BIND 10 master, updated. 90f98423f675dec3fc8335f17bbf761662536cce [1586] Tests for NSEC3 name
BIND 10 source code commits
bind10-changes at lists.isc.org
Wed Feb 8 09:58:37 UTC 2012
The branch, master has been updated
via 90f98423f675dec3fc8335f17bbf761662536cce (commit)
from 0ad8fea24b58d05e8c57337c7b77f1b76be12015 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 90f98423f675dec3fc8335f17bbf761662536cce
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Tue Feb 7 13:39:50 2012 +0100
[1586] Tests for NSEC3 name
It should not exist in the real namespace (unless there's something as
well).
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/tests/memory_datasrc_unittest.cc | 53 ++++++++++++++++++++++
1 files changed, 53 insertions(+), 0 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/tests/memory_datasrc_unittest.cc b/src/lib/datasrc/tests/memory_datasrc_unittest.cc
index 944ebbe..c56cc8d 100644
--- a/src/lib/datasrc/tests/memory_datasrc_unittest.cc
+++ b/src/lib/datasrc/tests/memory_datasrc_unittest.cc
@@ -1749,4 +1749,57 @@ TEST_F(InMemoryZoneFinderTest, loadNSEC3Zone) {
// This is an abnormal case, but the implementation accepts it.
zone_finder_.load(TEST_DATA_DIR "/example.org.nsec3-signed-noparam");
}
+
+// This test checks that the NSEC3 names don't really exist in the real
+// namespace.
+TEST_F(InMemoryZoneFinderTest, queryToNSEC3Name) {
+ // Add the NSEC3 and NSEC3PARAM there.
+ EXPECT_EQ(result::SUCCESS,
+ zone_finder_.add(textToRRset("example.org. 300 IN NSEC3PARAM "
+ "1 0 12 aabbccdd")));
+ const Name nsec3domain(string(apex_hash) + ".example.org.");
+ // Adding an NSEC3 that has matching parameters is okay.
+ EXPECT_EQ(result::SUCCESS, zone_finder_.add(
+ textToRRset(string(apex_hash) + ".example.org." +
+ string(nsec3_common))));
+ // Now, the domain should not exist
+ findTest(nsec3domain, RRType::AAAA(), ZoneFinder::NXDOMAIN, false,
+ ConstRRsetPtr(), ZoneFinder::RESULT_NSEC3_SIGNED, &zone_finder_,
+ ZoneFinder::FIND_DNSSEC);
+ // If we add an A record, the domain should exist
+ ConstRRsetPtr rrset(textToRRset(string(apex_hash) +
+ ".example.org. 300 IN A 192.0.2.1"));
+ EXPECT_EQ(result::SUCCESS, zone_finder_.add(rrset));
+ // Searching for a different RRType will tell us this RRset doesn't exist
+ findTest(nsec3domain, RRType::AAAA(), ZoneFinder::NXRRSET, false,
+ ConstRRsetPtr(), ZoneFinder::RESULT_NSEC3_SIGNED, &zone_finder_,
+ ZoneFinder::FIND_DNSSEC);
+ // Searching for the A record would find it
+ findTest(nsec3domain, RRType::A(), ZoneFinder::SUCCESS, true,
+ rrset, ZoneFinder::RESULT_DEFAULT, &zone_finder_,
+ ZoneFinder::FIND_DNSSEC);
+}
+
+// Continuation of the previous test (queryToNSEC3Name), we check we don't break
+// the empty nonterminal case by existence of NSEC3 record with that name.
+TEST_F(InMemoryZoneFinderTest, queryToNSEC3NameNonterminal) {
+ // Add the NSEC3 and NSEC3PARAM there.
+ EXPECT_EQ(result::SUCCESS,
+ zone_finder_.add(textToRRset("example.org. 300 IN NSEC3PARAM "
+ "1 0 12 aabbccdd")));
+ const Name nsec3domain(string(apex_hash) + ".example.org.");
+ // Adding an NSEC3 that has matching parameters is okay.
+ EXPECT_EQ(result::SUCCESS, zone_finder_.add(
+ textToRRset(string(apex_hash) + ".example.org." +
+ string(nsec3_common))));
+ // Something below the name
+ ConstRRsetPtr rrset(textToRRset("below." + string(apex_hash) +
+ ".example.org. 300 IN A 192.0.2.1"));
+ EXPECT_EQ(result::SUCCESS, zone_finder_.add(rrset));
+ // Now, the node is empty non-terminal.
+ findTest(nsec3domain, RRType::AAAA(), ZoneFinder::NXRRSET, false,
+ ConstRRsetPtr(), ZoneFinder::RESULT_NSEC3_SIGNED, &zone_finder_,
+ ZoneFinder::FIND_DNSSEC);
+}
+
}
More information about the bind10-changes
mailing list