mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-31 14:05:33 +00:00
Code Issues Releases Wiki Activity

[master] Merge branch 'trac2586'

Browse Source
This commit is contained in:
JINMEI Tatuya
2013-02-12 10:12:43 -08:00
parent 24b3e0cb75 8d1f4d45b8
commit 3a3c7f52a1
2 changed files with 11 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/bin/auth/tests/query_unittest.cc
View File

@@ -1372,17 +1372,11 @@ TEST_P(QueryTest, nxdomainWithNSEC) {
} }
TEST_P(QueryTest, nxdomainWithNSEC2) { TEST_P(QueryTest, nxdomainWithNSEC2) {
// there seems to be a bug in the SQLite3 (or database in general) data
// source and this doesn't work (Trac #2586).
if (GetParam() == SQLITE3) {
return;
}
// See comments about no_txt. In this case the best possible wildcard // See comments about no_txt. In this case the best possible wildcard
// is derived from the next domain of the NSEC that proves NXDOMAIN, and // is derived from the next domain of the NSEC that proves NXDOMAIN, and
// the NSEC to provide the non existence of wildcard is different from // the NSEC to provide the non existence of wildcard is different from
// the first NSEC. // the first NSEC.
query.process(*list_, Name("(.no.example.com"), qtype, response, query.process(*list_, Name("!.no.example.com"), qtype, response,
true); true);
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0, responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
NULL, (string(soa_minttl_txt) + NULL, (string(soa_minttl_txt) +
@@ -1392,19 +1386,12 @@ TEST_P(QueryTest, nxdomainWithNSEC2) {
string("mx.example.com. 3600 IN RRSIG ") + string("mx.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC") + "\n" + getCommonRRSIGText("NSEC") + "\n" +
string(nsec_no_txt) + "\n" + string(nsec_no_txt) + "\n" +
string(").no.example.com. 3600 IN RRSIG ") + string("&.no.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")).c_str(), getCommonRRSIGText("NSEC")).c_str(),
NULL, mock_finder->getOrigin()); NULL, mock_finder->getOrigin());
} }
TEST_P(QueryTest, nxdomainWithNSECDuplicate) { TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
// there seems to be a bug in the SQLite3 (or database in general) data
// source and this doesn't work. This is probably the same type of bug
// as nxdomainWithNSEC2 (Trac #2586).
if (GetParam() == SQLITE3) {
return;
}
// See comments about nz_txt. In this case we only need one NSEC, // See comments about nz_txt. In this case we only need one NSEC,
// which proves both NXDOMAIN and the non existence of wildcard. // which proves both NXDOMAIN and the non existence of wildcard.
query.process(*list_, Name("nx.no.example.com"), qtype, response, query.process(*list_, Name("nx.no.example.com"), qtype, response,
@@ -1414,7 +1401,7 @@ TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
string("example.com. 0 IN RRSIG ") + string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" + getCommonRRSIGText("SOA") + "\n" +
string(nsec_no_txt) + "\n" + string(nsec_no_txt) + "\n" +
string(").no.example.com. 3600 IN RRSIG ") + string("&.no.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")).c_str(), getCommonRRSIGText("NSEC")).c_str(),
NULL, mock_finder->getOrigin()); NULL, mock_finder->getOrigin());
} }
@@ -1528,7 +1515,7 @@ TEST_P(QueryTest, nxrrsetWithNSEC) {
TEST_P(QueryTest, emptyNameWithNSEC) { TEST_P(QueryTest, emptyNameWithNSEC) {
// Empty non terminal with DNSSEC proof. This is one of the cases of // Empty non terminal with DNSSEC proof. This is one of the cases of
// Section 3.1.3.2 of RFC4035. // Section 3.1.3.2 of RFC4035.
// mx.example.com. NSEC ).no.example.com. proves no.example.com. is a // mx.example.com. NSEC &.no.example.com. proves no.example.com. is a
// non empty terminal node. Note that it also implicitly proves there // non empty terminal node. Note that it also implicitly proves there
// should be no closer wildcard match (because the empty name is an // should be no closer wildcard match (because the empty name is an
// exact match), so we only need one NSEC. // exact match), so we only need one NSEC.

14
src/bin/auth/tests/testdata/example-base-inc.zone vendored
View File

@@ -150,32 +150,32 @@ t.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 e
;; the best possible wildcard is below the "next domain" of the NSEC RR that ;; the best possible wildcard is below the "next domain" of the NSEC RR that
;; proves the NXDOMAIN, i.e., ;; proves the NXDOMAIN, i.e.,
;; mx.example.com. (exist) ;; mx.example.com. (exist)
;; (.no.example.com. (qname, NXDOMAIN) ;; !.no.example.com. (qname, NXDOMAIN)
;; ).no.example.com. (exist) ;; &.no.example.com. (exist)
;; *.no.example.com. (best possible wildcard, not exist) ;; *.no.example.com. (best possible wildcard, not exist)
;var=no_txt ;var=no_txt
\).no.example.com. 3600 IN AAAA 2001:db8::53 &.no.example.com. 3600 IN AAAA 2001:db8::53
;; NSEC records. ;; NSEC records.
;var=nsec_apex_txt ;var=nsec_apex_txt
example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
;var= ;var=
example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;var=nsec_mx_txt ;var=nsec_mx_txt
mx.example.com. 3600 IN NSEC \).no.example.com. MX NSEC RRSIG mx.example.com. 3600 IN NSEC &.no.example.com. MX NSEC RRSIG
;var= ;var=
mx.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE mx.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;var=nsec_no_txt ;var=nsec_no_txt
\).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG &.no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
;var= ;var=
\).no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE &.no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;; We'll also test the case where a single NSEC proves both NXDOMAIN and the ;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
;; non existence of wildcard. The following records will be used for that ;; non existence of wildcard. The following records will be used for that
;; test. ;; test.
;; ).no.example.com. (exist, whose NSEC proves everything) ;; &.no.example.com. (exist, whose NSEC proves everything)
;; *.no.example.com. (best possible wildcard, not exist) ;; *.no.example.com. (best possible wildcard, not exist)
;; nx.no.example.com. (NXDOMAIN) ;; nx.no.example.com. (NXDOMAIN)
;; nz.no.example.com. (exist) ;; nz.no.example.com. (exist)