BIND 10 trac1308, updated. 6d921ed561b6ef9d26273ca321dfa24622a982b5 [1308] Add WILDCARD_EMPTY case in Query::process()
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Dec 1 03:29:36 UTC 2011
The branch, trac1308 has been updated
via 6d921ed561b6ef9d26273ca321dfa24622a982b5 (commit)
from eb06cb8dfea727c5d9366583581ca674d23c4c2e (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6d921ed561b6ef9d26273ca321dfa24622a982b5
Author: Xie Jiagui <xiejiagui at cnnic.cn>
Date: Thu Dec 1 11:27:49 2011 +0800
[1308] Add WILDCARD_EMPTY case in Query::process()
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/query.cc | 1 +
src/bin/auth/tests/query_unittest.cc | 71 ++++++++++++++++++++++++++++------
src/lib/datasrc/zone.h | 3 +-
3 files changed, 62 insertions(+), 13 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/query.cc b/src/bin/auth/query.cc
index b7ee3b6..a53dbb7 100644
--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -385,6 +385,7 @@ Query::process() {
}
break;
case ZoneFinder::WILDCARD_NXRRSET:
+ case ZoneFinder::WILDCARD_EMPTY:
addSOA(*result.zone_finder);
if (dnssec_ && db_result.rrset) {
addWildcardNxrrsetProof(zfinder,db_result.rrset);
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index 43a2077..426111a 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -109,6 +109,13 @@ const char* const wild_txt_next =
"www.uwild.example.com. 3600 IN A 192.0.2.11\n";
const char* const nsec_wild_txt_next =
"www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG\n";
+// Wildcard empty
+const char* const empty_txt = "b.*.t.example.com. 3600 IN A 192.0.2.13\n";
+const char* const nsec_empty_txt =
+ "b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG\n";
+const char* const empty_prev_txt = "t.example.com. 3600 IN A 192.0.2.15\n";
+const char* const nsec_empty_prev_txt =
+ "t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG\n";
// Used in NXDOMAIN proof test. We are going to test some unusual case where
// the best possible wildcard is below the "next domain" of the NSEC RR that
// proves the NXDOMAIN, i.e.,
@@ -188,8 +195,9 @@ public:
nsec_apex_txt << nsec_mx_txt << nsec_no_txt << nsec_nz_txt <<
nsec_nxdomain_txt << nsec_www_txt << nonsec_a_txt <<
wild_txt << nsec_wild_txt << cnamewild_txt << nsec_cnamewild_txt <<
- wild_txt_nxrrset<<nsec_wild_txt_nxrrset<<wild_txt_next<<
- nsec_wild_txt_next;
+ wild_txt_nxrrset << nsec_wild_txt_nxrrset << wild_txt_next <<
+ nsec_wild_txt_next << empty_txt << nsec_empty_txt <<
+ empty_prev_txt << nsec_empty_prev_txt;
masterLoad(zone_stream, origin_, rrclass_,
boost::bind(&MockZoneFinder::loadRRset, this, _1));
@@ -407,24 +415,43 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// due to the existence of closer name.
if ((options & NO_WILDCARD) == 0) {
const Name wild_suffix(name.split(1));
+ // Unit Tests use those domains for Wildcard test.
if (name.equals(Name("www.wild.example.com"))||
- name.equals(Name("www1.uwild.example.com"))) {
+ name.equals(Name("www1.uwild.example.com"))||
+ name.equals(Name("a.t.example.com"))) {
if (name.compare(wild_suffix).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
domain = domains_.find(Name("*").concatenate(wild_suffix));
- assert(domain != domains_.end());
- RRsetStore::const_iterator found_rrset = domain->second.find(type);
- if (found_rrset != domain->second.end()) {
+ // Matched the QNAME
+ if (domain != domains_.end()) {
+ RRsetStore::const_iterator found_rrset = domain->second.find(type);
+ // Matched the QTYPE
+ if(found_rrset != domain->second.end()) {
return (FindResult(WILDCARD,
substituteWild(*found_rrset->second, name)));
- } else {
- found_rrset = domain->second.find(RRType::NSEC());
- assert(found_rrset != domain->second.end());
- Name newName = Name("*").concatenate(wild_suffix);
- return (FindResult(WILDCARD_NXRRSET,
+ } else {
+ // No matched QTYPE, this case is for WILDCARD_NXRRSET
+ found_rrset = domain->second.find(RRType::NSEC());
+ assert(found_rrset != domain->second.end());
+ Name newName = Name("*").concatenate(wild_suffix);
+ return (FindResult(WILDCARD_NXRRSET,
substituteWild(*found_rrset->second,newName)));
+ }
+ } else {
+ // This is empty non terminal name case on wildcard.
+ Name emptyName = Name("*").concatenate(wild_suffix);
+ for (Domains::reverse_iterator it = domains_.rbegin();
+ it != domains_.rend();
+ ++it) {
+ RRsetStore::const_iterator nsec_it;
+ if ((*it).first < emptyName &&
+ (nsec_it = (*it).second.find(RRType::NSEC()))
+ != (*it).second.end()) {
+ return (FindResult(WILDCARD_EMPTY, (*nsec_it).second));
+ }
+ }
}
-
+ return (FindResult(WILDCARD_EMPTY,RRsetPtr()));
}
}
const Name cnamewild_suffix("cnamewild.example.com");
@@ -979,6 +1006,26 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC) {
getCommonRRSIGText("NSEC") + "\n").c_str(),
NULL, mock_finder->getOrigin());
}
+
+TEST_F(QueryTest, wildcardEmptyWithNSEC) {
+ // WILDCARD_EMPTY with DNSSEC proof. We should have SOA, NSEC that proves the
+ // NXDOMAIN and their RRSIGs. In this case we need two NSEC RRs,
+ // one proves NXDOMAIN and the other proves non existence wildcard.
+ Query(memory_client, Name("a.t.example.com"), RRType::A(), response,
+ true).process();
+
+ responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
+ (string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
+ getCommonRRSIGText("SOA") + "\n" +
+ string(nsec_empty_prev_txt) +
+ string("t.example.com. 3600 IN RRSIG ") +
+ getCommonRRSIGText("NSEC")+"\n" +
+ string(nsec_empty_txt) +
+ string("b.*.t.example.com. 3600 IN RRSIG ") +
+ getCommonRRSIGText("NSEC")+"\n").c_str(),
+ NULL, mock_finder->getOrigin());
+}
+
/*
* This tests that when there's no SOA and we need a negative answer. It should
* throw in that case.
diff --git a/src/lib/datasrc/zone.h b/src/lib/datasrc/zone.h
index 9fcd289..f3afb97 100644
--- a/src/lib/datasrc/zone.h
+++ b/src/lib/datasrc/zone.h
@@ -136,7 +136,8 @@ public:
DNAME, ///< The search encounters and returns a DNAME RR
WILDCARD, ///< Succes by wildcard match, for DNSSEC
WILDCARD_CNAME, ///< CNAME on wildcard, search returns CNAME, for DNSSEC
- WILDCARD_NXRRSET ///< NXRRSET on wildcard, for DNSSEC
+ WILDCARD_NXRRSET, ///< NXRRSET on wildcard, for DNSSEC
+ WILDCARD_EMPTY ///< Empty non terminal on wildcard,for DNSSEC
};
/// A helper structure to represent the search result of \c find().
More information about the bind10-changes
mailing list