From: Kees Monshouwer Date: Thu, 28 Jul 2016 14:03:21 +0000 (+0200) Subject: test response for non existent direct nsec queries X-Git-Tag: auth-4.0.1~8^2 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=e6a28cfb788d1b7e0bac201c4768ecf51b863f44;p=pdns test response for non existent direct nsec queries --- diff --git a/regression-tests/tests/direct-nsec-nxdomain/command b/regression-tests/tests/direct-nsec-nxdomain/command new file mode 100755 index 000000000..79f0b35e3 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/command @@ -0,0 +1,2 @@ +#!/bin/sh +cleandig host-1234x.example.com NSEC dnssec diff --git a/regression-tests/tests/direct-nsec-nxdomain/description b/regression-tests/tests/direct-nsec-nxdomain/description new file mode 100644 index 000000000..ed16d8af6 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/description @@ -0,0 +1 @@ +Make sure we send a proper denial for nonexistent NSEC records diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result b/regression-tests/tests/direct-nsec-nxdomain/expected_result new file mode 100644 index 000000000..eb7ac3e81 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result @@ -0,0 +1,4 @@ +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec b/regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec new file mode 100644 index 000000000..15ec6c7ed --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec @@ -0,0 +1,9 @@ +1 example.com. IN NSEC 86400 double.example.com. NS SOA MX RRSIG NSEC DNSKEY +1 example.com. IN RRSIG 86400 NSEC 13 2 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +1 host-12349.example.com. IN NSEC 86400 host-1235.example.com. A RRSIG NSEC +1 host-12349.example.com. IN RRSIG 86400 NSEC 13 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow b/regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow new file mode 100644 index 000000000..7e49a1163 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow @@ -0,0 +1,11 @@ +1 4jiv8rrf3verm9rp51f55587fbfms5g9.example.com. IN NSEC3 86400 1 [flags] 1 abcd 4JIV8RRF3VERM9RP51F55587FBFMS5GB +1 4jiv8rrf3verm9rp51f55587fbfms5g9.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com. IN NSEC3 86400 1 [flags] 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2 +1 9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 [flags] 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 b/regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 new file mode 100644 index 000000000..5f40ba9cb --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 @@ -0,0 +1,11 @@ +1 4j9ti2b4c7iibemvegh99nmoe5m72rb6.example.com. IN NSEC3 86400 1 [flags] 1 abcd 4JKT13JQPK715SGVL9KSRFVACKO95SV4 A RRSIG +1 4j9ti2b4c7iibemvegh99nmoe5m72rb6.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN NSEC3 86400 1 [flags] 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG +1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 [flags] 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC