]> granicus.if.org Git - pdns/commitdiff
projects / pdns / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c27c8d9)
prove wildcard in synthesis NODATA situation (Kees Monshouwer)
authorPeter van Dijk <peter.van.dijk@netherlabs.nl>
Fri, 9 Nov 2012 09:46:40 +0000 (09:46 +0000)
committerPeter van Dijk <peter.van.dijk@netherlabs.nl>
Fri, 9 Nov 2012 09:46:40 +0000 (09:46 +0000)
git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2872 d19b8d6e-7fed-0310-83ef-9ca221ded41b

pdns/packethandler.cc patch | blob | history
regression-tests/nsec-wildcard/description patch | blob | history
regression-tests/nsec-wildcard/expected_result.nsec3 patch | blob | history

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index c7b07e44f332551987b346b944e469b20639b1d5..7cf8de244594a65511c7489b85806538a5339e61 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -613,13 +613,13 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
   }
   
   // wildcard denial
-  if (mode == 4) {
+  if (mode == 2 || mode == 4) {
     unhashed=dotConcat("*", closest);
 
     hashed=hashQNameWithSalt(ns3rc.d_iterations, ns3rc.d_salt, unhashed);
     // L<<"3 hash: "<<toBase32Hex(hashed)<<" "<<unhashed<<endl;
     
-    getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, true, unhashed, before, after);
+    getNSEC3Hashes(narrow, sd.db, sd.domain_id,  hashed, (mode != 2), unhashed, before, after);
     DLOG(L<<"Done calling for '*', hashed: '"<<toBase32Hex(hashed)<<"' before='"<<toBase32Hex(before)<<"', after='"<<toBase32Hex(after)<<"'"<<endl);
     emitNSEC3( ns3rc, sd, unhashed, before, after, target, r, mode);
   }
diff --git a/regression-tests/nsec-wildcard/description b/regression-tests/nsec-wildcard/description
index 7a68de275cfebf4ffc3f61d021e7047f73b9005f..da34b6ed9953d15d50fb9a79baa0bcaf755b5f64 100644 (file)
--- a/regression-tests/nsec-wildcard/description
+++ b/regression-tests/nsec-wildcard/description
@@ -1,4 +1,2 @@
 We would sometimes synthesize an NSEC from a wildcard. This test
 makes sure we have stopped doing that.
-(I have a feeling unbound only accepts our output because of the
-opt-out flags. FIXME?)
diff --git a/regression-tests/nsec-wildcard/expected_result.nsec3 b/regression-tests/nsec-wildcard/expected_result.nsec3
index 2ee8b774a1f8cf66a036ad87670de0755264cee7..30a9c881b37c53d488cf507e50c151789ffc1542 100644 (file)
--- a/regression-tests/nsec-wildcard/expected_result.nsec3
+++ b/regression-tests/nsec-wildcard/expected_result.nsec3
@@ -1,5 +1,7 @@
 1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
 1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   86400   1 1 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
 1      shegk154n8362ag22ar9vddrf3127m6i.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 53I5J7TGM8QG2GBV716RVQVARQCIJUE2 A NS SOA MX RRSIG DNSKEY NSEC3PARAM
 1      shegk154n8362ag22ar9vddrf3127m6i.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
 1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
Unnamed repository; edit this file 'description' to name the repository.