make sure our NSEC(3)s for names with spaces in them are correct. Reported by Jimmy Bergman. Includes test. Needs additional recursor verification.

Author: Peter van Dijk

pdns/dnsparser.cc

@@ -502,8 +502,13 @@ void PacketReader::xfrHexBlob(string& blob, bool keepReading)
   xfrBlob(blob);
 }
 
-string simpleCompress(const string& label, const string& root)
+string simpleCompress(const string& elabel, const string& root)
 {
+  string label=elabel;
+  // FIXME: this relies on the semi-canonical escaped output from getLabelFromContent
+  boost::replace_all(label, "\\.", ".");
+  boost::replace_all(label, "\\032", " ");
+  boost::replace_all(label, "\\\\", "\\"); 
   typedef vector<pair<unsigned int, unsigned int> > parts_t;
   parts_t parts;
   vstringtok(parts, label, ".");

pdns/dnswriter.cc

@@ -237,6 +237,7 @@ void DNSPacketWriter::xfrLabel(const string& Label, bool compress)
 
     if(unescaped) {
       string part(label.c_str() + i -> first, i->second - i->first);
+      // FIXME: this relies on the semi-canonical escaped output from getLabelFromContent
       boost::replace_all(part, "\\.", ".");
       boost::replace_all(part, "\\032", " ");
       boost::replace_all(part, "\\\\", "\\"); 

regression-tests/space-name/command

@@ -0,0 +1,2 @@
+#!/bin/sh
+cleandig 'space name'.example.com A dnssec

regression-tests/space-name/description

@@ -0,0 +1,2 @@
+Make sure we answer queries with spaces in the name correctly, including the
+right NSEC(3) records.

regression-tests/space-name/expected_result

@@ -0,0 +1,11 @@
+1	9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.	IN	NSEC3	86400	1 1 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2
+1	9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	gl4qf9db2fkivonidgs9954bhkhpvviq.example.com.	IN	NSEC3	86400	1 1 1 abcd GL4QF9DB2FKIVONIDGS9954BHKHPVVIS
+1	gl4qf9db2fkivonidgs9954bhkhpvviq.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.	IN	NSEC3	86400	1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1	vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='space\032name.example.com.', qtype=A

regression-tests/space-name/expected_result.narrow

@@ -0,0 +1,11 @@
+1	9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.	IN	NSEC3	86400	1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1	9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	gl3vilecelbsri6t44urj9lp6m5853mq.example.com.	IN	NSEC3	86400	1 1 1 abcd GL5I9VH027O95O1M3UTE1A8KR1TJ253D A RRSIG
+1	gl3vilecelbsri6t44urj9lp6m5853mq.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.	IN	NSEC3	86400	1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1	vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='space\032name.example.com.', qtype=A