fix NSEC for asterisk ents and add test

modules/tinydnsbackend/data

@@ -20017,7 +20017,7 @@ Cexternal.example.com:somewhere.else.net.:120
 +host-9998.example.com:192.168.1.14:120
 +host-9999.example.com:192.168.1.15:120
 :hwinfo.example.com:13:\003abc\003def:120
-3ipv6.example.com:200106a80000000102104bfffe4b4c61:120
+:ipv6.example.com:28:\040\001\006\250\000\000\000\001\002\020K\377\376KLa:120
 &italy.example.com::italy-ns1.example.com.:120
 &italy.example.com::italy-ns2.example.com.:120
 +italy-ns1.example.com:192.168.5.1:120
@@ -20047,6 +20047,7 @@ Cstart1.example.com:start2.example.com.:120
 Cstart2.example.com:start3.example.com.:120
 Cstart3.example.com:start4.example.com.:120
 +start4.example.com:192.168.2.2:120
++host.\052.sub.example.com:192.168.6.1:120
 :text.example.com:16:\025Hi\054\040this\040is\040some\040text:120
 :text0.example.com:16:\014k\075rsa\073\040p\075one:120
 :text1.example.com:16:\014k\075rsa\073\040p\075one:120

pdns/packethandler.cc

@@ -671,7 +671,7 @@ void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, co
 
   if (mode == 2) {
     // wildcard NO-DATA
-    before='.';
+    before.clear();
     sd.db->getBeforeAndAfterNames(sd.domain_id, auth, wildcard, before, after);
     emitNSEC(before, after, target, sd, r, mode);
   }

regression-tests.nobackend/tinydns-data-check/expected_result

@@ -1,4 +1,4 @@
-f1eebfc1577c3dcf26b4390fbc7bb0b2  ../regression-tests/example.com
+4bc48a8d9b8d04b553be67639e5656e8  ../regression-tests/example.com
 a2dd754820cb88fdd3d80b54a212a270  ../regression-tests/test.com
 21213b4e8cd56e4184696a1bafd987d7  ../regression-tests/wtest.com
 6e4ac6e3a6cd717df107a7bc2e466ac7  ../regression-tests/dnssec-parent.com

regression-tests/ent-asterisk/command

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig sub.host.sub.example.com a dnssec

regression-tests/ent-asterisk/description

@@ -0,0 +1 @@
+Check if asterisk empty non-terminal is interpreted as wildcard wihout type

regression-tests/ent-asterisk/expected_result

@@ -0,0 +1,4 @@
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A

regression-tests/ent-asterisk/expected_result.dnssec

@@ -0,0 +1,10 @@
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	host.*.sub.example.com.	IN	NSEC	86400	text.example.com. A RRSIG NSEC
+1	host.*.sub.example.com.	IN	RRSIG	86400	NSEC 8 5 86400 [expiry] [inception] [keytag] example.com. ...
+1	start4.example.com.	IN	NSEC	86400	host.*.sub.example.com. A RRSIG NSEC
+1	start4.example.com.	IN	RRSIG	86400	NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A
+./ent-asterisk/unbound-host.out:sub.host.sub.example.com has no address (BOGUS (security failure))

regression-tests/ent-asterisk/expected_result.narrow

@@ -0,0 +1,11 @@
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd 5UI8H56R4776MAICVHPDEGS6CHR19I9A
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd HHRSADPARTHVTUOU67TRENTJSTDODLA1
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd PBL3RTQV3MT7EB29GQP0A17O0H42NJ78
+1	pbl3rtqv3mt7eb29gqp0a17o0h42nj76.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A

regression-tests/ent-asterisk/expected_result.nsec3

@@ -0,0 +1,11 @@
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd 5UMB87SUFNRRMLILGL48A5GUUHG7RI58
+1	5ui8h56r4776maicvhpdegs6chr19i99.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	RRSIG	86400	SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1	example.com.	IN	SOA	86400	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd HHTKKD5HB125SGANBTKMQK84LULH60LH
+1	hhrsadparthvtuou67trentjstdodla0.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1	pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.	IN	NSEC3	86400	1 [flags] 1 abcd PBL4SE96F8T4H4Q24UQMRQ4KS96AHPV3 A RRSIG
+1	pbkjnd53pnsru5jmaqnk3k936pv2pq5j.example.com.	IN	RRSIG	86400	NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2	.	IN	OPT	32768	
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='sub.host.sub.example.com.', qtype=A

regression-tests/example.com

@@ -93,7 +93,8 @@ text0			IN	TXT	"k=rsa; p=one"
 text1			IN	TXT	"k=rsa\; p=one"
 text2			IN	TXT	"k=rsa\\; p=one"
 text3			IN	TXT	"k=rsa\\\; p=one"
-
+;
+host.*.sub		IN	A	192.168.6.1
 ;
 ipv6			IN	AAAA	2001:6A8:0:1:210:4BFF:FE4B:4C61
 ;