fix NSEC for asterisk ents and add test

mind04 · mind04 · commit 74baf86b92c2 · 2013-11-22T01:02:29.000+01:00
diff --git a/modules/tinydnsbackend/data b/modules/tinydnsbackend/data
@@ -20017,7 +20017,7 @@ Cexternal.example.com:somewhere.else.net.:120
 +host-9998.example.com:192.168.1.14:120
 +host-9999.example.com:192.168.1.15:120
 :hwinfo.example.com:13:\003abc\003def:120
-3ipv6.example.com:200106a80000000102104bfffe4b4c61:120
+:ipv6.example.com:28:\040\001\006\250\000\000\000\001\002\020K\377\376KLa:120
 &italy.example.com::italy-ns1.example.com.:120
 &italy.example.com::italy-ns2.example.com.:120
 +italy-ns1.example.com:192.168.5.1:120
@@ -20047,6 +20047,7 @@ Cstart1.example.com:start2.example.com.:120
 Cstart2.example.com:start3.example.com.:120
 Cstart3.example.com:start4.example.com.:120
 +start4.example.com:192.168.2.2:120
++host.\052.sub.example.com:192.168.6.1:120
 :text.example.com:16:\025Hi\054\040this\040is\040some\040text:120
 :text0.example.com:16:\014k\075rsa\073\040p\075one:120
 :text1.example.com:16:\014k\075rsa\073\040p\075one:120
diff --git a/modules/tinydnsbackend/data.cdb b/modules/tinydnsbackend/data.cdb
diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
@@ -671,7 +671,7 @@ void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, co
 
   if (mode == 2) {
     // wildcard NO-DATA
-    before='.';
+    before.clear();
     sd.db->getBeforeAndAfterNames(sd.domain_id, auth, wildcard, before, after);
     emitNSEC(before, after, target, sd, r, mode);
   }
diff --git a/regression-tests.nobackend/tinydns-data-check/expected_result b/regression-tests.nobackend/tinydns-data-check/expected_result
@@ -1,4 +1,4 @@
-f1eebfc1577c3dcf26b4390fbc7bb0b2  ../regression-tests/example.com
+4bc48a8d9b8d04b553be67639e5656e8  ../regression-tests/example.com
 a2dd754820cb88fdd3d80b54a212a270  ../regression-tests/test.com
 21213b4e8cd56e4184696a1bafd987d7  ../regression-tests/wtest.com
 6e4ac6e3a6cd717df107a7bc2e466ac7  ../regression-tests/dnssec-parent.com
diff --git a/regression-tests/ent-asterisk/command b/regression-tests/ent-asterisk/command
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig sub.host.sub.example.com a dnssec
diff --git a/regression-tests/ent-asterisk/description b/regression-tests/ent-asterisk/description
@@ -0,0 +1 @@
+Check if asterisk empty non-terminal is interpreted as wildcard wihout type
diff --git a/regression-tests/ent-asterisk/expected_result b/regression-tests/ent-asterisk/expected_result
@@ -0,0 +1,4 @@
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A
diff --git a/regression-tests/ent-asterisk/expected_result.dnssec b/regression-tests/ent-asterisk/expected_result.dnssec
@@ -0,0 +1,10 @@
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	host.*.sub.example.com.	IN	NSEC	86400	text.example.com. A RRSIG NSEC
+1	host.*.sub.example.com.	IN	RRSIG	86400	NSEC 8 5 86400 [expiry] [inception] [keytag] example.com. ...
+1	start4.example.com.	IN	NSEC	86400	host.*.sub.example.com. A RRSIG NSEC
+1	start4.example.com.	IN	RRSIG	86400	NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A
+./ent-asterisk/unbound-host.out:sub.host.sub.example.com has no address (BOGUS (security failure))
diff --git a/regression-tests/ent-asterisk/expected_result.narrow b/regression-tests/ent-asterisk/expected_result.narrow
@@ -0,0 +1,11 @@
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd 5UI8H56R4776MAICVHPDEGS6CHR19I9A
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd HHRSADPARTHVTUOU67TRENTJSTDODLA1
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd PBL3RTQV3MT7EB29GQP0A17O0H42NJ78
+1	pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A
diff --git a/regression-tests/ent-asterisk/expected_result.nsec3 b/regression-tests/ent-asterisk/expected_result.nsec3
@@ -0,0 +1,11 @@
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd 5UMB87SUFNRRMLILGL48A5GUUHG7RI58
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd HHTKKD5HB125SGANBTKMQK84LULH60LH
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd PBL4SE96F8T4H4Q24UQMRQ4KS96AHPV3 A RRSIG
+1	pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A
diff --git a/regression-tests/ent-asterisk/skip.noent b/regression-tests/ent-asterisk/skip.noent
diff --git a/regression-tests/example.com b/regression-tests/example.com
@@ -93,7 +93,8 @@ text0			IN	TXT	"k=rsa; p=one"
 text1			IN	TXT	"k=rsa\; p=one"
 text2			IN	TXT	"k=rsa\\; p=one"
 text3			IN	TXT	"k=rsa\\\; p=one"
-
+;
+host.*.sub		IN	A	192.168.6.1
 ;
 ipv6			IN	AAAA	2001:6A8:0:1:210:4BFF:FE4B:4C61
 ;

Original file line number	Diff line number	Diff line change
`@@ -671,7 +671,7 @@ void PacketHandler::addNSEC(DNSPacket p, DNSPacket r, const string& target, co`
`671`	`671`
`672`	`672`	`if (mode == 2) {`
`673`	`673`	`// wildcard NO-DATA`
`674`		`- before='.';`
	`674`	`+ before.clear();`
`675`	`675`	`sd.db->getBeforeAndAfterNames(sd.domain_id, auth, wildcard, before, after);`
`676`	`676`	`emitNSEC(before, after, target, sd, r, mode);`
`677`	`677`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-f1eebfc1577c3dcf26b4390fbc7bb0b2 ../regression-tests/example.com`
	`1`	`+4bc48a8d9b8d04b553be67639e5656e8 ../regression-tests/example.com`
`2`	`2`	`a2dd754820cb88fdd3d80b54a212a270 ../regression-tests/test.com`
`3`	`3`	`21213b4e8cd56e4184696a1bafd987d7 ../regression-tests/wtest.com`
`4`	`4`	`6e4ac6e3a6cd717df107a7bc2e466ac7 ../regression-tests/dnssec-parent.com`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+#!/bin/sh`
	`2`	`+`
	`3`	`+cleandig sub.host.sub.example.com a dnssec`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+Check if asterisk empty non-terminal is interpreted as wildcard wihout type`