Commit bbb0752c authored by Mukund Sivaraman's avatar Mukund Sivaraman

Merge branch 'master' into trac2421

parents e650a0f7 33283af8
508. [bug] stephen
Split the DHCP library into two directories, each with its own
Makefile. This properly solves the problem whereby a "make"
operation with multiple threads could fail because of the
dependencies between two libraries in the same directory.
(Trac #2475, git 834fa9e8f5097c6fd06845620f68547a97da8ff8)
bind10-devel-20121115 released on November 15, 2012
507. [doc] jelte
Added a chapter about the use of the bindctl command tool to
to the BIND 10 guide.
(Trac #2305, git c4b0294b5bf4a9d32fb18ab62ca572f492788d72)
506. [security] jinmei
Fixed a use-after-free case in handling DNAME record with the
in-memory data source. This could lead to a crash of b10-auth
if it serves a zone containing a DNAME RR from the in-memory
data source. This bug was introduced at bind10-devel-20120927.
(Trac #2471, git 2b1793ac78f972ddb1ae2fd092a7f539902223ff)
505. [bug] jelte
Fixed a bug in b10-xfrin where a wrong call was made during the
final check of a TSIG-signed transfer, incorrectly rejecting the
transfer.
(Trac #2464, git eac81c0cbebee72f6478bdb5cda915f5470d08e1)
504. [bug]* naokikambe
Fixed an XML format viewed from b10-stats-httpd. Regarding
per-zone counters as zones of Xfrout, a part of the item
values wasn't an exact XML format. A zone name can be
specified in URI as
/bind10/statistics/xml/Xfrout/zones/example.org/xfrreqdone.
XSD and XSL formats are also changed to constant ones due
to these changes.
(Trac #2298, git 512d2d46f3cb431bcdbf8d90af27bff8874ba075)
503. [func] Stephen
Add initial version of a MySQL backend for the DHCP code. This
implements the basic IPv6 lease access functions - add lease, delete
lease and update lease. The backend is enabled by specifying
--with-dhcp-mysql on the "configure" command line: without this
switch, the MySQL code is not compiled, so leaving BIND 10 able to
be built on systems without MySQL installed.
(Trac #2342, git c7defffb89bd0f3fdd7ad2437c78950bcb86ad37)
502. [func] vorner
TTLs can be specified with units as well as number of seconds now.
This allows specifications like "1D3H".
(Trac #2384, git 44c321c37e17347f33ced9d0868af0c891ff422b)
501. [func] tomek
Added DHCPv6 allocation engine, now used in the processing of DHCPv6
messages.
(Trac #2414, git b3526430f02aa3dc3273612524d23137b8f1fe87)
500. [bug] jinmei
Corrected the autoconf example in the examples directory so it can
use the configured path to Boost to check availability of the BIND 10
......@@ -18,8 +74,9 @@
Implemented DHCPv6 option values configuration using configuration
manager. In order to set values for data fields carried by the
particular option, user specifies the string of hexadecimal digits
that is in turn converted to binary data and stored into option buffer.
More user friendly way of option content specification is planned.
that is in turn converted to binary data and stored into option
buffer. More user friendly way of option content specification is
planned.
(Trac #2318, git e75c686cd9c14f4d6c2a242a0a0853314704fee9)
497. [bug] jinmei
......
This is the source for the development version of BIND 10.
This is the source for the BIND 10 suite.
BIND is the popular implementation of a DNS server, developer
interfaces, and DNS tools. BIND 10 is a rewrite of BIND 9 and ISC
DHCP. BIND 10 is written in C++ and Python and provides a modular
environment for serving, maintaining, and developing DNS and DHCP.
BIND10-devel is new development leading up to the production
BIND 10 release. It contains prototype code and experimental
interfaces. Nevertheless it is ready to use now for testing the
new BIND 10 infrastructure ideas.
This release includes the bind10 master process, b10-msgq message
bus, b10-auth authoritative DNS server (with SQLite3 and in-memory
backends), b10-resolver recursive or forwarding DNS server, b10-cmdctl
......@@ -62,3 +57,6 @@ For operating system specific tips see the wiki at:
http://bind10.isc.org/wiki/SystemSpecificNotes
Please see the wiki and the doc/ directory for various documentation.
The BIND 10 suite is started by running "bind10". Note that the
default configuration does not run any DNS or DHCP servers.
......@@ -733,6 +733,60 @@ AC_LINK_IFELSE(
CPPFLAGS=$CPPFLAGS_SAVED
LIBS=$LIBS_SAVED
# Check for MySql. The path to the mysql_config program is given with
# the --with-mysql-config (default to /usr/bin/mysql-config). By default,
# the software is not built with MySQL support enabled.
mysql_config="no"
AC_ARG_WITH([dhcp-mysql],
AC_HELP_STRING([--with-dhcp-mysql=PATH],
[path to the MySQL 'mysql_config' script (MySQL is used for the DHCP database)]),
[mysql_config="$withval"])
if test "${mysql_config}" = "yes" ; then
MYSQL_CONFIG="/usr/bin/mysql_config"
elif test "${mysql_config}" != "no" ; then
MYSQL_CONFIG="${withval}"
fi
if test "$MYSQL_CONFIG" != "" ; then
if test -d "$MYSQL_CONFIG" -o ! -x "$MYSQL_CONFIG" ; then
AC_MSG_ERROR([--with-dhcp-mysql should point to a mysql_config program])
fi
MYSQL_CPPFLAGS=`$MYSQL_CONFIG --cflags`
MYSQL_LIBS=`$MYSQL_CONFIG --libs`
AC_SUBST(MYSQL_CPPFLAGS)
AC_SUBST(MYSQL_LIBS)
# Check that a simple program using MySQL functions can compile and link.
CPPFLAGS_SAVED="$CPPFLAGS"
LIBS_SAVED="$LIBS"
CPPFLAGS="$MYSQL_CPPFLAGS $CPPFLAGS"
LIBS="$MYSQL_LIBS $LIBS"
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([#include <mysql.h>],
[MYSQL mysql_handle;
(void) mysql_init(&mysql_handle);
])],
[AC_MSG_RESULT([checking for MySQL headers and library... yes])],
[AC_MSG_RESULT([checking for MySQL headers and library... no])
AC_MSG_ERROR([Needs MySQL library])]
)
CPPFLAGS=$CPPFLAGS_SAVED
LIBS=$LIBS_SAVED
# Note that MYSQL is present in the config.h file
AC_DEFINE([HAVE_MYSQL], [1], [MySQL is present])
fi
# ... and at the shell level, so Makefile.am can take action depending on this.
AM_CONDITIONAL(HAVE_MYSQL, test "$MYSQL_CONFIG" != "")
# Check for log4cplus
log4cplus_path="yes"
AC_ARG_WITH([log4cplus],
......@@ -1210,6 +1264,8 @@ AC_CONFIG_FILES([Makefile
src/lib/dns/benchmarks/Makefile
src/lib/dhcp/Makefile
src/lib/dhcp/tests/Makefile
src/lib/dhcpsrv/Makefile
src/lib/dhcpsrv/tests/Makefile
src/lib/exceptions/Makefile
src/lib/exceptions/tests/Makefile
src/lib/datasrc/Makefile
......@@ -1421,6 +1477,18 @@ dnl includes too
${LOG4CPLUS_LIBS}
SQLite: $SQLITE_CFLAGS
$SQLITE_LIBS
END
# Avoid confusion on DNS/DHCP and only mention MySQL if it
# were specified on the command line.
if test "$MYSQL_CPPFLAGS" != "" ; then
cat >> config.report << END
MySQL: $MYSQL_CPPFLAGS
$MYSQL_LIBS
END
fi
cat >> config.report << END
Features:
$enable_features
......
......@@ -33,6 +33,7 @@
* - @subpage leasemgr
* - @subpage cfgmgr
* - @subpage allocengine
* - @subpage dhcp-database-backends
* - @subpage perfdhcpInternals
*
* @section misc Miscellaneous topics
......
This diff is collapsed.
......@@ -21,7 +21,14 @@ if test "x$BIND10_RPATH" != "x"; then
LDFLAGS="$LDFLAGS $BIND10_RPATH"
fi
# For the example host program, we require the BIND 10 DNS library
# For the example host program, we require some socket API library
# and the BIND 10 DNS library.
# In practice, these are specific to Solaris, but wouldn't do any harm for
# others except for the checking overhead.
AC_SEARCH_LIBS(inet_pton, [nsl])
AC_SEARCH_LIBS(recvfrom, [socket])
if test "x$BIND10_DNS_LIB" = "x"; then
AC_MSG_ERROR([unable to find BIND 10 DNS library needed to build 'host'])
fi
......
......@@ -47,10 +47,15 @@ available. It is issued during server startup is an indication that
the initialization is proceeding normally.
% AUTH_CONFIG_LOAD_FAIL load of configuration failed: %1
An attempt to configure the server with information from the configuration
database during the startup sequence has failed. (The reason for
the failure is given in the message.) The server will continue its
initialization although it may not be configured in the desired way.
An attempt to configure the server with information from the
configuration database during the startup sequence has failed. The
server will continue its initialization although it may not be
configured in the desired way. The reason for the failure is given in
the message. One common reason is that the server failed to acquire a
socket bound to a privileged port (53 for DNS). In that case the
reason in the log message should show something like "permission
denied", and the solution would be to restart BIND 10 as a super
(root) user.
% AUTH_CONFIG_UPDATE_FAIL update of configuration failed: %1
At attempt to update the configuration the server with information
......@@ -93,6 +98,16 @@ This debug message is issued when the separate thread for maintaining data
source clients successfully loaded the named zone of the named class as a
result of the 'loadzone' command.
% AUTH_DATASRC_CLIENTS_BUILDER_LOAD_ZONE_NOCACHE skipped loading zone %1/%2 due to no in-memory cache
This debug message is issued when the separate thread for maintaining data
source clients received a command to reload a zone but skipped it because
the specified zone is not loaded in-memory (but served from an underlying
data source). This could happen if the loadzone command is manually issued
by a user but the zone name is misspelled, but a more likely cause is
that the command is sent from another BIND 10 module (such as xfrin or DDNS).
In the latter case it can be simply ignored because there is no need
for explicit reloading.
% AUTH_DATASRC_CLIENTS_BUILDER_RECONFIGURE_CONFIG_ERROR Error in data source configuration: %1
The thread for maintaining data source clients has received a command to
reconfigure, but the parameter data (the new configuration) contains an
......
......@@ -651,9 +651,10 @@ AuthSrvImpl::processNormalQuery(const IOMessage& io_message, Message& message,
local_edns->setUDPSize(AuthSrvImpl::DEFAULT_LOCAL_UDPSIZE);
message.setEDNS(local_edns);
}
// Get access to data source client list through the holder and keep the
// holder until the processing and rendering is done to avoid inter-thread
// race.
// Get access to data source client list through the holder and keep
// the holder until the processing and rendering is done to avoid
// race with any other thread(s) such as the background loader.
auth::DataSrcClientsMgr::Holder datasrc_holder(datasrc_clients_mgr_);
try {
......@@ -688,6 +689,9 @@ AuthSrvImpl::processNormalQuery(const IOMessage& io_message, Message& message,
return (true);
// The message can contain some data from the locked resource. But outside
// this method, we touch only the RCode of it, so it should be safe.
// Lock on datasrc_clients_mgr_ acquired by datasrc_holder is
// released here upon its deletion.
}
bool
......
......@@ -581,6 +581,9 @@ DataSrcClientsBuilderBase<MutexType, CondVarType>::doLoadZone(
try {
boost::shared_ptr<datasrc::memory::ZoneWriter> zwriter =
getZoneWriter(*client_list, rrclass, origin);
if (!zwriter) {
return;
}
zwriter->load(); // this can take time but doesn't cause a race
{ // install() can cause a race and must be in a critical section
......@@ -614,8 +617,14 @@ DataSrcClientsBuilderBase<MutexType, CondVarType>::getZoneWriter(
datasrc::ConfigurableClientList& client_list,
const dns::RRClass& rrclass, const dns::Name& origin)
{
const datasrc::ConfigurableClientList::ZoneWriterPair writerpair =
client_list.getCachedZoneWriter(origin);
// getCachedZoneWriter() could get access to an underlying data source
// that can cause a race condition with the main thread using that data
// source for lookup. So we need to protect the access here.
datasrc::ConfigurableClientList::ZoneWriterPair writerpair;
{
typename MutexType::Locker locker(*map_mutex_);
writerpair = client_list.getCachedZoneWriter(origin);
}
switch (writerpair.first) {
case datasrc::ConfigurableClientList::ZONE_SUCCESS:
......@@ -626,8 +635,10 @@ DataSrcClientsBuilderBase<MutexType, CondVarType>::getZoneWriter(
<< "/" << rrclass << ": not found in any configured "
"data source.");
case datasrc::ConfigurableClientList::ZONE_NOT_CACHED:
isc_throw(InternalCommandError, "failed to load zone " << origin
<< "/" << rrclass << ": not served from memory");
LOG_DEBUG(auth_logger, DBG_AUTH_OPS,
AUTH_DATASRC_CLIENTS_BUILDER_LOAD_ZONE_NOCACHE)
.arg(origin).arg(rrclass);
break; // return NULL below
case datasrc::ConfigurableClientList::CACHE_DISABLED:
// This is an internal error. Auth server must have the cache
// enabled.
......@@ -636,8 +647,6 @@ DataSrcClientsBuilderBase<MutexType, CondVarType>::getZoneWriter(
"is somehow disabled");
}
// all cases above should either return or throw, but some compilers
// still need a return statement
return (boost::shared_ptr<datasrc::memory::ZoneWriter>());
}
} // namespace datasrc_clientmgr_internal
......
......@@ -410,9 +410,9 @@ Query::process(datasrc::ClientList& client_list,
*/
assert(db_context->rrset->getRdataCount() > 0);
// Get the data of DNAME
RdataIteratorPtr rit = db_context->rrset->getRdataIterator();
const rdata::generic::DNAME& dname(
dynamic_cast<const rdata::generic::DNAME&>(
db_context->rrset->getRdataIterator()->getCurrent()));
dynamic_cast<const rdata::generic::DNAME&>(rit->getCurrent()));
// The yet unmatched prefix dname
const Name prefix(qname_->split(0, qname_->getLabelCount() -
db_context->rrset->getName().getLabelCount()));
......
......@@ -50,6 +50,7 @@ run_unittests_SOURCES += config_syntax_unittest.cc
run_unittests_SOURCES += command_unittest.cc
run_unittests_SOURCES += common_unittest.cc
run_unittests_SOURCES += query_unittest.cc
run_unittests_SOURCES += query_inmemory_unittest.cc
run_unittests_SOURCES += statistics_unittest.cc
run_unittests_SOURCES += test_datasrc_clients_mgr.h test_datasrc_clients_mgr.cc
run_unittests_SOURCES += datasrc_clients_builder_unittest.cc
......
......@@ -308,8 +308,12 @@ TEST_F(DataSrcClientsBuilderTest, loadZone) {
"{\"class\": \"IN\","
" \"origin\": \"test1.example\"}"));
EXPECT_TRUE(builder.handleCommand(loadzone_cmd));
EXPECT_EQ(1, map_mutex.lock_count); // we should have acquired the lock
EXPECT_EQ(1, map_mutex.unlock_count); // and released it.
// loadZone involves two critical sections: one for getting the zone
// writer, and one for actually updating the zone data. So the lock/unlock
// count should be incremented by 2.
EXPECT_EQ(2, map_mutex.lock_count);
EXPECT_EQ(2, map_mutex.unlock_count);
newZoneChecks(clients_map, rrclass);
}
......@@ -381,7 +385,10 @@ TEST_F(DataSrcClientsBuilderTest,
find(Name("example.org")).finder_->
find(Name("example.org"), RRType::SOA())->code);
// attempt of reloading a zone but in-memory cache is disabled.
// attempt of reloading a zone but in-memory cache is disabled. In this
// case the command is simply ignored.
const size_t orig_lock_count = map_mutex.lock_count;
const size_t orig_unlock_count = map_mutex.unlock_count;
const ConstElementPtr config2(Element::fromJSON("{"
"\"IN\": [{"
" \"type\": \"sqlite3\","
......@@ -390,11 +397,13 @@ TEST_F(DataSrcClientsBuilderTest,
" \"cache-zones\": [\"example.org\"]"
"}]}"));
clients_map = configureDataSource(config2);
EXPECT_THROW(builder.handleCommand(
builder.handleCommand(
Command(LOADZONE, Element::fromJSON(
"{\"class\": \"IN\","
" \"origin\": \"example.org\"}"))),
TestDataSrcClientsBuilder::InternalCommandError);
" \"origin\": \"example.org\"}")));
// Only one mutex was needed because there was no actual reload.
EXPECT_EQ(orig_lock_count + 1, map_mutex.lock_count);
EXPECT_EQ(orig_unlock_count + 1, map_mutex.unlock_count);
// basically impossible case: in-memory cache is completely disabled.
// In this implementation of manager-builder, this should never happen,
......
// Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include <dns/name.h>
#include <dns/message.h>
#include <dns/rcode.h>
#include <dns/opcode.h>
#include <cc/data.h>
#include <datasrc/client_list.h>
#include <auth/query.h>
#include <testutils/dnsmessage_test.h>
#include <gtest/gtest.h>
#include <string>
using namespace isc::dns;
using namespace isc::auth;
using namespace isc::testutils;
using isc::datasrc::ConfigurableClientList;
using std::string;
namespace {
// The DNAME to do tests against
const char* const dname_txt =
"dname.example.com. 3600 IN DNAME "
"somethinglong.dnametarget.example.com.\n";
// This is not inside the zone, this is created at runtime
const char* const synthetized_cname_txt =
"www.dname.example.com. 3600 IN CNAME "
"www.somethinglong.dnametarget.example.com.\n";
// This is a subset of QueryTest using (subset of) the same test data, but
// with the production in-memory data source. Both tests should be eventually
// unified to avoid duplicates.
class InMemoryQueryTest : public ::testing::Test {
protected:
InMemoryQueryTest() : list(RRClass::IN()), response(Message::RENDER) {
response.setRcode(Rcode::NOERROR());
response.setOpcode(Opcode::QUERY());
list.configure(isc::data::Element::fromJSON(
"[{\"type\": \"MasterFiles\","
" \"cache-enable\": true, "
" \"params\": {\"example.com\": \"" +
string(TEST_OWN_DATA_DIR "/example.zone") +
"\"}}]"), true);
}
ConfigurableClientList list;
Message response;
Query query;
};
// A wrapper to check resulting response message commonly used in
// tests below.
// check_origin needs to be specified only when the authority section has
// an SOA RR. The interface is not generic enough but should be okay
// for our test cases in practice.
void
responseCheck(Message& response, const isc::dns::Rcode& rcode,
unsigned int flags, const unsigned int ancount,
const unsigned int nscount, const unsigned int arcount,
const char* const expected_answer,
const char* const expected_authority,
const char* const expected_additional,
const Name& check_origin = Name::ROOT_NAME())
{
// In our test cases QID, Opcode, and QDCOUNT should be constant, so
// we don't bother the test cases specifying these values.
headerCheck(response, response.getQid(), rcode, Opcode::QUERY().getCode(),
flags, 0, ancount, nscount, arcount);
if (expected_answer != NULL) {
rrsetsCheck(expected_answer,
response.beginSection(Message::SECTION_ANSWER),
response.endSection(Message::SECTION_ANSWER),
check_origin);
}
if (expected_authority != NULL) {
rrsetsCheck(expected_authority,
response.beginSection(Message::SECTION_AUTHORITY),
response.endSection(Message::SECTION_AUTHORITY),
check_origin);
}
if (expected_additional != NULL) {
rrsetsCheck(expected_additional,
response.beginSection(Message::SECTION_ADDITIONAL),
response.endSection(Message::SECTION_ADDITIONAL));
}
}
/*
* Test a query under a domain with DNAME. We should get a synthetized CNAME
* as well as the DNAME.
*
* TODO: Once we have CNAME chaining, check it works with synthetized CNAMEs
* as well. This includes tests pointing inside the zone, outside the zone,
* pointing to NXRRSET and NXDOMAIN cases (similarly as with CNAME).
*/
TEST_F(InMemoryQueryTest, DNAME) {
query.process(list, Name("www.dname.example.com"), RRType::A(),
response);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 2, 0, 0,
(string(dname_txt) + synthetized_cname_txt).c_str(),
NULL, NULL);
}
}
......@@ -21,6 +21,7 @@ EXTRA_DIST += simpleresponse_fromWire.spec
EXTRA_DIST += spec.spec
EXTRA_DIST += example.com
EXTRA_DIST += example.zone
EXTRA_DIST += example.sqlite3
.spec.wire:
......
;;
;; This is a complete (but crafted and somewhat broken) zone file used
;; in query tests.
;;
example.com. 3600 IN SOA . . 0 0 0 0 0
example.com. 3600 IN NS glue.delegation.example.com.
example.com. 3600 IN NS noglue.example.com.
example.com. 3600 IN NS example.net.
example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
glue.delegation.example.com. 3600 IN A 192.0.2.153
glue.delegation.example.com. 3600 IN AAAA 2001:db8::53
noglue.example.com. 3600 IN A 192.0.2.53
delegation.example.com. 3600 IN NS glue.delegation.example.com.
delegation.example.com. 3600 IN NS noglue.example.com.
delegation.example.com. 3600 IN NS cname.example.com.
delegation.example.com. 3600 IN NS example.org.
;; Borrowed from the RFC4035
delegation.example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
mx.example.com. 3600 IN MX 10 www.example.com.
mx.example.com. 3600 IN MX 20 mailer.example.org.
mx.example.com. 3600 IN MX 30 mx.delegation.example.com.
www.example.com. 3600 IN A 192.0.2.80
cname.example.com. 3600 IN CNAME www.example.com.
cnamenxdom.example.com. 3600 IN CNAME nxdomain.example.com.
;; CNAME Leading out of zone
cnameout.example.com. 3600 IN CNAME www.example.org.
;; The DNAME to do tests against
dname.example.com. 3600 IN DNAME somethinglong.dnametarget.example.com.
;; Some data at the dname node (allowed by RFC 2672)
dname.example.com. 3600 IN A 192.0.2.5
;; The rest of data won't be referenced from the test cases.
cnamemailer.example.com. 3600 IN CNAME www.example.com.
cnamemx.example.com. 3600 IN MX 10 cnamemailer.example.com.
mx.delegation.example.com. 3600 IN A 192.0.2.100
;; Wildcards
*.wild.example.com. 3600 IN A 192.0.2.7
*.wild.example.com. 3600 IN NSEC www.example.com. A NSEC RRSIG
*.cnamewild.example.com. 3600 IN CNAME www.example.org.
*.cnamewild.example.com. 3600 IN NSEC delegation.example.com. CNAME NSEC RRSIG
;; Wildcard_nxrrset
*.uwild.example.com. 3600 IN A 192.0.2.9
*.uwild.example.com. 3600 IN NSEC www.uwild.example.com. A NSEC RRSIG
www.uwild.example.com. 3600 IN A 192.0.2.11
www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG
;; Wildcard empty
b.*.t.example.com. 3600 IN A 192.0.2.13
b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG
t.example.com. 3600 IN A 192.0.2.15
t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG
;; Used in NXDOMAIN proof test. We are going to test some unusual case where
;; the best possible wildcard is below the "next domain" of the NSEC RR that
;; proves the NXDOMAIN, i.e.,
;; mx.example.com. (exist)
;; (.no.example.com. (qname, NXDOMAIN)
;; ).no.example.com. (exist)
;; *.no.example.com. (best possible wildcard, not exist)
).no.example.com. 3600 IN AAAA 2001:db8::53
;; NSEC records.
example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
mx.example.com. 3600 IN NSEC ).no.example.com. MX NSEC RRSIG
).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
;; non existence of wildcard. The following records will be used for that
;; test.
;; ).no.example.com. (exist, whose NSEC proves everything)
;; *.no.example.com. (best possible wildcard, not exist)
;; nx.no.example.com. (NXDOMAIN)
;; nz.no.example.com. (exist)
nz.no.example.com. 3600 IN AAAA 2001:db8::5300
nz.no.example.com. 3600 IN NSEC noglue.example.com. AAAA NSEC RRSIG
noglue.example.com. 3600 IN NSEC nonsec.example.com. A
;; NSEC for the normal NXRRSET case
www.example.com. 3600 IN NSEC example.com. A NSEC RRSIG
;; Authoritative data without NSEC
nonsec.example.com. 3600 IN A 192.0.2.0
;; NSEC3 RRs. You may also need to add mapping to MockZoneFinder::hash_map_.
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA NSEC3PARAM RRSIG
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;; NSEC3 for wild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for cnamewild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
k8udemvp1j2f7eg6jebps17vp3n8i58h.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for *.uwild.example.com (will be added on demand not to confuse
;; other tests)
b4um86eghhds6nea196smvmlo4ors995.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; NSEC3 for uwild.example.com. (will be added on demand)
t644ebqk9bibcna874givr6joj62mlhv.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; (Secure) delegation data; Delegation with DS record
signed-delegation.example.com. 3600 IN NS ns.example.net.
signed-delegation.example.com. 3600 IN DS 12345 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
;; (Secure) delegation data; Delegation without DS record (and both NSEC
;; and NSEC3 denying its existence)
unsigned-delegation.example.com. 3600 IN NS ns.example.net.
unsigned-delegation.example.com. 3600 IN NSEC unsigned-delegation-optout.example.com. NS RRSIG NSEC
;; This one will be added on demand
q81r598950igr1eqvc60aedlq66425b5.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom NS RRSIG
;; Delegation without DS record, and no direct matching NSEC3 record
unsigned-delegation-optout.example.com. 3600 IN NS ns.example.net.
unsigned-delegation-optout.example.com. 3600 IN NSEC *.uwild.example.com. NS RRSIG NSEC
;; (Secure) delegation data; Delegation where the DS lookup will raise an
;; exception.
bad-delegation.example.com. 3600 IN NS ns.example.net.
;; Delegation from an unsigned parent. There's no DS, and there's no NSEC