Commit e36f01f6 authored by Evan Hunt's avatar Evan Hunt
Browse files

- only add NSEC/NSEC3 when DNSSEC was requested

- add unit test for wildcard->CNAME->NXRRSET
- add unit test for wildcard->CNAME->NXDOMAIN


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1496 e5f2f494-b856-4b98-b285-d166d9295462
parent 4ec6c434
......@@ -475,10 +475,12 @@ tryWildcard(Query& q, QueryTaskPtr task, const DataSrc* ds,
// A wildcard was found.
if (found) {
// Prove the nonexistence of the name we were looking for
result = proveNX(q, task, ds, *zonename, true);
if (result != DataSrc::SUCCESS) {
m.setRcode(Rcode::SERVFAIL());
return (DataSrc::ERROR);
if (q.wantDnssec()) {
result = proveNX(q, task, ds, *zonename, true);
if (result != DataSrc::SUCCESS) {
m.setRcode(Rcode::SERVFAIL());
return (DataSrc::ERROR);
}
}
// Add the data to the answer section (but with the name changed to
......
......@@ -377,6 +377,75 @@ TEST_F(DataSrcTest, WildcardCname) {
EXPECT_TRUE(it->isLast());
}
TEST_F(DataSrcTest, WildcardCnameNodata) {
// A wildcard containing a CNAME whose target does not include
// data of this type.
readAndProcessQuery("testdata/q_wild2_aaaa");
headerCheck(msg, Rcode::NOERROR(), true, true, true, 2, 4, 0);
RRsetIterator rit = msg.beginSection(Section::ANSWER());
RRsetPtr rrset = *rit;
EXPECT_EQ(Name("www.wild2.example.com"), rrset->getName());
EXPECT_EQ(RRType::CNAME(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
RdataIteratorPtr it = rrset->getRdataIterator();
it->first();
EXPECT_EQ("www.example.com.", it->getCurrent().toText());
it->next();
EXPECT_TRUE(it->isLast());
rit = msg.beginSection(Section::AUTHORITY());
rrset = *rit;
EXPECT_EQ(Name("*.wild2.example.com"), rrset->getName());
EXPECT_EQ(RRType::NSEC(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
++rit;
++rit;
rrset = *rit;
EXPECT_EQ(Name("www.example.com"), rrset->getName());
EXPECT_EQ(RRType::NSEC(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
}
TEST_F(DataSrcTest, WildcardCnameNxdomain) {
// A wildcard containing a CNAME whose target does not exist
readAndProcessQuery("testdata/q_wild3_a");
headerCheck(msg, Rcode::NOERROR(), true, true, true, 2, 6, 0);
RRsetIterator rit = msg.beginSection(Section::ANSWER());
RRsetPtr rrset = *rit;
EXPECT_EQ(Name("www.wild3.example.com"), rrset->getName());
EXPECT_EQ(RRType::CNAME(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
RdataIteratorPtr it = rrset->getRdataIterator();
it->first();
EXPECT_EQ("spork.example.com.", it->getCurrent().toText());
it->next();
EXPECT_TRUE(it->isLast());
rit = msg.beginSection(Section::AUTHORITY());
rrset = *rit;
EXPECT_EQ(Name("*.wild3.example.com"), rrset->getName());
EXPECT_EQ(RRType::NSEC(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
++rit;
++rit;
rrset = *rit;
EXPECT_EQ(Name("foo.example.com"), rrset->getName());
EXPECT_EQ(RRType::NSEC(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
++rit;
++rit;
rrset = *rit;
EXPECT_EQ(Name("example.com"), rrset->getName());
EXPECT_EQ(RRType::NSEC(), rrset->getType());
EXPECT_EQ(RRClass::IN(), rrset->getClass());
}
TEST_F(DataSrcTest, AuthDelegation) {
readAndProcessQuery("testdata/q_sql1");
......
......@@ -58,6 +58,7 @@ const Name cnameext("cname-ext.example.com");
const Name dname("dname.example.com");
const Name wild("*.wild.example.com");
const Name wild2("*.wild2.example.com");
const Name wild3("*.wild3.example.com");
const Name subzone("subzone.example.com");
const Name loop1("loop1.example.com");
const Name loop2("loop2.example.com");
......@@ -83,6 +84,8 @@ RRsetPtr wild_a;
RRsetPtr wild_nsec;
RRsetPtr wild2_cname;
RRsetPtr wild2_nsec;
RRsetPtr wild3_cname;
RRsetPtr wild3_nsec;
RRsetPtr dname_dname;
RRsetPtr dname_nsec;
RRsetPtr sql1_ns;
......@@ -306,7 +309,7 @@ TestDataSrc::init() {
rrsig->addRdata(generic::RRSIG("NSEC 5 3 7200 20100322084538 20100220084538 33495 example.com. OoGYslRj4xjZnBuzgOqsrvkDAHWycmQzbUxCRmgWnCbXiobJK7/ynONH3jm8G3vGlU0lwpHkhNs6cUK+6Nu8W49X3MT0Xksl/brroLcXYLi3vfxnYUNMMpXdeFl6WNNfoJRo90F/f/TWXAClRrDS29qiG3G1PEJZikIxZsZ0tyM="));
wild_nsec->addRRsig(rrsig);
// *.wild2.example.com HERE
// *.wild2.example.com
wild2_cname = RRsetPtr(new RRset(wild2, RRClass::IN(), RRType::CNAME(),
RRTTL(3600)));
wild2_cname->addRdata(generic::CNAME("www.example.com"));
......@@ -318,7 +321,7 @@ TestDataSrc::init() {
wild2_nsec = RRsetPtr(new RRset(wild2, RRClass::IN(),
RRType::NSEC(), RRTTL(3600)));
wild2_nsec->addRdata(generic::NSEC("www.example.com. CNAME RRSIG NSEC"));
wild2_nsec->addRdata(generic::NSEC("*.wild3.example.com. CNAME RRSIG NSEC"));
rrsig = RRsetPtr(new RRset(wild2, RRClass::IN(), RRType::RRSIG(),
RRTTL(3600)));
......@@ -326,6 +329,26 @@ TestDataSrc::init() {
rrsig->addRdata(generic::RRSIG("NSEC 5 3 7200 20100410212307 20100311212307 33495 example.com. EuSzh6or8mbvwru2H7fyYeMpW6J8YZ528rabU38V/lMN0TdamghIuCneAvSNaZgwk2MSN1bWpZqB2kAipaM/ZI9/piLlTvVjjOQ8pjk0auwCEqT7Z7Qng3E92O9yVzO+WHT9QZn/fR6t60392In4IvcBGjZyjzQk8njIwbui xGA="));
wild2_nsec->addRRsig(rrsig);
// *.wild3.example.com -- a wildcard record with a lame CNAME
wild3_cname = RRsetPtr(new RRset(wild3, RRClass::IN(), RRType::CNAME(),
RRTTL(3600)));
wild3_cname->addRdata(generic::CNAME("spork.example.com"));
rrsig = RRsetPtr(new RRset(wild3, RRClass::IN(), RRType::RRSIG(),
RRTTL(3600)));
rrsig->addRdata(generic::RRSIG("CNAME 5 3 3600 20100410212307 20100311212307 33495 example.com. pGHtGdRBi4GKFSKszi6SsKvuBLDX8dFhZubU0tMojQ9SJuiFNF+WtxvdAYuUaoWP/9VLUaYmiw5u7JnzmR84DiXZPEs6DtD+UJdOZhaS7V7RTpE+tMOfVQBLpUnRWYtlTTmiBpFquzf3DdIxgUFhEPEuJJyp3LFRxJObCaq9 nvI="));
wild3_cname->addRRsig(rrsig);
wild3_nsec = RRsetPtr(new RRset(wild3, RRClass::IN(),
RRType::NSEC(), RRTTL(3600)));
wild3_nsec->addRdata(generic::NSEC("www.example.com. CNAME RRSIG NSEC"));
rrsig = RRsetPtr(new RRset(wild3, RRClass::IN(), RRType::RRSIG(),
RRTTL(3600)));
rrsig->addRdata(generic::RRSIG("NSEC 5 3 7200 20100410212307 20100311212307 33495 example.com. EuSzh6or8mbvwru2H7fyYeMpW6J8YZ528rabU38V/lMN0TdamghIuCneAvSNaZgwk2MSN1bWpZqB2kAipaM/ZI9/piLlTvVjjOQ8pjk0auwCEqT7Z7Qng3E92O9yVzO+WHT9QZn/fR6t60392In4IvcBGjZyjzQk8njIwbui xGA="));
wild3_nsec->addRRsig(rrsig);
// foo.example.com
foo_cname = RRsetPtr(new RRset(foo, RRClass::IN(), RRType::CNAME(),
RRTTL(3600)));
......@@ -631,6 +654,18 @@ TestDataSrc::findRecords(const Name& name, const RRType& rdtype,
flags |= CNAME_FOUND;
}
}
} else if (name == wild3) {
if (any) {
target.addRRset(wild3_cname);
target.addRRset(wild3_nsec);
} else if (rdtype == RRType::NSEC()) {
target.addRRset(wild3_nsec);
} else {
target.addRRset(wild3_cname);
if (rdtype != RRType::CNAME()) {
flags |= CNAME_FOUND;
}
}
} else if (name == www) {
if (any) {
target.addRRset(www_a);
......@@ -803,8 +838,10 @@ TestDataSrc::findPreviousName(const Name& qname,
target = subzone;
} else if (qname < wild2) {
target = wild;
} else if (qname < www) {
} else if (qname < wild3) {
target = wild2;
} else if (qname < www) {
target = wild3;
} else {
target = www;
}
......
# www.wild2.example.com/AAAA (wildcard CNAME NXRRSET)
d8 ef 01 00 00 01 00 00 00 00 00 00 03 77 77 77
05 77 69 6c 64 32 07 65 78 61 6d 70 6c 65 03 63
6f 6d 00 00 1c 00 01
# www.wild3.example.com/A (wildcard, CNAME, target does not exist)
d8 ef 01 00 00 01 00 00 00 00 00 00 03 77 77 77
05 77 69 6c 64 33 07 65 78 61 6d 70 6c 65 03 63
6f 6d 00 00 01 00 01
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment