BIND 10 master, updated. 862b0e38047101afef0f6d81ba3f0d74c9a51ea5 Merge branch 'master' into trac1308
BIND 10 source code commits
bind10-changes at lists.isc.org
Tue Dec 6 09:16:56 UTC 2011
The branch, master has been updated
via 862b0e38047101afef0f6d81ba3f0d74c9a51ea5 (commit)
via 11885ff9e91c98ff0c4e93d81fc2b3d47a02090d (commit)
via 173de1cea65293e5f7cfb904454ee4fa96c51e1d (commit)
via 6d921ed561b6ef9d26273ca321dfa24622a982b5 (commit)
from cf5e4481b1f1fb00e9897e4cd0527a9a707c4a63 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 862b0e38047101afef0f6d81ba3f0d74c9a51ea5
Merge: 11885ff9e91c98ff0c4e93d81fc2b3d47a02090d cf5e4481b1f1fb00e9897e4cd0527a9a707c4a63
Author: Xie Jiagui <xiejiagui at cnnic.cn>
Date: Tue Dec 6 17:15:01 2011 +0800
Merge branch 'master' into trac1308
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/tests/query_unittest.cc | 79 +++++++++++++++++++++++++++------
1 files changed, 64 insertions(+), 15 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index 43a2077..14067ab 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -109,6 +109,13 @@ const char* const wild_txt_next =
"www.uwild.example.com. 3600 IN A 192.0.2.11\n";
const char* const nsec_wild_txt_next =
"www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG\n";
+// Wildcard empty
+const char* const empty_txt = "b.*.t.example.com. 3600 IN A 192.0.2.13\n";
+const char* const nsec_empty_txt =
+ "b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG\n";
+const char* const empty_prev_txt = "t.example.com. 3600 IN A 192.0.2.15\n";
+const char* const nsec_empty_prev_txt =
+ "t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG\n";
// Used in NXDOMAIN proof test. We are going to test some unusual case where
// the best possible wildcard is below the "next domain" of the NSEC RR that
// proves the NXDOMAIN, i.e.,
@@ -188,8 +195,9 @@ public:
nsec_apex_txt << nsec_mx_txt << nsec_no_txt << nsec_nz_txt <<
nsec_nxdomain_txt << nsec_www_txt << nonsec_a_txt <<
wild_txt << nsec_wild_txt << cnamewild_txt << nsec_cnamewild_txt <<
- wild_txt_nxrrset<<nsec_wild_txt_nxrrset<<wild_txt_next<<
- nsec_wild_txt_next;
+ wild_txt_nxrrset << nsec_wild_txt_nxrrset << wild_txt_next <<
+ nsec_wild_txt_next << empty_txt << nsec_empty_txt <<
+ empty_prev_txt << nsec_empty_prev_txt;
masterLoad(zone_stream, origin_, rrclass_,
boost::bind(&MockZoneFinder::loadRRset, this, _1));
@@ -407,24 +415,45 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// due to the existence of closer name.
if ((options & NO_WILDCARD) == 0) {
const Name wild_suffix(name.split(1));
+ // Unit Tests use those domains for Wildcard test.
if (name.equals(Name("www.wild.example.com"))||
- name.equals(Name("www1.uwild.example.com"))) {
+ name.equals(Name("www1.uwild.example.com"))||
+ name.equals(Name("a.t.example.com"))) {
if (name.compare(wild_suffix).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
domain = domains_.find(Name("*").concatenate(wild_suffix));
- assert(domain != domains_.end());
- RRsetStore::const_iterator found_rrset = domain->second.find(type);
- if (found_rrset != domain->second.end()) {
+ // Matched the QNAME
+ if (domain != domains_.end()) {
+ RRsetStore::const_iterator found_rrset =
+ domain->second.find(type);
+ // Matched the QTYPE
+ if(found_rrset != domain->second.end()) {
return (FindResult(WILDCARD,
substituteWild(*found_rrset->second, name)));
- } else {
- found_rrset = domain->second.find(RRType::NSEC());
- assert(found_rrset != domain->second.end());
- Name newName = Name("*").concatenate(wild_suffix);
- return (FindResult(WILDCARD_NXRRSET,
+ } else {
+ // No matched QTYPE, this case is for WILDCARD_NXRRSET
+ found_rrset = domain->second.find(RRType::NSEC());
+ assert(found_rrset != domain->second.end());
+ Name newName = Name("*").concatenate(wild_suffix);
+ return (FindResult(WILDCARD_NXRRSET,
substituteWild(*found_rrset->second,newName)));
+ }
+ } else {
+ // This is empty non terminal name case on wildcard.
+ Name emptyName = Name("*").concatenate(wild_suffix);
+ for (Domains::reverse_iterator it = domains_.rbegin();
+ it != domains_.rend();
+ ++it) {
+ RRsetStore::const_iterator nsec_it;
+ if ((*it).first < emptyName &&
+ (nsec_it = (*it).second.find(RRType::NSEC()))
+ != (*it).second.end()) {
+ return (FindResult(WILDCARD_NXRRSET,
+ (*nsec_it).second));
+ }
+ }
}
-
+ return (FindResult(WILDCARD_NXRRSET,RRsetPtr()));
}
}
const Name cnamewild_suffix("cnamewild.example.com");
@@ -955,7 +984,7 @@ TEST_F(QueryTest, wildcardNxrrsetWithDuplicateNSEC) {
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
- string(nsec_wild_txt) +
+ string(nsec_wild_txt) +
string("*.wild.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")+"\n").c_str(),
NULL, mock_finder->getOrigin());
@@ -967,11 +996,11 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC) {
// one proves NXDOMAIN and the other proves non existence RRSETs of wildcard.
Query(memory_client, Name("www1.uwild.example.com"), RRType::TXT(), response,
true).process();
-
+
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
- string(nsec_wild_txt_nxrrset) +
+ string(nsec_wild_txt_nxrrset) +
string("*.uwild.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")+"\n" +
string(nsec_wild_txt_next) +
@@ -979,6 +1008,26 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC) {
getCommonRRSIGText("NSEC") + "\n").c_str(),
NULL, mock_finder->getOrigin());
}
+
+TEST_F(QueryTest, wildcardEmptyWithNSEC) {
+ // WILDCARD_EMPTY with DNSSEC proof. We should have SOA, NSEC that proves the
+ // NXDOMAIN and their RRSIGs. In this case we need two NSEC RRs,
+ // one proves NXDOMAIN and the other proves non existence wildcard.
+ Query(memory_client, Name("a.t.example.com"), RRType::A(), response,
+ true).process();
+
+ responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
+ (string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
+ getCommonRRSIGText("SOA") + "\n" +
+ string(nsec_empty_prev_txt) +
+ string("t.example.com. 3600 IN RRSIG ") +
+ getCommonRRSIGText("NSEC")+"\n" +
+ string(nsec_empty_txt) +
+ string("b.*.t.example.com. 3600 IN RRSIG ") +
+ getCommonRRSIGText("NSEC")+"\n").c_str(),
+ NULL, mock_finder->getOrigin());
+}
+
/*
* This tests that when there's no SOA and we need a negative answer. It should
* throw in that case.
More information about the bind10-changes
mailing list