fix NSEC for asterisk ents and add test

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 8a69545a44792515eda04955376ed8db7c49ee86..cf9cdbee8e53d61c1a48459778ea23fa87d1dea5 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -671,7 +671,7 @@ void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, co
 
   if (mode == 2) {
     // wildcard NO-DATA
-    before='.';
+    before.clear();
     sd.db->getBeforeAndAfterNames(sd.domain_id, auth, wildcard, before, after);
     emitNSEC(before, after, target, sd, r, mode);
   }

diff --git a/regression-tests/ent-asterisk/command b/regression-tests/ent-asterisk/command
new file mode 100755 (executable)
index 0000000..bce5a5e
--- /dev/null
+++ b/regression-tests/ent-asterisk/command
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig sub.host.sub.example.com a dnssec

diff --git a/regression-tests/ent-asterisk/description b/regression-tests/ent-asterisk/description
new file mode 100644 (file)
index 0000000..9aeca63
--- /dev/null
+++ b/regression-tests/ent-asterisk/description
@@ -0,0 +1 @@
+Check if asterisk empty non-terminal is interpreted as wildcard wihout type

diff --git a/regression-tests/ent-asterisk/expected_result b/regression-tests/ent-asterisk/expected_result
new file mode 100644 (file)
index 0000000..f0a6a86
--- /dev/null
+++ b/regression-tests/ent-asterisk/expected_result
@@ -0,0 +1,4 @@
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A

diff --git a/regression-tests/ent-asterisk/expected_result.dnssec b/regression-tests/ent-asterisk/expected_result.dnssec
new file mode 100644 (file)
index 0000000..98cd61b
--- /dev/null
+++ b/regression-tests/ent-asterisk/expected_result.dnssec
@@ -0,0 +1,10 @@
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      host.*.sub.example.com. IN      NSEC    86400   text.example.com. A RRSIG NSEC
+1      host.*.sub.example.com. IN      RRSIG   86400   NSEC 8 5 86400 [expiry] [inception] [keytag] example.com. ...
+1      start4.example.com.     IN      NSEC    86400   host.*.sub.example.com. A RRSIG NSEC
+1      start4.example.com.     IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A
+./ent-asterisk/unbound-host.out:sub.host.sub.example.com has no address (BOGUS (security failure))

diff --git a/regression-tests/ent-asterisk/expected_result.narrow b/regression-tests/ent-asterisk/expected_result.narrow
new file mode 100644 (file)
index 0000000..46769e0
--- /dev/null
+++ b/regression-tests/ent-asterisk/expected_result.narrow
@@ -0,0 +1,11 @@
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   IN      NSEC3   86400   1 [flags] 1 abcd 5UI8H56R4776MAICVHPDEGS6CHR19I9A
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   IN      NSEC3   86400   1 [flags] 1 abcd HHRSADPARTHVTUOU67TRENTJSTDODLA1
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.   IN      NSEC3   86400   1 [flags] 1 abcd PBL3RTQV3MT7EB29GQP0A17O0H42NJ78
+1      pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A

diff --git a/regression-tests/ent-asterisk/expected_result.nsec3 b/regression-tests/ent-asterisk/expected_result.nsec3
new file mode 100644 (file)
index 0000000..b462df8
--- /dev/null
+++ b/regression-tests/ent-asterisk/expected_result.nsec3
@@ -0,0 +1,11 @@
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   IN      NSEC3   86400   1 [flags] 1 abcd 5UMB87SUFNRRMLILGL48A5GUUHG7RI58
+1      5ui8h56r4776maicvhpdegs6chr19i99.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   IN      NSEC3   86400   1 [flags] 1 abcd HHTKKD5HB125SGANBTKMQK84LULH60LH
+1      hhrsadparthvtuou67trentjstdodla0.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.   IN      NSEC3   86400   1 [flags] 1 abcd PBL4SE96F8T4H4Q24UQMRQ4KS96AHPV3 A RRSIG
+1      pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A

diff --git a/regression-tests/ent-asterisk/skip.noent b/regression-tests/ent-asterisk/skip.noent
new file mode 100644 (file)
index 0000000..e69de29