host1.sub.secure.example. 3600 IN A 192.0.2.11
+;; See #4158
+sub2.secure.example. 3600 IN CNAME doesnotmatter.insecure.example.
+insecure.sub2.secure.example. 3600 IN NS ns1.insecure.example.
+
*.wildcard.secure.example. 3600 IN A 192.0.2.10
*.cnamewildcard.secure.example. 3600 IN CNAME host1.secure.example.
ns1.bogus.example. 3600 IN A {prefix}.12
ted.bogus.example. 3600 IN A 192.0.2.1
bill.bogus.example. 3600 IN AAAA 2001:db8:12::3
+ """,
+ 'insecure.sub2.secure.example': """
+insecure.sub2.secure.example. 3600 IN SOA {soa}
+insecure.sub2.secure.example. 3600 IN NS ns1.insecure.example.
+
+node1.insecure.sub2.secure.example. 3600 IN A 192.0.2.18
""",
'insecure.example': """
insecure.example. 3600 IN SOA {soa}
'10': ['example'],
'11': ['example'],
'12': ['bogus.example'],
- '13': ['insecure.example'],
+ '13': ['insecure.example', 'insecure.sub2.secure.example'],
'14': ['optout.example'],
'15': ['insecure.optout.example', 'secure.optout.example']
}
self.assertRcodeEqual(res, dns.rcode.NOERROR)
self.assertRRsetInAnswer(res, expected)
+ def testCNAMEWithLowerEntries(self):
+ """
+ #4158, When chasing down for DS/DNSKEY and we find a CNAME, skip a level
+ """
+ expected = dns.rrset.from_text('node1.insecure.sub2.secure.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.18')
+
+ query = dns.message.make_query('node1.insecure.sub2.secure.example.', 'A')
+ query.flags |= dns.flags.AD
+ res = self.sendUDPQuery(query)
+
+ self.assertRcodeEqual(res, dns.rcode.NOERROR)
+ self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO'])
+ self.assertRRsetInAnswer(res, expected)
+
@classmethod
def startResponders(cls):
print("Launching responders..")