From e6a28cfb788d1b7e0bac201c4768ecf51b863f44 Mon Sep 17 00:00:00 2001 From: Kees Monshouwer Date: Thu, 28 Jul 2016 16:03:21 +0200 Subject: [PATCH] test response for non existent direct nsec queries --- regression-tests/tests/direct-nsec-nxdomain/command | 2 ++ .../tests/direct-nsec-nxdomain/description | 1 + .../tests/direct-nsec-nxdomain/expected_result | 4 ++++ .../tests/direct-nsec-nxdomain/expected_result.dnssec | 9 +++++++++ .../tests/direct-nsec-nxdomain/expected_result.narrow | 11 +++++++++++ .../tests/direct-nsec-nxdomain/expected_result.nsec3 | 11 +++++++++++ 6 files changed, 38 insertions(+) create mode 100755 regression-tests/tests/direct-nsec-nxdomain/command create mode 100644 regression-tests/tests/direct-nsec-nxdomain/description create mode 100644 regression-tests/tests/direct-nsec-nxdomain/expected_result create mode 100644 regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec create mode 100644 regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow create mode 100644 regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 diff --git a/regression-tests/tests/direct-nsec-nxdomain/command b/regression-tests/tests/direct-nsec-nxdomain/command new file mode 100755 index 000000000..79f0b35e3 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/command @@ -0,0 +1,2 @@ +#!/bin/sh +cleandig host-1234x.example.com NSEC dnssec diff --git a/regression-tests/tests/direct-nsec-nxdomain/description b/regression-tests/tests/direct-nsec-nxdomain/description new file mode 100644 index 000000000..ed16d8af6 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/description @@ -0,0 +1 @@ +Make sure we send a proper denial for nonexistent NSEC records diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result b/regression-tests/tests/direct-nsec-nxdomain/expected_result new file mode 100644 index 000000000..eb7ac3e81 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result @@ -0,0 +1,4 @@ +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec b/regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec new file mode 100644 index 000000000..15ec6c7ed --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result.dnssec @@ -0,0 +1,9 @@ +1 example.com. IN NSEC 86400 double.example.com. NS SOA MX RRSIG NSEC DNSKEY +1 example.com. IN RRSIG 86400 NSEC 13 2 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +1 host-12349.example.com. IN NSEC 86400 host-1235.example.com. A RRSIG NSEC +1 host-12349.example.com. IN RRSIG 86400 NSEC 13 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow b/regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow new file mode 100644 index 000000000..7e49a1163 --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result.narrow @@ -0,0 +1,11 @@ +1 4jiv8rrf3verm9rp51f55587fbfms5g9.example.com. IN NSEC3 86400 1 [flags] 1 abcd 4JIV8RRF3VERM9RP51F55587FBFMS5GB +1 4jiv8rrf3verm9rp51f55587fbfms5g9.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com. IN NSEC3 86400 1 [flags] 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2 +1 9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 [flags] 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC diff --git a/regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 b/regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 new file mode 100644 index 000000000..5f40ba9cb --- /dev/null +++ b/regression-tests/tests/direct-nsec-nxdomain/expected_result.nsec3 @@ -0,0 +1,11 @@ +1 4j9ti2b4c7iibemvegh99nmoe5m72rb6.example.com. IN NSEC3 86400 1 [flags] 1 abcd 4JKT13JQPK715SGVL9KSRFVACKO95SV4 A RRSIG +1 4j9ti2b4c7iibemvegh99nmoe5m72rb6.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN NSEC3 86400 1 [flags] 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG +1 9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN RRSIG 86400 SOA 13 2 100000 [expiry] [inception] [keytag] example.com. ... +1 example.com. IN SOA 86400 ns1.example.com. ahu.example.com. 2847484148 28800 7200 604800 86400 +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN NSEC3 86400 1 [flags] 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM +1 vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com. IN RRSIG 86400 NSEC3 13 3 86400 [expiry] [inception] [keytag] example.com. ... +2 . IN OPT 32768 +Rcode: 3 (Non-Existent domain), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0 +Reply to question for qname='host-1234x.example.com.', qtype=NSEC -- 2.40.0