BIND 10 trac1688, updated. 6f8e187c1bc8671be1e6da370f192d58eda3995c [1688] re-enabled lettuce tests that failed due to missing dup suppression.
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Mar 22 07:14:21 UTC 2012
The branch, trac1688 has been updated
via 6f8e187c1bc8671be1e6da370f192d58eda3995c (commit)
via e70bd3ba8f491df4570c137a9d7561557b9f1574 (commit)
via a6d9e2bc94cb26c34521f3f793da354fa2cb1f9b (commit)
via 4ad96ab57e9fbe8ce9c0bb4032f4c731d41d2371 (commit)
via 847525d5ac7902c5eb90a5ecdaedf34ae3e73366 (commit)
via fd5a4de5485f23e9044965f7082b0078f4330113 (commit)
via 826ac1a139f2c14e94d4b3477950daa02efc98ea (commit)
via c0f704fc0969565af020e1b51db5aaac63d68d52 (commit)
from b09579f0af1644cd441ceca5deb2b6e1c40119bc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 6f8e187c1bc8671be1e6da370f192d58eda3995c
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 23:54:04 2012 -0700
[1688] re-enabled lettuce tests that failed due to missing dup suppression.
note: there's an error in the test description itself. In "7.2.2 other",
the result should be NOERROR, not NXDOMAIN, because it should match
*.w.example (BIND 9 indeed returns NOERROR, for that matter). I fixed
this, then all tests passed.
commit e70bd3ba8f491df4570c137a9d7561557b9f1574
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 23:41:09 2012 -0700
[1688] removed redundant duplicate check for NSECs.
commit a6d9e2bc94cb26c34521f3f793da354fa2cb1f9b
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 23:33:23 2012 -0700
[1688] use BOOST_FOREACH instead of dedicated for loops.
this could be slightly more efficient because it avoids redundant calls
to vector::end(). In my experiments I actually didn't see much difference,
but it doesn't harm anyway.
commit 4ad96ab57e9fbe8ce9c0bb4032f4c731d41d2371
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 21:45:00 2012 -0700
[1688] suggested reorg: merge response building to the inserter class.
that way we don't have to expose mutable member variables of `Query`.
now the responsibility of the "inserter" is enlarged, also renamed it
to represent the new job more appropriately.
commit 847525d5ac7902c5eb90a5ecdaedf34ae3e73366
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 21:40:19 2012 -0700
[1688] additional test case of duplicate in the same section.
the implementation already correctly handles this, so no need to update it.
commit fd5a4de5485f23e9044965f7082b0078f4330113
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 21:06:52 2012 -0700
[1688] suggested cleanup: use vector::insert instead of copy().
also avoid referring to an invalid range of iterator with operator+; use
end() instead (although the original code was probably safe at least in
practice).
commit 826ac1a139f2c14e94d4b3477950daa02efc98ea
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 14:44:32 2012 -0700
[1688] some more trivial cleanups: long line, comment wording, simplification.
commit c0f704fc0969565af020e1b51db5aaac63d68d52
Author: JINMEI Tatuya <jinmei at isc.org>
Date: Wed Mar 21 13:58:50 2012 -0700
[1688] editorial fixes/cleanups: folded long line, naming convention, constify.
also removed "addRRset" utility from rbnode_rrset_unittest, which seems to
be a leftover from an intermediate version (and isn't used anyway)
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/query.cc | 88 ++++++-------
src/bin/auth/query.h | 169 +++++++++++++-----------
src/bin/auth/tests/query_unittest.cc | 73 ++++-------
src/lib/datasrc/tests/rbnode_rrset_unittest.cc | 12 --
tests/lettuce/features/nsec3_auth.feature | 72 +++++------
5 files changed, 188 insertions(+), 226 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/query.cc b/src/bin/auth/query.cc
index a6a6662..6b8be0f 100644
--- a/src/bin/auth/query.cc
+++ b/src/bin/auth/query.cc
@@ -54,14 +54,14 @@ namespace isc {
namespace auth {
void
-Query::RRsetInserter::addRRset(isc::dns::Message& message,
- const isc::dns::Message::Section section,
- const ConstRRsetPtr& rrset, const bool dnssec)
+Query::ResponseCreator::addRRset(isc::dns::Message& message,
+ const isc::dns::Message::Section section,
+ const ConstRRsetPtr& rrset, const bool dnssec)
{
/// Is this RRset already in the list of RRsets added to the message?
- std::vector<const AbstractRRset*>::iterator i =
+ const std::vector<const AbstractRRset*>::const_iterator i =
std::find_if(added_.begin(), added_.end(),
- std::bind1st(Query::RRsetInserter::isSameKind(),
+ std::bind1st(Query::ResponseCreator::IsSameKind(),
rrset.get()));
if (i == added_.end()) {
// No - add it to both the message and the list of RRsets processed.
@@ -73,6 +73,32 @@ Query::RRsetInserter::addRRset(isc::dns::Message& message,
}
}
+void
+Query::ResponseCreator::create(Message& response,
+ const vector<ConstRRsetPtr>& answers,
+ const vector<ConstRRsetPtr>& authorities,
+ const vector<ConstRRsetPtr> additionals,
+ const bool dnssec)
+{
+ // Inserter should be reset each time the query is reset, so should be
+ // empty at this point.
+ assert(added_.empty());
+
+ // Add the RRsets to the message. The order of sections is important,
+ // as the ResponseCreator remembers RRsets added and will not add
+ // duplicates. Adding in the order answer, authory, additional will
+ // guarantee that if there are duplicates, the single RRset added will
+ // appear in the most important section.
+ BOOST_FOREACH(const ConstRRsetPtr& rrset, answers) {
+ addRRset(response, Message::SECTION_ANSWER, rrset, dnssec);
+ }
+ BOOST_FOREACH(const ConstRRsetPtr& rrset, authorities) {
+ addRRset(response, Message::SECTION_AUTHORITY, rrset, dnssec);
+ }
+ BOOST_FOREACH(const ConstRRsetPtr& rrset, additionals) {
+ addRRset(response, Message::SECTION_ADDITIONAL, rrset, dnssec);
+ }
+}
void
Query::addSOA(ZoneFinder& finder) {
@@ -132,14 +158,10 @@ Query::addNXDOMAINProofByNSEC(ZoneFinder& finder, ConstRRsetPtr nsec) {
isc_throw(BadNSEC, "Unexpected result for wildcard NXDOMAIN proof");
}
- // Add the (no-) wildcard proof only when it's different from the NSEC
- // that proves NXDOMAIN; sometimes they can be the same.
- // Note: name comparison is relatively expensive. When we are at the
- // stage of performance optimization, we should consider optimizing this
- // for some optimized data source implementations.
- if (nsec->getName() != fcontext->rrset->getName()) {
- authorities_.push_back(fcontext->rrset);
- }
+ // Add the (no-) wildcard proof. This can be the same NSEC we already
+ // added, but we'd add it here anyway; duplicate checks will take place
+ // later in a unified manner.
+ authorities_.push_back(fcontext->rrset);
}
uint8_t
@@ -239,11 +261,8 @@ Query::addWildcardNXRRSETProof(ZoneFinder& finder, ConstRRsetPtr nsec) {
fcontext->rrset->getRdataCount() == 0) {
isc_throw(BadNSEC, "Unexpected result for no match QNAME proof");
}
-
- if (nsec->getName() != fcontext->rrset->getName()) {
- // one NSEC RR proves wildcard_nxrrset that no matched QNAME.
- authorities_.push_back(fcontext->rrset);
- }
+
+ authorities_.push_back(fcontext->rrset);
}
void
@@ -512,7 +531,8 @@ Query::process(datasrc::DataSourceClient& datasrc_client,
break;
}
- createResponse();
+ response_creator_.create(*response_, answers_, authorities_, additionals_,
+ dnssec_);
}
void
@@ -530,31 +550,6 @@ Query::initialize(datasrc::DataSourceClient& datasrc_client,
}
void
-Query::createResponse() {
- // Inserter should be reset each time the query is reset, so should be
- // empty at this point.
- assert(inserter_.empty());
-
- // Add the RRsets to the message. The order of sections is important,
- // as the RRsetInserter remembers RRsets added and will not add
- // duplicates. Adding in the order answer, authory, additional will
- // guarantee that if there are duplicates, the single RRset added will
- // appear in the most important section.
- std::vector<isc::dns::ConstRRsetPtr>::const_iterator i;
- for (i = answers_.begin(); i != answers_.end(); ++i) {
- inserter_.addRRset(*response_, Message::SECTION_ANSWER, *i, dnssec_);
- }
-
- for (i = authorities_.begin(); i != authorities_.end(); ++i) {
- inserter_.addRRset(*response_, Message::SECTION_AUTHORITY, *i, dnssec_);
- }
-
- for (i = additionals_.begin(); i != additionals_.end(); ++i) {
- inserter_.addRRset(*response_, Message::SECTION_ADDITIONAL, *i, dnssec_);
- }
-}
-
-void
Query::reset() {
datasrc_client_ = NULL;
qname_ = NULL;
@@ -563,7 +558,7 @@ Query::reset() {
answers_.clear();
authorities_.clear();
additionals_.clear();
- inserter_.clear();
+ response_creator_.clear();
}
bool
@@ -595,7 +590,8 @@ Query::processDSAtChild() {
}
}
- createResponse();
+ response_creator_.create(*response_, answers_, authorities_, additionals_,
+ dnssec_);
return (true);
}
diff --git a/src/bin/auth/query.h b/src/bin/auth/query.h
index 44092d0..5ce9ad3 100644
--- a/src/bin/auth/query.h
+++ b/src/bin/auth/query.h
@@ -20,6 +20,7 @@
#include <boost/noncopyable.hpp>
+#include <functional>
#include <vector>
namespace isc {
@@ -256,70 +257,6 @@ private:
/// Called by the QueryCleaner object upon its destruction
void reset();
- /// \brief Inserter Class
- ///
- /// Used during the construction of the response message, this performs
- /// the duplicate RRset detection check. It keeps a list of RRsets added
- /// to the message and does not add an RRset if it is the same as one
- /// already added.
- class RRsetInserter {
- public:
- // \brief RRset comparison functor.
- struct isSameKind : public std::binary_function<
- const isc::dns::AbstractRRset*,
- const isc::dns::AbstractRRset*,
- bool> {
- bool operator()(const isc::dns::AbstractRRset* r1,
- const isc::dns::AbstractRRset* r2) const {
- return (r1->isSameKind(*r2));
- }
- };
-
- /// \brief Constructor
- ///
- /// Reserves space for the list of RRsets. Although the RRInserter
- /// will be used to create a message from the contents of the Query
- /// object's answers_, authorities_ and additionals_ elements, and
- /// each of these are sized to RESERVE_RRSETS, it is _extremely_
- /// unlikely that all three will be filled to capacity. So we reserve
- /// more elements than in each of these components, but not three
- /// times the amount.
- ///
- /// As with the answers_, authorities_ and additionals_ elements, the
- /// reservation is made in the constructor to avoid dynamic allocation
- /// of memory. The RRsetInserter is a member variable of the Query
- /// object so is constructed once and lasts as long as that object.
- /// Internal state is cleared through the clear() method.
- RRsetInserter() {
- added_.reserve(2 * RESERVE_RRSETS);
- }
-
- /// \brief Reset internal state
- void clear() {
- added_.clear();
- }
-
- /// \brief Return true if empty
- bool empty() const {
- return (added_.empty());
- }
-
- /// Insertion operation
- ///
- /// \param message Message to which the RRset is to be added
- /// \param section Section of the message in which the RRset is put
- /// \param rrset Pointer to RRset to be added to the message
- /// \param dnssec Whether RRSIG records should be added as well
- void addRRset(isc::dns::Message& message,
- const isc::dns::Message::Section section,
- const isc::dns::ConstRRsetPtr& rrset, const bool dnssec);
-
- private:
- /// List of RRsets already added to the message
- std::vector<const isc::dns::AbstractRRset*> added_;
- };
-
-
/// \brief Internal class used for cleanup of Query members
///
/// The process() call creates an object of this class, which
@@ -337,18 +274,6 @@ protected:
// Following methods declared protected so they can be accessed
// by unit tests.
- /// \brief Fill in the response sections
- ///
- /// This is the final step of the process() method, and within
- /// that method, it should be called before it returns (if any
- /// response data is to be added)
- ///
- /// This will take each RRset collected in answers_, authorities_, and
- /// additionals_, and add them to their corresponding sections in
- /// the response message. The RRsets are filtered such that a
- /// particular RRset appears only once in the message.
- ///
- /// After they are added, the vectors are cleared.
void createResponse();
public:
@@ -471,21 +396,105 @@ public:
{}
};
+ /// \brief Response Creator Class
+ ///
+ /// This is a helper class of Query, and is expected to be used during the
+ /// construction of the response message. This class performs the
+ /// duplicate RRset detection check. It keeps a list of RRsets added
+ /// to the message and does not add an RRset if it is the same as one
+ /// already added.
+ ///
+ /// This class is essentially private to Query, but is visible to public
+ /// for testing purposes. It's not expected to be used from a normal
+ /// application.
+ class ResponseCreator {
+ public:
+ /// \brief Constructor
+ ///
+ /// Reserves space for the list of RRsets. Although the
+ /// ResponseCreator will be used to create a message from the
+ /// contents of the Query object's answers_, authorities_ and
+ /// additionals_ elements, and each of these are sized to
+ /// RESERVE_RRSETS, it is _extremely_ unlikely that all three will be
+ /// filled to capacity. So we reserve more elements than in each of
+ /// these components, but not three times the amount.
+ ///
+ /// As with the answers_, authorities_ and additionals_ elements, the
+ /// reservation is made in the constructor to avoid dynamic allocation
+ /// of memory. The ResponseCreator is a member variable of the Query
+ /// object so is constructed once and lasts as long as that object.
+ /// Internal state is cleared through the clear() method.
+ ResponseCreator() {
+ added_.reserve(2 * RESERVE_RRSETS);
+ }
+
+ /// \brief Reset internal state
+ void clear() {
+ added_.clear();
+ }
+
+ /// \brief Complete the response message with filling in the
+ /// response sections.
+ ///
+ /// This is the final step of the Query::process() method, and within
+ /// that method, it should be called before it returns (if any
+ /// response data is to be added)
+ ///
+ /// This will take a message to build and each RRsets for the answer,
+ /// authority, and additional sections, and add them to their
+ /// corresponding sections in the given message. The RRsets are
+ /// filtered such that a particular RRset appears only once in the
+ /// message.
+ ///
+ /// If \c dnssec is true, it tells the message to include any RRSIGs
+ /// attached to the RRsets.
+ void create(
+ isc::dns::Message& message,
+ const std::vector<isc::dns::ConstRRsetPtr>& answers_,
+ const std::vector<isc::dns::ConstRRsetPtr>& authorities_,
+ const std::vector<isc::dns::ConstRRsetPtr> additionals_,
+ const bool dnssec);
+
+ private:
+ // \brief RRset comparison functor.
+ struct IsSameKind : public std::binary_function<
+ const isc::dns::AbstractRRset*,
+ const isc::dns::AbstractRRset*,
+ bool> {
+ bool operator()(const isc::dns::AbstractRRset* r1,
+ const isc::dns::AbstractRRset* r2) const {
+ return (r1->isSameKind(*r2));
+ }
+ };
+
+ /// Insertion operation
+ ///
+ /// \param message Message to which the RRset is to be added
+ /// \param section Section of the message in which the RRset is put
+ /// \param rrset Pointer to RRset to be added to the message
+ /// \param dnssec Whether RRSIG records should be added as well
+ void addRRset(isc::dns::Message& message,
+ const isc::dns::Message::Section section,
+ const isc::dns::ConstRRsetPtr& rrset, const bool dnssec);
+
+
+ private:
+ /// List of RRsets already added to the message
+ std::vector<const isc::dns::AbstractRRset*> added_;
+ };
+
private:
const isc::datasrc::DataSourceClient* datasrc_client_;
const isc::dns::Name* qname_;
const isc::dns::RRType* qtype_;
bool dnssec_;
isc::datasrc::ZoneFinder::FindOptions dnssec_opt_;
+ ResponseCreator response_creator_;
-protected:
- // Following members declared protected to allow them to be accessed
- // by unit tests.
isc::dns::Message* response_;
std::vector<isc::dns::ConstRRsetPtr> answers_;
std::vector<isc::dns::ConstRRsetPtr> authorities_;
std::vector<isc::dns::ConstRRsetPtr> additionals_;
- RRsetInserter inserter_;
};
}
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index e408543..fea9cd0 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -2369,37 +2369,6 @@ TEST_F(QueryTest, emptyNameWithNSEC3) {
EXPECT_FALSE(result->isWildcard());
}
-// Class to allow checking of duplication removal in messages resulting from.
-// the query. This class allows the setting of the answers, authorities and
-// additionals vector in the Query class, as well as the ability to call the
-// createResponse() method.
-
-class DuplicateQuery : public isc::auth::Query {
-public:
- // \brief Constructor
- //
- // Fill in the parts of Query that we test in the DuplicateRemoval test.
- DuplicateQuery(isc::dns::Message* message,
- const vector<RRsetPtr>& answers,
- const vector<RRsetPtr>& authorities,
- const vector<RRsetPtr>& additionals) : Query() {
- response_ = message;
- copy(answers.begin(), answers.end(),
- back_inserter(answers_));
- copy(authorities.begin(), authorities.end(),
- back_inserter(authorities_));
- copy(additionals.begin(), additionals.end(),
- back_inserter(additionals_));
- }
-
- // \brief Create Response
- //
- // Public interface to the (protected) Query::createResponse() method.
- void produceResponse() {
- createResponse();
- }
-};
-
// Vector of RRsets used for the test. Having this external to functions and
// classes used for the testing simplifies the code.
std::vector<RRsetPtr> rrset_vector;
@@ -2430,7 +2399,8 @@ loadRRsetVector() {
<< cname_nxdom_txt // 7(1)
<< cname_out_txt; // 8(1)
rrset_vector.clear();
- masterLoad(ss, Name("example.com."), RRClass::IN(), loadRRsetVectorCallback);
+ masterLoad(ss, Name("example.com."), RRClass::IN(),
+ loadRRsetVectorCallback);
}
TEST_F(QueryTest, DuplicateNameRemoval) {
@@ -2439,13 +2409,14 @@ TEST_F(QueryTest, DuplicateNameRemoval) {
loadRRsetVector();
EXPECT_EQ(9, rrset_vector.size());
- // Create an answer, authority and authority vector with some overlapping
+ // Create an answer, authority and additional vector with some overlapping
// entries. The following indicate which elements from rrset_vector
// go into each section vector. (The values have been separated to show
// the overlap.)
//
// answer = 0 1 2 3
- // authority = 2 3 4 5 6 7
+ // authority = 2 3 4 5 6 7...
+ // ...5 (duplicate in the same section)
// additional = 0 3 7 8
//
// If the duplicate removal works, we should end up with the following in
@@ -2472,20 +2443,21 @@ TEST_F(QueryTest, DuplicateNameRemoval) {
(sizeof(expected_section) / sizeof(Message::Section)));
// Create the vectors of RRsets (with the RRsets in a semi-random order).
- std::vector<RRsetPtr> answer;
- copy(rrset_vector.begin() + 2, rrset_vector.begin() + 4,
- back_inserter(answer));
- copy(rrset_vector.begin() + 0, rrset_vector.begin() + 2,
- back_inserter(answer));
-
- std::vector<RRsetPtr> authority;
- copy(rrset_vector.begin() + 3, rrset_vector.begin() + 8,
- back_inserter(authority));
+ std::vector<ConstRRsetPtr> answer;
+ answer.insert(answer.end(), rrset_vector.begin() + 2,
+ rrset_vector.begin() + 4);
+ answer.insert(answer.end(), rrset_vector.begin() + 0,
+ rrset_vector.begin() + 2);
+
+ std::vector<ConstRRsetPtr> authority;
+ authority.insert(authority.end(), rrset_vector.begin() + 3,
+ rrset_vector.begin() + 8);
authority.push_back(rrset_vector[2]);
+ authority.push_back(rrset_vector[5]);
- std::vector<RRsetPtr> additional;
- copy(rrset_vector.begin() + 7, rrset_vector.begin() + 9,
- back_inserter(additional));
+ std::vector<ConstRRsetPtr> additional;
+ additional.insert(additional.end(), rrset_vector.begin() + 7,
+ rrset_vector.end());
additional.push_back(rrset_vector[3]);
additional.push_back(rrset_vector[0]);
@@ -2496,8 +2468,8 @@ TEST_F(QueryTest, DuplicateNameRemoval) {
EXPECT_EQ(0, message.getRRCount(Message::SECTION_ADDITIONAL));
// ... and fill it.
- DuplicateQuery query(&message, answer, authority, additional);
- query.produceResponse();
+ Query::ResponseCreator().create(message, answer, authority, additional,
+ false);
// Check counts in each section. Note that these are RR counts,
// not RRset counts.
@@ -2522,10 +2494,11 @@ TEST_F(QueryTest, DuplicateNameRemoval) {
// message will only refer to the loop indexes).
stringstream ss;
ss << "section " << section << ", name "
- << rrset_vector[vecindex]->getName().toText();
+ << rrset_vector[vecindex]->getName();
SCOPED_TRACE(ss.str());
- // Check RRset is in the right section and not in the wrong section.
+ // Check RRset is in the right section and not in the wrong
+ // section.
if (sections[section] == expected_section[vecindex]) {
EXPECT_TRUE(message.hasRRset(sections[section],
rrset_vector[vecindex]));
diff --git a/src/lib/datasrc/tests/rbnode_rrset_unittest.cc b/src/lib/datasrc/tests/rbnode_rrset_unittest.cc
index d6fa32e..0fb82bc 100644
--- a/src/lib/datasrc/tests/rbnode_rrset_unittest.cc
+++ b/src/lib/datasrc/tests/rbnode_rrset_unittest.cc
@@ -157,18 +157,6 @@ TEST_F(RBNodeRRsetTest, isSameKind) {
EXPECT_FALSE(rrset_p.isSameKind(rrset_z));
}
-
-// Utility function to create an add an RRset to a vector of RRsets for the
-// "less" test. It's only purpose is to allow the RRset creation to be
-// written with arguments in an order that reflects the RRset ordering.
-void
-addRRset(std::vector<ConstRRsetPtr>& vec, const RRType& rrtype,
- const RRClass& rrclass, const char* rrname)
-{
- vec.push_back(ConstRRsetPtr(new RRset(Name(rrname), rrclass, rrtype,
- RRTTL(3600))));
-}
-
// Note: although the next two tests are essentially the same and used common
// test code, they use different test data: the MessageRenderer produces
// compressed wire data whereas the OutputBuffer does not.
diff --git a/tests/lettuce/features/nsec3_auth.feature b/tests/lettuce/features/nsec3_auth.feature
index ceb9a7f..0fbf219 100644
--- a/tests/lettuce/features/nsec3_auth.feature
+++ b/tests/lettuce/features/nsec3_auth.feature
@@ -160,45 +160,41 @@ Feature: NSEC3 Authoritative service
# Below are additional tests, not explicitely stated in RFC5155
#
- # THIS TEST CURRENTLY FAILS: An NSEC3 record is added twice
- # See ticket #1688
- #Scenario: 7.2.2 other; Name Error where one NSEC3 covers multiple parts of proof (closest encloser)
- # Given I have bind10 running with configuration nsec3/nsec3_auth.config
- # A dnssec query for b.x.w.example. should have rcode NXDOMAIN
- # The last query response should have flags qr aa rd
- # The last query response should have edns_flags do
- # The last query response should have ancount 0
- # The last query response should have nscount 6
- # The last query response should have adcount 1
- # The authority section of the last query response should be
- # """
- # example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
- # example. 3600 IN RRSIG SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
- # b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 1 12 aabbccdd gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG
- # b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh5u4m/CUiwtblEVOaAKKZ d7S959OeiX43aLX3pOv0TSTyiTxIZg==
- # 35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 1 12 aabbccdd b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG
- # 35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
- # """
+ Scenario: 7.2.2 other; Name Error where one NSEC3 covers multiple parts of proof (closest encloser)
+ Given I have bind10 running with configuration nsec3/nsec3_auth.config
+ A dnssec query for b.x.w.example. should have rcode NXDOMAIN
+ The last query response should have flags qr aa rd
+ The last query response should have edns_flags do
+ The last query response should have ancount 0
+ The last query response should have nscount 6
+ The last query response should have adcount 1
+ The authority section of the last query response should be
+ """
+ example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
+ example. 3600 IN RRSIG SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
+ b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN NSEC3 1 1 12 aabbccdd gjeqe526plbf1g8mklp59enfd789njgi MX RRSIG
+ b4um86eghhds6nea196smvmlo4ors995.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. ZkPG3M32lmoHM6pa3D6gZFGB/rhL//Bs3Omh5u4m/CUiwtblEVOaAKKZ d7S959OeiX43aLX3pOv0TSTyiTxIZg==
+ 35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN NSEC3 1 1 12 aabbccdd b4um86eghhds6nea196smvmlo4ors995 NS DS RRSIG
+ 35mthgpgcu1qg68fab165klnsnk3dpvl.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. g6jPUUpduAJKRljUsN8gB4UagAX0NxY9shwQAynzo8EUWH+z6hEIBlUT PGj15eZll6VhQqgZXtAIR3chwgW+SA==
+ """
- # THIS TEST CURRENTLY FAILS: An NSEC3 record is added twice
- # See ticket #1688
- #Scenario: 7.2.2 other; Name Error where one NSEC3 covers multiple parts of proof (wildcard)
- # Given I have bind10 running with configuration nsec3/nsec3_auth.config
- # A dnssec query for a.w.example. should have rcode NXDOMAIN
- # The last query response should have flags qr aa rd
- # The last query response should have edns_flags do
- # The last query response should have ancount 0
- # The last query response should have nscount 6
- # The last query response should have adcount 1
- # The authority section of the last query response should be
- # """
- # example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
- # example. 3600 IN RRSIG SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
- # k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 1 12 AABBCCDD KOHAR7MBB8DC2CE8A9QVL8HON4K53UHI
- # k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBKS6qCcftVtfH4yVzsEZqu J27NHR7ruxJWDNMtOtx7w9WfcIg62A==
- # r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 1 12 AABBCCDD T644EBQK9BIBCNA874GIVR6JOJ62MLHV MX RRSIG
- # r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/CZFKulIGXXLj8B/fsDJar XVDA9bnUoRhEbKp+HF1FWKW7RIJdtQ==
- # """
+ Scenario: 7.2.2 other; Name Error where one NSEC3 covers multiple parts of proof (wildcard)
+ Given I have bind10 running with configuration nsec3/nsec3_auth.config
+ A dnssec query for a.w.example. should have rcode NOERROR
+ The last query response should have flags qr aa rd
+ The last query response should have edns_flags do
+ The last query response should have ancount 0
+ The last query response should have nscount 6
+ The last query response should have adcount 1
+ The authority section of the last query response should be
+ """
+ example. 3600 IN SOA ns1.example. bugs.x.w.example. 1 3600 300 3600000 3600
+ example. 3600 IN RRSIG SOA 7 1 3600 20150420235959 20051021000000 40430 example. Hu25UIyNPmvPIVBrldN+9Mlp9Zql39qaUd8iq4ZLlYWfUUbbAS41pG+6 8z81q1xhkYAcEyHdVI2LmKusbZsT0Q==
+ k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN NSEC3 1 1 12 AABBCCDD KOHAR7MBB8DC2CE8A9QVL8HON4K53UHI
+ k8udemvp1j2f7eg6jebps17vp3n8i58h.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. FtXGbvF0+wf8iWkyo73enAuVx03klN+pILBKS6qCcftVtfH4yVzsEZqu J27NHR7ruxJWDNMtOtx7w9WfcIg62A==
+ r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN NSEC3 1 1 12 AABBCCDD T644EBQK9BIBCNA874GIVR6JOJ62MLHV MX RRSIG
+ r53bq7cc2uvmubfu5ocmm6pers9tk9en.example. 3600 IN RRSIG NSEC3 7 2 3600 20150420235959 20051021000000 40430 example. aupviViruXs4bDg9rCbezzBMf9h1ZlDvbW/CZFKulIGXXLj8B/fsDJar XVDA9bnUoRhEbKp+HF1FWKW7RIJdtQ==
+ """
Scenario: Wildcard other: Wildcard name itself
Given I have bind10 running with configuration nsec3/nsec3_auth.config
More information about the bind10-changes
mailing list