Fix closest encloser proof for wildcard nodata answers.

Add some tests to make sure I won't break this again...

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index da9e48ed0a14ccd444605b957ac8434258769825..91a98bdcd621e72de877c9dadd33e2d0fddc0e76 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -589,11 +589,13 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
   // cerr<<"salt in ph: '"<<makeHexDump(ns3rc.d_salt)<<"', narrow="<<narrow<<endl;
   
   string unhashed, hashed, before, after;
-  string closest=(mode == 3 || mode == 4) ? wildcard : target;
+  string closest;
   
   if (mode == 2 || mode == 3 || mode == 4) {
+    closest=wildcard;
     chopOff(closest);
-  }
+  } else
+    closest=target;
   
   if (mode == 1) {
     DNSResourceRecord rr;

diff --git a/regression-tests/nsecx-mode2-wildcard-nodata/command b/regression-tests/nsecx-mode2-wildcard-nodata/command
new file mode 100755 (executable)
index 0000000..3bc0496
--- /dev/null
+++ b/regression-tests/nsecx-mode2-wildcard-nodata/command
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig second.first.something.wtest.com TXT dnssec

diff --git a/regression-tests/nsecx-mode2-wildcard-nodata/description b/regression-tests/nsecx-mode2-wildcard-nodata/description
new file mode 100644 (file)
index 0000000..3208dd5
--- /dev/null
+++ b/regression-tests/nsecx-mode2-wildcard-nodata/description
@@ -0,0 +1 @@
+Check NSECx response for wildcards no data asnwers (mode 2)

diff --git a/regression-tests/nsecx-mode2-wildcard-nodata/expected_result b/regression-tests/nsecx-mode2-wildcard-nodata/expected_result
new file mode 100644 (file)
index 0000000..c662d6d
--- /dev/null
+++ b/regression-tests/nsecx-mode2-wildcard-nodata/expected_result
@@ -0,0 +1,9 @@
+1      *.something.wtest.com.  IN      NSEC    86400   a.something.wtest.com. A RRSIG NSEC
+1      *.something.wtest.com.  IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      a.something.wtest.com.  IN      NSEC    86400   wtest.com. A RRSIG NSEC
+1      a.something.wtest.com.  IN      RRSIG   86400   NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      SOA     3600    ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=TXT

diff --git a/regression-tests/nsecx-mode2-wildcard-nodata/expected_result.narrow b/regression-tests/nsecx-mode2-wildcard-nodata/expected_result.narrow
new file mode 100644 (file)
index 0000000..a14a2fd
--- /dev/null
+++ b/regression-tests/nsecx-mode2-wildcard-nodata/expected_result.narrow
@@ -0,0 +1,11 @@
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd D0RJLF3TFUL8JFJK86VI5CE50NUEA9A8
+1      d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd PD15QDSJJBFOSU5FG2OQRNLB8R8OIFL7 A RRSIG
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      SOA     3600    ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=TXT

diff --git a/regression-tests/nsecx-mode2-wildcard-nodata/expected_result.nsec3 b/regression-tests/nsecx-mode2-wildcard-nodata/expected_result.nsec3
new file mode 100644 (file)
index 0000000..11fc869
--- /dev/null
+++ b/regression-tests/nsecx-mode2-wildcard-nodata/expected_result.nsec3
@@ -0,0 +1,11 @@
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd J02K7MH36PLGFKRS6UTOCESCCQ5P7EOB A RRSIG
+1      cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      SOA     3600    ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=TXT

diff --git a/regression-tests/nsecx-mode2-wildcard-nodata/skip.nodnssec b/regression-tests/nsecx-mode2-wildcard-nodata/skip.nodnssec
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/regression-tests/nsecx-mode3-wildcard/command b/regression-tests/nsecx-mode3-wildcard/command
new file mode 100755 (executable)
index 0000000..f6f5377
--- /dev/null
+++ b/regression-tests/nsecx-mode3-wildcard/command
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig second.first.something.wtest.com A dnssec

diff --git a/regression-tests/nsecx-mode3-wildcard/description b/regression-tests/nsecx-mode3-wildcard/description
new file mode 100644 (file)
index 0000000..bd1d7db
--- /dev/null
+++ b/regression-tests/nsecx-mode3-wildcard/description
@@ -0,0 +1 @@
+Check NSECx response for wildcard asnwers (mode 3)

diff --git a/regression-tests/nsecx-mode3-wildcard/expected_result b/regression-tests/nsecx-mode3-wildcard/expected_result
new file mode 100644 (file)
index 0000000..66ff71a
--- /dev/null
+++ b/regression-tests/nsecx-mode3-wildcard/expected_result
@@ -0,0 +1,7 @@
+0      second.first.something.wtest.com.       IN      A       3600    4.3.2.1
+0      second.first.something.wtest.com.       IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      a.something.wtest.com.  IN      NSEC    86400   wtest.com. A RRSIG NSEC
+1      a.something.wtest.com.  IN      RRSIG   86400   NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=A

diff --git a/regression-tests/nsecx-mode3-wildcard/expected_result.narrow b/regression-tests/nsecx-mode3-wildcard/expected_result.narrow
new file mode 100644 (file)
index 0000000..18973c7
--- /dev/null
+++ b/regression-tests/nsecx-mode3-wildcard/expected_result.narrow
@@ -0,0 +1,9 @@
+0      second.first.something.wtest.com.       IN      A       3600    4.3.2.1
+0      second.first.something.wtest.com.       IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd D0RJLF3TFUL8JFJK86VI5CE50NUEA9A8
+1      d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=A

diff --git a/regression-tests/nsecx-mode3-wildcard/expected_result.nsec3 b/regression-tests/nsecx-mode3-wildcard/expected_result.nsec3
new file mode 100644 (file)
index 0000000..0c2216d
--- /dev/null
+++ b/regression-tests/nsecx-mode3-wildcard/expected_result.nsec3
@@ -0,0 +1,9 @@
+0      second.first.something.wtest.com.       IN      A       3600    4.3.2.1
+0      second.first.something.wtest.com.       IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com.     IN      NSEC3   86400   1 [flags] 1 abcd J02K7MH36PLGFKRS6UTOCESCCQ5P7EOB A RRSIG
+1      cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=A

diff --git a/regression-tests/nsecx-mode3-wildcard/skip.nodnssec b/regression-tests/nsecx-mode3-wildcard/skip.nodnssec
new file mode 100644 (file)
index 0000000..e69de29