BIND 10 trac1177, updated. cb4d8443645a5c3e973b4e2477198686d8d8c507 [1177] Empty non-terminal case
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Sep 9 12:20:16 UTC 2011
The branch, trac1177 has been updated
via cb4d8443645a5c3e973b4e2477198686d8d8c507 (commit)
from f847a5e079ceae0346b84fb320ed06ce9b443a63 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit cb4d8443645a5c3e973b4e2477198686d8d8c507
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Fri Sep 9 14:19:41 2011 +0200
[1177] Empty non-terminal case
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/database.cc | 51 ++++++++++++++++------------
src/lib/datasrc/tests/database_unittest.cc | 40 +++++++++++++++++++++-
2 files changed, 68 insertions(+), 23 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 9ff455f..17abd46 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -318,6 +318,7 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
bool records_found = false;
bool glue_ok(options & FIND_GLUE_OK);
bool dnssec_data(options & FIND_DNSSEC);
+ bool get_cover(false);
isc::dns::RRsetPtr result_rrset;
ZoneFinder::Result result_status = SUCCESS;
FoundRRsets found;
@@ -430,6 +431,7 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
DATASRC_DATABASE_FOUND_EMPTY_NONTERMINAL).
arg(accessor_->getDBName()).arg(name);
records_found = true;
+ get_cover = dnssec_data;
} else {
// It's not empty non-terminal. So check for wildcards.
// We remove labels one by one and look for the wildcard there.
@@ -521,6 +523,7 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
} else if (hasSubdomains(wildcard.toText())) {
// Empty non-terminal asterisk
records_found = true;
+ get_cover = dnssec_data;
LOG_DEBUG(logger, DBG_TRACE_DETAILED,
DATASRC_DATABASE_WILDCARD_EMPTY).
arg(accessor_->getDBName()).arg(wildcard).
@@ -531,28 +534,7 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
// This is the NXDOMAIN case (nothing found anywhere). If
// they wand DNSSEC data, try getting the NSEC record
if (dnssec_data && !records_found) {
- try {
- // Which one should contain the NSEC record?
- const Name coverName(findPreviousName(name));
- // Get the record and copy it out
- found = getRRsets(coverName, nsec_types, true);
- const FoundIterator
- nci(found.second.find(RRType::NSEC()));
- if (nci != found.second.end()) {
- result_status = NXDOMAIN;
- result_rrset = nci->second;
- } else {
- // The previous doesn't contain NSEC, bug?
- isc_throw(DataSourceError, "No NSEC in " +
- coverName.toText() + ", but it was "
- "returned as previous - "
- "accessor error?");
- }
- }
- catch (const isc::NotImplemented&) {
- // Well, they want DNSSEC, but there is no available.
- // So we don't provide anything.
- }
+ get_cover = true;
}
}
} else if (dnssec_data) {
@@ -569,6 +551,31 @@ DatabaseClient::Finder::find(const isc::dns::Name& name,
if (!result_rrset) {
if (result_status == SUCCESS) {
+ // Should we look for NSEC covering the name?
+ if (get_cover) {
+ try {
+ // Which one should contain the NSEC record?
+ const Name coverName(findPreviousName(name));
+ // Get the record and copy it out
+ found = getRRsets(coverName, nsec_types, true);
+ const FoundIterator
+ nci(found.second.find(RRType::NSEC()));
+ if (nci != found.second.end()) {
+ result_status = NXDOMAIN;
+ result_rrset = nci->second;
+ } else {
+ // The previous doesn't contain NSEC, bug?
+ isc_throw(DataSourceError, "No NSEC in " +
+ coverName.toText() + ", but it was "
+ "returned as previous - "
+ "accessor error?");
+ }
+ }
+ catch (const isc::NotImplemented&) {
+ // Well, they want DNSSEC, but there is no available.
+ // So we don't provide anything.
+ }
+ }
// Something is not here and we didn't decide yet what
if (records_found) {
logger.debug(DBG_TRACE_DETAILED,
diff --git a/src/lib/datasrc/tests/database_unittest.cc b/src/lib/datasrc/tests/database_unittest.cc
index 6cb2ae4..35827f5 100644
--- a/src/lib/datasrc/tests/database_unittest.cc
+++ b/src/lib/datasrc/tests/database_unittest.cc
@@ -173,6 +173,9 @@ const char* const TEST_RECORDS[][5] = {
{"wild.*.foo.*.bar.example.org.", "A", "3600", "", "192.0.2.5"},
// For finding previous, this one is the last one in the zone
{"zzz.example.org.", "NSEC", "3600", "", "example.org NSEC"},
+ // For NSEC empty non-terminal
+ {"l.example.org.", "NSEC", "3600", "", "empty.nonterminal.example.org. NSEC"},
+ {"empty.nonterminal.example.org.", "A", "3600", "", "192.0.2.1"},
{NULL, NULL, NULL, NULL, NULL},
};
@@ -549,10 +552,13 @@ public:
} else if (id == 42) {
if (rname == "org.example.") {
return ("zzz.example.org.");
+ } else if (rname == "org.example.nonterminal.") {
+ return ("l.example.org.");
} else if (rname == "org.example.www2." ||
rname == "org.example.www1.") {
return ("www.example.org.");
- } else if (rname == "org.example.notimplnsec.") {
+ } else if (rname == "org.example.notimplnsec." ||
+ rname == "org.example.wild.here.") {
isc_throw(isc::NotImplemented, "Not implemented in this test");
} else {
isc_throw(isc::Unexpected, "Unexpected name");
@@ -1645,6 +1651,38 @@ TYPED_TEST(DatabaseClientTest, NXDOMAIN_NSEC) {
Name::ROOT_NAME(), ZoneFinder::FIND_DNSSEC));
}
+TYPED_TEST(DatabaseClientTest, emptyNonterminalNSEC) {
+ // Same as NXDOMAIN_NSEC, but with empty non-terminal
+ //
+ // FIXME: Is the nonexistence of this node really the correct proof
+ // we need?
+ shared_ptr<DatabaseClient::Finder> finder(this->getFinder());
+
+ this->expected_rdatas_.push_back("empty.nonterminal.example.org. NSEC");
+ doFindTest(*finder, isc::dns::Name("nonterminal.example.org."),
+ isc::dns::RRType::TXT(), isc::dns::RRType::NSEC(),
+ isc::dns::RRTTL(3600),
+ ZoneFinder::NXRRSET, // FIXME: Do we want to have specific code?
+ this->expected_rdatas_, this->expected_sig_rdatas_,
+ Name("l.example.org."), ZoneFinder::FIND_DNSSEC);
+
+ // Check that if the DB doesn't support it, the exception from there
+ // is not propagated and it only does not include the NSEC
+ if (!this->is_mock_) {
+ return; // We don't make the real DB to throw
+ }
+ this->expected_rdatas_.clear();
+ this->expected_sig_rdatas_.clear();
+ EXPECT_NO_THROW(doFindTest(*finder,
+ isc::dns::Name("here.wild.example.org."),
+ isc::dns::RRType::TXT(),
+ isc::dns::RRType::NSEC(),
+ isc::dns::RRTTL(3600), ZoneFinder::NXRRSET,
+ this->expected_rdatas_,
+ this->expected_sig_rdatas_,
+ Name::ROOT_NAME(), ZoneFinder::FIND_DNSSEC));
+}
+
TYPED_TEST(DatabaseClientTest, getOrigin) {
DataSourceClient::FindResult
zone(this->client_->findZone(Name("example.org")));
More information about the bind10-changes
mailing list