From df69c4220486284b7dd4fa8758889a396269e510 Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Wed, 24 Oct 2012 14:18:37 +0000 Subject: [PATCH] also prove/deny CNAME names in nsec3dig git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2823 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- pdns/nsec3dig.cc | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/pdns/nsec3dig.cc b/pdns/nsec3dig.cc index 83efa677d..ac7ec9433 100644 --- a/pdns/nsec3dig.cc +++ b/pdns/nsec3dig.cc @@ -6,6 +6,7 @@ #include "statbag.hh" #include "base32.hh" #include "dnssecinfra.hh" +#include StatBag S; @@ -21,6 +22,7 @@ void proveOrDeny(const nsec3set &nsec3s, const string &qname, const string &salt { string hashed = nsec3Hash(qname, salt, iters); + // cerr<<"proveOrDeny(.., '"< names; + set namesseen; + set namestocheck; nsec3set nsec3s; string nsec3salt; int nsec3iters = 0; @@ -112,7 +116,9 @@ try } else { + // cerr<<"namesseen.insert('"<first.d_label<<"')"<first.d_label); + namesseen.insert(i->first.d_label); } cout<first.d_place-1<<"\t"<first.d_label<<"\tIN\t"<first.d_type); @@ -133,11 +139,18 @@ try cout<<"== nsec3 prove/deny report follows =="< proven; set denied; - string shorter(qname); - do { - proveOrDeny(nsec3s, shorter, nsec3salt, nsec3iters, proven, denied); - proveOrDeny(nsec3s, "*."+shorter, nsec3salt, nsec3iters, proven, denied); - } while(chopOff(shorter)); + BOOST_FOREACH(string n, namesseen) + { + string shorter(n); + do { + namestocheck.insert(shorter); + } while(chopOff(shorter)); + } + BOOST_FOREACH(string n, namestocheck) + { + proveOrDeny(nsec3s, n, nsec3salt, nsec3iters, proven, denied); + proveOrDeny(nsec3s, "*."+n, nsec3salt, nsec3iters, proven, denied); + } if(names.count(qname+".")) { @@ -150,7 +163,7 @@ try cout<<"qname found proven, NODATA response?"<