BIND 10 trac1579, updated. 29e01b55a5acd72e651c2b2bd5cc63ffe8b21da8 [1579] adjust codes after discussion with jinmei. append more unit tests for negative case in find function
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Mar 22 13:27:27 UTC 2012
The branch, trac1579 has been updated
via 29e01b55a5acd72e651c2b2bd5cc63ffe8b21da8 (commit)
from c96ac865ac20c4e80b3206a00c15fa998cb85bfd (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 29e01b55a5acd72e651c2b2bd5cc63ffe8b21da8
Author: haikuo zhang <zhanghaikuo at cnnic.cn>
Date: Thu Mar 22 21:23:55 2012 +0800
[1579] adjust codes after discussion with jinmei. append more unit
tests for negative case in find function
-----------------------------------------------------------------------
Summary of changes:
src/lib/datasrc/database.cc | 93 ++++++++++++++++++----------
src/lib/datasrc/tests/database_unittest.cc | 80 ++++++++++++++++++++++--
2 files changed, 134 insertions(+), 39 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 3f433c9..83d66ce 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -330,6 +330,17 @@ NSEC_TYPES() {
}
const WantedTypes&
+NSEC3PARAM_TYPES() {
+ static bool initialized(false);
+ static WantedTypes result;
+ if (!initialized) {
+ result.insert(RRType::NSEC3PARAM());
+ initialized = true;
+ }
+ return (result);
+}
+
+const WantedTypes&
DELEGATION_TYPES() {
static bool initialized(false);
static WantedTypes result;
@@ -812,18 +823,6 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
target)
{
const bool dnssec_data = ((options & FIND_DNSSEC) != 0);
- //verify whether the zonefile is signed by NSEC3 method
- //If the NSEC3PARAMETER type exists in the zonefile,NSEC3 is definitly used
- //in this zone signature.
- bool is_nsec3 = false;
- WantedTypes nsec3PARAM;
- nsec3PARAM.insert(RRType::NSEC3PARAM());
- const FoundRRsets NSEC3Found = getRRsets(origin_.toText(), nsec3PARAM,
- false);
- const FoundIterator nfi(NSEC3Found.second.find(RRType::NSEC3PARAM()));
- if (nfi != NSEC3Found.second.end()) {
- is_nsec3 = true;
- }
// On entry to this method, we know that the database doesn't have any
// entry for this name. Before returning NXDOMAIN, we need to check
// for special cases.
@@ -836,16 +835,9 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
DATASRC_DATABASE_FOUND_EMPTY_NONTERMINAL).
arg(accessor_->getDBName()).arg(name);
const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
- ConstRRsetPtr();
- if (is_nsec3 == true) {
- return (ResultContext(NXRRSET, nsec,
- nsec ? RESULT_NSEC_SIGNED :
- RESULT_NSEC3_SIGNED));
- } else {
- return (ResultContext(NXRRSET, nsec,
- nsec ? RESULT_NSEC_SIGNED :
- RESULT_DEFAULT));
- }
+ ConstRRsetPtr();
+ return (ResultContext(NXRRSET, nsec, nsec ? RESULT_NSEC_SIGNED :
+ RESULT_DEFAULT));
} else if ((options & NO_WILDCARD) == 0) {
// It's not an empty non-terminal and wildcard matching is not
// disabled, so check for wildcards. If there is a wildcard match
@@ -864,13 +856,8 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
arg(accessor_->getDBName()).arg(name).arg(type).arg(getClass());
const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
ConstRRsetPtr();
- if (is_nsec3 == true) {
- return (ResultContext(NXDOMAIN, nsec,
- nsec ? RESULT_NSEC_SIGNED : RESULT_NSEC3_SIGNED));
- } else {
- return (ResultContext(NXDOMAIN, nsec,
- nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
- }
+ return (ResultContext(NXDOMAIN, nsec,
+ nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
}
ZoneFinder::ResultContext
@@ -920,16 +907,56 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
const FoundRRsets found = getRRsets(name.toText(), final_types,
!is_origin, NULL,
type == RRType::ANY());
-
+ // verify whether the zonefile is signed by NSEC3 method
+ // If the NSEC3PARAMETER type exists in the zonefile,NSEC3 is definitly used
+ // in this zone signature.
+ bool is_nsec3 = false;
+ const FoundRRsets nsec3_found = getRRsets(origin_.toText(), NSEC3PARAM_TYPES(),
+ false);
+ const FoundIterator nfi(nsec3_found.second.find(RRType::NSEC3PARAM()));
+ if (nfi != nsec3_found.second.end()) {
+ is_nsec3 = true;
+ }
if (found.first) {
// Something found at the domain name. Look into it further to get
// the final result.
- return (findOnNameResult(name, type, options, is_origin, found, NULL,
- target));
+ if (true == is_nsec3) {
+ const ZoneFinder::ResultContext result_context =
+ findOnNameResult(name, type, options, is_origin, found, NULL,
+ target);
+ if ((result_context.code & NXRRSET) ||
+ (result_context.flags & RESULT_WILDCARD)) {
+ return (ZoneFinder::ResultContext(result_context.code,
+ result_context.rrset,
+ (result_context.flags |
+ RESULT_NSEC3_SIGNED)));
+ } else {
+ return result_context;
+ }
+ } else {
+ return (findOnNameResult(name, type, options, is_origin, found, NULL,
+ target));
+ }
} else {
// Did not find anything at all at the domain name, so check for
// subdomains or wildcards.
- return (findNoNameResult(name, type, options, dresult, target));
+ if (true == is_nsec3) {
+ // NSEC3 is used for this zonefile
+ const ZoneFinder::ResultContext result_context =
+ findNoNameResult(name, type, options, dresult, target);
+ if ((result_context.code & (NXRRSET | NXDOMAIN)) ||
+ (result_context.flags & RESULT_WILDCARD)){
+ // NXRRSET NXDOMAIN and wildcard should set RESULT_NSEC3_SIGNED
+ return (ZoneFinder::ResultContext(result_context.code,
+ result_context.rrset,
+ (result_context.flags |
+ RESULT_NSEC3_SIGNED)));
+ } else {
+ return result_context;
+ }
+ } else {
+ return (findNoNameResult(name, type, options, dresult, target));
+ }
}
}
diff --git a/src/lib/datasrc/tests/database_unittest.cc b/src/lib/datasrc/tests/database_unittest.cc
index 11a91d9..48999a3 100644
--- a/src/lib/datasrc/tests/database_unittest.cc
+++ b/src/lib/datasrc/tests/database_unittest.cc
@@ -2281,12 +2281,50 @@ TYPED_TEST(DatabaseClientTest, wildcardNXRRSET_NSEC) {
Name("*.wild.example.org"), ZoneFinder::FIND_DNSSEC);
}
-TYPED_TEST(DatabaseClientTest,dbNegativeCaseFind){
- //ZoneFinder::find() for negative case should show whether the zone is
- //signed by NSEC or NSEC3,that is good for upper layer caller.
+TYPED_TEST(DatabaseClientTest, dbNegativeCaseFind) {
+ // ZoneFinder::find() for negative cases should show whether the zone is
+ // signed by NSEC or NSEC3,that is good for upper layer caller.
- //First off, add an NSEC3PARAM RR
+ // First off, everything should be okay if no NSEC3PARAM rrset
this->updater_ = this->client_->getUpdater(this->zname_, false);
+ this->expected_rdatas_.clear();
+ this->expected_sig_rdatas_.clear();
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("doesnotexist.example.org."),
+ this->qtype_, this->qtype_, this->rrttl_,
+ ZoneFinder::NXDOMAIN, this->expected_rdatas_,
+ this->expected_sig_rdatas_);
+ this->expected_rdatas_.clear();
+ this->expected_sig_rdatas_.clear();
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("www.example.org."),
+ isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+ this->rrttl_,
+ ZoneFinder::NXRRSET,
+ this->expected_rdatas_, this->expected_sig_rdatas_);
+ this->expected_rdatas_.push_back("192.0.2.5");
+ this->expected_sig_rdatas_.push_back("A 5 3 3600 20000101000000 "
+ "20000201000000 12345 example.org. "
+ "FAKEFAKEFAKE");
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("b.a.wild.example.org"),
+ this->qtype_, this->qtype_, this->rrttl_, ZoneFinder::SUCCESS,
+ this->expected_rdatas_, this->expected_sig_rdatas_,
+ ZoneFinder::RESULT_WILDCARD);
+ this->expected_rdatas_.clear();
+ this->expected_sig_rdatas_.clear();
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("b.a.wild.example.org"),
+ isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+ this->rrttl_, ZoneFinder::NXRRSET, this->expected_rdatas_,
+ this->empty_rdatas_,
+ ZoneFinder::RESULT_WILDCARD);
+
+ // Then,If NSEC3PARAM exists in zonefile,the flags of result should
+ // contain RESULT_NSEC3_SIGNED flag when NXDOMAIN NXRRSET or wildcard
+
+ // Add NSEC3PARAM RRSET to zonefile. It looks weird if zonefile only have
+ // NSEC3PARM RRSET, but it is okay for unit test.
this->rrset_.reset(new RRset(this->zname_, this->qclass_,
isc::dns::RRType::NSEC3PARAM(),
this->rrttl_));
@@ -2294,16 +2332,46 @@ TYPED_TEST(DatabaseClientTest,dbNegativeCaseFind){
this->rrset_->getClass(),
"1 0 12 aabbccdd"));
this->updater_->addRRset(*this->rrset_);
+
+ // check NXDOMAIN
this->expected_rdatas_.clear();
this->expected_sig_rdatas_.clear();
- //If there is a NSEC3PARM RRset, the result of find() function should
- //contain RESULT_NSEC3_SIGNED flag when NXDOMAIN or NXRRSET.
doFindTest(this->updater_->getFinder(),
isc::dns::Name("doesnotexist.example.org."),
this->qtype_, this->qtype_, this->rrttl_,
ZoneFinder::NXDOMAIN, this->expected_rdatas_,
this->expected_sig_rdatas_,
ZoneFinder::RESULT_NSEC3_SIGNED);
+ // check NXRRSET
+ this->expected_rdatas_.clear();
+ this->expected_sig_rdatas_.clear();
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("www.example.org."),
+ isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+ this->rrttl_,
+ ZoneFinder::NXRRSET,
+ this->expected_rdatas_, this->expected_sig_rdatas_,
+ ZoneFinder::RESULT_NSEC3_SIGNED);
+ // check flags if wildcard matches
+ this->expected_rdatas_.push_back("192.0.2.5");
+ this->expected_sig_rdatas_.push_back("A 5 3 3600 20000101000000 "
+ "20000201000000 12345 example.org. "
+ "FAKEFAKEFAKE");
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("b.a.wild.example.org"),
+ this->qtype_, this->qtype_, this->rrttl_, ZoneFinder::SUCCESS,
+ this->expected_rdatas_, this->expected_sig_rdatas_,
+ ZoneFinder::RESULT_WILDCARD | ZoneFinder::RESULT_NSEC3_SIGNED);
+ // check flags if NXRRSET in wildcard case
+ this->expected_rdatas_.clear();
+ this->expected_sig_rdatas_.clear();
+ doFindTest(this->updater_->getFinder(),
+ isc::dns::Name("b.a.wild.example.org"),
+ isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+ this->rrttl_, ZoneFinder::NXRRSET, this->expected_rdatas_,
+ this->empty_rdatas_,
+ ZoneFinder::RESULT_WILDCARD | ZoneFinder::RESULT_NSEC3_SIGNED);
+
}
TYPED_TEST(DatabaseClientTest, NXDOMAIN_NSEC) {
More information about the bind10-changes
mailing list