Permalink
Browse files

Fix closest encloser proof for wildcard nodata answers.

Add some tests to make sure I won't break this again...
  • Loading branch information...
1 parent 213ec4a commit cd30e9413228034a8fe975668ac102739e618b33 @mind04 mind04 committed with mind04 Aug 31, 2013
@@ -589,11 +589,13 @@ void PacketHandler::addNSEC3(DNSPacket *p, DNSPacket *r, const string& target, c
// cerr<<"salt in ph: '"<<makeHexDump(ns3rc.d_salt)<<"', narrow="<<narrow<<endl;
string unhashed, hashed, before, after;
- string closest=(mode == 3 || mode == 4) ? wildcard : target;
+ string closest;
if (mode == 2 || mode == 3 || mode == 4) {
+ closest=wildcard;
chopOff(closest);
- }
+ } else
+ closest=target;
if (mode == 1) {
DNSResourceRecord rr;
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig second.first.something.wtest.com TXT dnssec
@@ -0,0 +1 @@
+Check NSECx response for wildcards no data asnwers (mode 2)
@@ -0,0 +1,9 @@
+1 *.something.wtest.com. IN NSEC 86400 a.something.wtest.com. A RRSIG NSEC
+1 *.something.wtest.com. IN RRSIG 86400 NSEC 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 a.something.wtest.com. IN NSEC 86400 wtest.com. A RRSIG NSEC
+1 a.something.wtest.com. IN RRSIG 86400 NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 wtest.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 wtest.com. IN SOA 3600 ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=TXT
@@ -0,0 +1,11 @@
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd D0RJLF3TFUL8JFJK86VI5CE50NUEA9A8
+1 d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd PD15QDSJJBFOSU5FG2OQRNLB8R8OIFL7 A RRSIG
+1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 wtest.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 wtest.com. IN SOA 3600 ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=TXT
@@ -0,0 +1,11 @@
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd J02K7MH36PLGFKRS6UTOCESCCQ5P7EOB A RRSIG
+1 cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+1 pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 wtest.com. IN RRSIG 3600 SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 wtest.com. IN SOA 3600 ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=TXT
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cleandig second.first.something.wtest.com A dnssec
@@ -0,0 +1 @@
+Check NSECx response for wildcard asnwers (mode 3)
@@ -0,0 +1,7 @@
+0 second.first.something.wtest.com. IN A 3600 4.3.2.1
+0 second.first.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 a.something.wtest.com. IN NSEC 86400 wtest.com. A RRSIG NSEC
+1 a.something.wtest.com. IN RRSIG 86400 NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=A
@@ -0,0 +1,9 @@
+0 second.first.something.wtest.com. IN A 3600 4.3.2.1
+0 second.first.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd D0RJLF3TFUL8JFJK86VI5CE50NUEA9A8
+1 d0rjlf3tful8jfjk86vi5ce50nuea9a6.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=A
@@ -0,0 +1,9 @@
+0 second.first.something.wtest.com. IN A 3600 4.3.2.1
+0 second.first.something.wtest.com. IN RRSIG 3600 A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1 54njs65s8u96tkffrft6l7j1t1556vik.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1 cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com. IN NSEC3 86400 1 [flags] 1 abcd J02K7MH36PLGFKRS6UTOCESCCQ5P7EOB A RRSIG
+1 cv382m4jqhle9u45mdqfh64vp0jbfpn5.wtest.com. IN RRSIG 86400 NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2 . IN OPT 32768
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='second.first.something.wtest.com.', qtype=A

0 comments on commit cd30e94

Please sign in to comment.