BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_insecure) {
std::unique_ptr<SyncRes> sr;
- initSR(sr, true);
+ initSR(sr, true, true);
g_dnssecmode = DNSSECMode::ValidateAll;
addRRSIG(keys, res->d_records, domain, 300);
return 1;
}
- else if (domain == target) {
+ else {
if (isRootServer(ip)) {
setLWResult(res, 0, false, false, true);
addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600);
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
- /* No DS on referral, and no denial of the DS either */
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ }
+ else {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, "powerdns.com.", QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ /* No DS on referral, and no denial of the DS either */
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
addRRSIG(keys, res->d_records, domain, 300);
return 1;
}
- else if (domain == target) {
+ else {
if (isRootServer(ip)) {
setLWResult(res, 0, false, false, true);
addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600);
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addDS(domain, 300, res->d_records, keys);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ }
+ else {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addDS(domain, 300, res->d_records, keys);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
- addRRSIG(keys, res->d_records, domain, 300);
- addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS, QType::DNSKEY }, 600, res->d_records);
- /* NO RRSIG for the NSEC record! */
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ else {
+ addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
+ addRRSIG(keys, res->d_records, domain, 300);
+ addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS, QType::DNSKEY }, 600, res->d_records);
+ /* NO RRSIG for the NSEC record! */
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_CHECK_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 6);
+ BOOST_CHECK_EQUAL(queriesCount, 8);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 6);
+ BOOST_CHECK_EQUAL(queriesCount, 8);
}
BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_unsigned_nsec) {
addRRSIG(keys, res->d_records, domain, 300);
return 1;
}
- else if (domain == target) {
+ else {
if (isRootServer(ip)) {
setLWResult(res, 0, false, false, true);
addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600);
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addDS(domain, 300, res->d_records, keys);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ }
+ else {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addDS(domain, 300, res->d_records, keys);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
- addRRSIG(keys, res->d_records, domain, 300);
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ else {
+ addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
+ addRRSIG(keys, res->d_records, domain, 300);
- /* NO NSEC record! */
+ /* NO NSEC record! */
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_CHECK_EQUAL(ret.size(), 2);
- BOOST_CHECK_EQUAL(queriesCount, 6);
+ BOOST_CHECK_EQUAL(queriesCount, 8);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2);
- BOOST_CHECK_EQUAL(queriesCount, 6);
+ BOOST_CHECK_EQUAL(queriesCount, 8);
}
BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure) {
return 1;
}
}
- else if (domain == target) {
+ else {
if (isRootServer(ip)) {
setLWResult(res, 0, false, false, true);
addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600);
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- /* no DS */
- addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ }
+ else {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ /* no DS */
+ addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600);
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ }
+ else {
+ addRecordToLW(res, domain, QType::A, targetAddr.toString());
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1);
BOOST_CHECK(ret[0].d_type == QType::A);
- /* only 4 because no DS query for powerdns.com (DS denial in referral), and then no DNSKEY query either (insecure) */
- BOOST_CHECK_EQUAL(queriesCount, 4);
+ /* 4 NS: com at ., com at com, powerdns.com at com, powerdns.com at powerdns.com
+ 4 DNSKEY: ., com (not for powerdns.com because DS denial in referral)
+ 1 query for A */
+ BOOST_CHECK_EQUAL(queriesCount, 7);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1);
BOOST_CHECK(ret[0].d_type == QType::A);
- BOOST_CHECK_EQUAL(queriesCount, 4);
+ BOOST_CHECK_EQUAL(queriesCount, 7);
}
BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_skipped_cut) {
std::unique_ptr<SyncRes> sr;
- initSR(sr, true, true);
+ initSR(sr, true);
g_dnssecmode = DNSSECMode::ValidateAll;
}
}
else if (type == QType::DNSKEY) {
- if (domain == g_rootdnsname || domain == DNSName("com.")) {
+ if (domain == g_rootdnsname || domain == DNSName("com.") || domain == DNSName("powerdns.com.")) {
setLWResult(res, 0, true, false, true);
addDNSKEY(keys, domain, 300, res->d_records);
addRRSIG(keys, res->d_records, domain, 300);
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, DNSName("powerdns.com."), QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addDS(DNSName("powerdns.com."), 300, res->d_records, keys);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, DNSName("com."), QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ }
+ else {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, DNSName("powerdns.com."), QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addDS(DNSName("powerdns.com."), 300, res->d_records, keys);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600);
+ if (type == QType::NS) {
+ if (domain == DNSName("www.sub.powerdns.com.")) {
+ addRecordToLW(res, DNSName("sub.powerdns.com"), QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
+ }
+ else if (domain == DNSName("sub.powerdns.com.")) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300);
+ addNSECRecordToLW(domain, DNSName("tub.powerdns.com."), { QType::NS }, 600, res->d_records);
+ addRRSIG(keys, res->d_records, DNSName("powerdns.com"), 300);
+ }
+ else if (domain == DNSName("powerdns.com.")) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRRSIG(keys, res->d_records, DNSName("powerdns.com."), 300);
+ }
+ } else {
+ addRecordToLW(res, domain, QType::A, targetAddr.toString(), DNSResourceRecord::ANSWER, 3600);
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1);
BOOST_CHECK(ret[0].d_type == QType::A);
- BOOST_CHECK_EQUAL(queriesCount, 5);
+ BOOST_CHECK_EQUAL(queriesCount, 11);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1);
BOOST_CHECK(ret[0].d_type == QType::A);
- BOOST_CHECK_EQUAL(queriesCount, 5);
+ BOOST_CHECK_EQUAL(queriesCount, 11);
}
BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_ta_skipped_cut) {
std::unique_ptr<SyncRes> sr;
- initSR(sr, true, true);
+ initSR(sr, true);
g_dnssecmode = DNSSECMode::ValidateAll;
BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2);
BOOST_CHECK(ret[0].d_type == QType::A);
- BOOST_CHECK_EQUAL(queriesCount, 5);
+ BOOST_CHECK_EQUAL(queriesCount, 9);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2);
BOOST_CHECK(ret[0].d_type == QType::A);
- BOOST_CHECK_EQUAL(queriesCount, 5);
+ BOOST_CHECK_EQUAL(queriesCount, 9);
}
BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nodata) {
return 1;
}
}
- else if (domain == target) {
+ else {
if (isRootServer(ip)) {
setLWResult(res, 0, false, false, true);
addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600);
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- /* no DS */
- addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ }
+ else {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ /* no DS */
+ addNSECRecordToLW(domain, DNSName("z.powerdns.com."), { QType::NS }, 600, res->d_records);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
- setLWResult(res, 0, true, false, true);
- addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
+ else {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::SOA, "pdns-public-ns1.powerdns.com. pieter\\.lexis.powerdns.com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600);
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1);
- /* same as above */
- BOOST_CHECK_EQUAL(queriesCount, 4);
+ /* 4 NS (com from root, com from com, powerdns.com from com,
+ powerdns.com from powerdns.com)
+ 2 DNSKEY (. and com., none for powerdns.com because no DS)
+ 1 query for A
+ */
+ BOOST_CHECK_EQUAL(queriesCount, 7);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1);
- BOOST_CHECK_EQUAL(queriesCount, 4);
+ BOOST_CHECK_EQUAL(queriesCount, 7);
}
BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname) {
}
else if (ip == ComboAddress("192.0.2.1:53")) {
setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- if (domain == DNSName("powerdns.com.")) {
- addDS(DNSName("powerdns.com."), 300, res->d_records, keys);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
}
- else if (domain == targetCName) {
- addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records);
+ else {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ if (domain == DNSName("powerdns.com.")) {
+ addDS(DNSName("powerdns.com."), 300, res->d_records, keys);
+ }
+ else if (domain == targetCName) {
+ addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records);
+ }
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
}
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- if (domain == DNSName("powerdns.com.")) {
- addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
- addRRSIG(keys, res->d_records, domain, 300);
+
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ if (domain == DNSName("powerdns.com.")) {
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("powerdns.com.")) {
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
}
- else if (domain == targetCName) {
- addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ else {
+ if (domain == DNSName("powerdns.com.")) {
+ addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ else if (domain == targetCName) {
+ addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ }
}
+
return 1;
}
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 11);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 11);
}
BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_secure_cname) {
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- if (domain == targetCName) {
- addDS(DNSName("powerdns.com."), 300, res->d_records, keys);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
}
- else if (domain == target) {
- addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records);
+ else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ if (domain == targetCName) {
+ addDS(DNSName("powerdns.com."), 300, res->d_records, keys);
+ }
+ else if (domain == target) {
+ addNSECRecordToLW(domain, DNSName("z.power-dns.com."), { QType::NS }, 600, res->d_records);
+ }
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
}
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- if (domain == target) {
- addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ if (domain == DNSName("powerdns.com.")) {
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("powerdns.com.")) {
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
}
- else if (domain == targetCName) {
- addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
- addRRSIG(keys, res->d_records, domain, 300);
+ else {
+ if (domain == target) {
+ addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ }
+ else if (domain == targetCName) {
+ addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
}
return 1;
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 11);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 11);
}
BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_secure_cname) {
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addDS(domain, 300, res->d_records, keys);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ }
+ else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addDS(DNSName(domain), 300, res->d_records, keys);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- if (domain == target) {
- addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
- /* No RRSIG, leading to bogus */
- }
- else if (domain == targetCName) {
- addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRRSIG(keys, res->d_records, domain, 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
addRRSIG(keys, res->d_records, domain, 300);
}
+ else {
+ if (domain == target) {
+ addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ /* No RRSIG, leading to bogus */
+ }
+ else if (domain == targetCName) {
+ addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 12);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 12);
}
BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_bogus_cname) {
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addDS(domain, 300, res->d_records, keys);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ }
+ else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addDS(DNSName(domain), 300, res->d_records, keys);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- if (domain == target) {
- addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRRSIG(keys, res->d_records, domain, 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
addRRSIG(keys, res->d_records, domain, 300);
}
- else if (domain == targetCName) {
- addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
- /* No RRSIG, leading to bogus */
+ else {
+ if (domain == target) {
+ addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ else if (domain == targetCName) {
+ addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ /* No RRSIG, leading to bogus */
+ }
}
return 1;
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 12);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3);
- BOOST_CHECK_EQUAL(queriesCount, 8);
+ BOOST_CHECK_EQUAL(queriesCount, 12);
}
BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_cname) {
return 1;
}
else if (ip == ComboAddress("192.0.2.1:53")) {
- setLWResult(res, 0, false, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
- addDS(domain, 300, res->d_records, keys);
- addRRSIG(keys, res->d_records, DNSName("com."), 300);
- addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ if (domain == DNSName("com.")) {
+ setLWResult(res, 0, true, false, true);
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ }
+ else if (domain == DNSName("powerdns.com.") || domain == DNSName("power-dns.com.")) {
+ setLWResult(res, 0, false, false, true);
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.", DNSResourceRecord::AUTHORITY, 3600);
+ addDS(DNSName(domain), 300, res->d_records, keys);
+ addRRSIG(keys, res->d_records, DNSName("com."), 300);
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
+ }
return 1;
}
else if (ip == ComboAddress("192.0.2.2:53")) {
setLWResult(res, 0, true, false, true);
- if (domain == target) {
- addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ if (type == QType::NS) {
+ addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
addRRSIG(keys, res->d_records, domain, 300);
- }
- else if (domain == targetCName) {
- addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ addRecordToLW(res, "ns1.powerdns.com.", QType::A, "192.0.2.2", DNSResourceRecord::ADDITIONAL, 3600);
addRRSIG(keys, res->d_records, domain, 300);
}
+ else {
+ if (domain == target) {
+ addRecordToLW(res, domain, QType::CNAME, targetCName.toString());
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ else if (domain == targetCName) {
+ addRecordToLW(res, domain, QType::A, targetCNameAddr.toString());
+ addRRSIG(keys, res->d_records, domain, 300);
+ }
+ }
return 1;
}
}
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4);
- BOOST_CHECK_EQUAL(queriesCount, 9);
+ BOOST_CHECK_EQUAL(queriesCount, 12);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4);
- BOOST_CHECK_EQUAL(queriesCount, 9);
+ BOOST_CHECK_EQUAL(queriesCount, 12);
}
BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_insecure_cname) {
std::unique_ptr<SyncRes> sr;
- initSR(sr, true, true);
+ initSR(sr, true);
g_dnssecmode = DNSSECMode::ValidateAll;
else if (ip == ComboAddress("192.0.2.1:53")) {
if (domain == DNSName("com.")) {
setLWResult(res, 0, true, false, true);
- addRecordToLW(res, domain, QType::NS, "ns1.powerdns.com.");
+ addRecordToLW(res, domain, QType::NS, "a.gtld-servers.com.");
addRRSIG(keys, res->d_records, DNSName("com."), 300);
addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600);
addRRSIG(keys, res->d_records, DNSName("com."), 300);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
/* no RRSIG to show */
BOOST_CHECK_EQUAL(ret.size(), 2);
- BOOST_CHECK_EQUAL(queriesCount, 7);
+ BOOST_CHECK_EQUAL(queriesCount, 10);
/* again, to test the cache */
ret.clear();
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
BOOST_CHECK_EQUAL(ret.size(), 2);
- BOOST_CHECK_EQUAL(queriesCount, 7);
+ BOOST_CHECK_EQUAL(queriesCount, 10);
}
BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta) {
projects / pdns / commitdiff