From: Kees Monshouwer Date: Sat, 31 Aug 2013 17:32:44 +0000 (+0200) Subject: fix NSEC for asterisk ents and add test X-Git-Tag: rec-3.6.0-rc1~487^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=628ab42d92ab382e1f0292f75cdf1e7dc909a787;p=pdns fix NSEC for asterisk ents and add test --- diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc index 8a69545a4..cf9cdbee8 100644 --- a/pdns/packethandler.cc +++ b/pdns/packethandler.cc @@ -671,7 +671,7 @@ void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, co if (mode == 2) { // wildcard NO-DATA - before='.'; + before.clear(); sd.db->getBeforeAndAfterNames(sd.domain_id, auth, wildcard, before, after); emitNSEC(before, after, target, sd, r, mode); } diff --git a/regression-tests/ent-asterisk/command b/regression-tests/ent-asterisk/command new file mode 100755 index 000000000..bce5a5ec6 --- /dev/null +++ b/regression-tests/ent-asterisk/command @@ -0,0 +1,3 @@ +#!/bin/sh + +cleandig sub.host.sub.example.com a dnssec diff --git a/regression-tests/ent-asterisk/description b/regression-tests/ent-asterisk/description new file mode 100644 index 000000000..9aeca6397 --- /dev/null +++ b/regression-tests/ent-asterisk/description @@ -0,0 +1 @@ +Check if asterisk empty non-terminal is interpreted as wildcard wihout type diff --git a/regression-tests/ent-asterisk/expected_result b/regression-tests/ent-asterisk/expected_result new file mode 100644 index 000000000..f0a6a863d --- /dev/null +++ b/regression-tests/ent-asterisk/expected_result @@ -0,0 +1,4 @@ +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='sub.host.sub.example.com.', qtype=A diff --git a/regression-tests/ent-asterisk/expected_result.dnssec b/regression-tests/ent-asterisk/expected_result.dnssec new file mode 100644 index 000000000..98cd61b77 --- /dev/null +++ b/regression-tests/ent-asterisk/expected_result.dnssec @@ -0,0 +1,10 @@ +1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +1 host.*.sub.example.com. IN NSEC 86400 text.example.com. A RRSIG NSEC +1 host.*.sub.example.com. IN RRSIG 86400 NSEC 8 5 86400 [expiry] [inception] [keytag] example.com. ... +1 start4.example.com. IN NSEC 86400 host.*.sub.example.com. A RRSIG NSEC +1 start4.example.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='sub.host.sub.example.com.', qtype=A +./ent-asterisk/unbound-host.out:sub.host.sub.example.com has no address (BOGUS (security failure)) diff --git a/regression-tests/ent-asterisk/expected_result.narrow b/regression-tests/ent-asterisk/expected_result.narrow new file mode 100644 index 000000000..46769e00e --- /dev/null +++ b/regression-tests/ent-asterisk/expected_result.narrow @@ -0,0 +1,11 @@ +1 5ui8h56r4776maicvhpdegs6chr19i99.example.com. IN NSEC3 86400 1 [flags] 1 abcd 5UI8H56R4776MAICVHPDEGS6CHR19I9A +1 5ui8h56r4776maicvhpdegs6chr19i99.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +1 hhrsadparthvtuou67trentjstdodla0.example.com. IN NSEC3 86400 1 [flags] 1 abcd HHRSADPARTHVTUOU67TRENTJSTDODLA1 +1 hhrsadparthvtuou67trentjstdodla0.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com. IN NSEC3 86400 1 [flags] 1 abcd PBL3RTQV3MT7EB29GQP0A17O0H42NJ78 +1 pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='sub.host.sub.example.com.', qtype=A diff --git a/regression-tests/ent-asterisk/expected_result.nsec3 b/regression-tests/ent-asterisk/expected_result.nsec3 new file mode 100644 index 000000000..b462df8be --- /dev/null +++ b/regression-tests/ent-asterisk/expected_result.nsec3 @@ -0,0 +1,11 @@ +1 5ui8h56r4776maicvhpdegs6chr19i99.example.com. IN NSEC3 86400 1 [flags] 1 abcd 5UMB87SUFNRRMLILGL48A5GUUHG7RI58 +1 5ui8h56r4776maicvhpdegs6chr19i99.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +1 hhrsadparthvtuou67trentjstdodla0.example.com. IN NSEC3 86400 1 [flags] 1 abcd HHTKKD5HB125SGANBTKMQK84LULH60LH +1 hhrsadparthvtuou67trentjstdodla0.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +1 pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com. IN NSEC3 86400 1 [flags] 1 abcd PBL4SE96F8T4H4Q24UQMRQ4KS96AHPV3 A RRSIG +1 pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='sub.host.sub.example.com.', qtype=A diff --git a/regression-tests/ent-asterisk/skip.noent b/regression-tests/ent-asterisk/skip.noent new file mode 100644 index 000000000..e69de29bb