRType
::
DS
(),
response
,
true
).
process
();
responseCheck
(
response
,
Rcode
::
NOERROR
(),
AA_FLAG
,
0
,
4
,
0
,
NULL
,
(
string
(
soa_txt
)
+
string
(
"example.com. 3600 IN RRSIG "
)
+
getCommonRRSIGText
(
"SOA"
)
+
"
\n
"
+
string
(
unsigned_delegation_nsec3_txt
)
+
"
\n
"
+
mock_finder
->
hash_map_
[
Name
(
"unsigned-delegation.example.com."
)]
+
mock_finder
->
hash_map_
[
Name
(
"unsigned-delegation.example.com."
)]
+
".example.com. 3600 IN RRSIG "
+
getCommonRRSIGText
(
"NSEC3"
)
+
"
\n
"
).
c_str
(),
NULL
,
mock_finder
->
getOrigin
());
}
// Check the signature is present when an NXRRSET is returned and qtype is DS
TEST_F
(
QueryTest
,
nxrrsetWithNSEC3_ds_no_exact
)
{
mock_finder
->
setNSEC3Flag
(
true
);
// This delegation has no DS, and no directly matching NSEC3 record
// So the response should contain closest encloser proof (and the
// 'next closer' should have opt-out set, though that is not
// actually checked)
// (See RFC5155 section 7.2.4)
Query
(
memory_client
,
Name
(
"unsigned-delegation-optout.example.com."
),
RRType
::
DS
(),
response
,
true
).
process
();
responseCheck
(
response
,
Rcode
::
NOERROR
(),
AA_FLAG
,
0
,
6
,
0
,
NULL
,
...
...
@@ -1729,13 +1735,13 @@ TEST_F(QueryTest, nxrrsetWithNSEC3_ds_no_exact) {
".example.com. 3600 IN RRSIG "
+
getCommonRRSIGText
(
"NSEC3"
)
+
"
\n
"
+
string
(
unsigned_delegation_nsec3_txt
)
+
"
\n
"
+
mock_finder
->
hash_map_
[
Name
(
"unsigned-delegation.example.com."
)]
+
mock_finder
->
hash_map_
[
Name
(
"unsigned-delegation.example.com."
)]
+
".example.com. 3600 IN RRSIG "
+
getCommonRRSIGText
(
"NSEC3"
)
+
"
\n
"
).
c_str
(),
NULL
,
mock_finder
->
getOrigin
());
}
// The following are tentative tests until we really add tests for the
// query logic for these cases. At that point it's probably better to
// clean them up.
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment