[1580] Add NSEC3 process for NXDOMAIN.

src/bin/auth/query.cc

@@ -188,7 +188,7 @@ Query::addNSEC3NXDOMAINProof(ZoneFinder& finder) {
                        boost::const_pointer_cast<AbstractRRset>(fresult1.closest_proof),
                        dnssec_);
     // Add the NSEC3 RR that covers the "next closer" name to the closest encloser
-    if (fresult1.next_proof->getRdataCount() == 0) {
+    if (fresult1.next_proof) {
         response_.addRRset(Message::SECTION_AUTHORITY,
                            boost::const_pointer_cast<AbstractRRset>(fresult1.next_proof), 
                            dnssec_);
@@ -452,12 +452,12 @@ Query::process() {
         case ZoneFinder::NXDOMAIN:
             response_.setRcode(Rcode::NXDOMAIN());
             addSOA(*result.zone_finder);
-            if (dnssec_ && db_result.isNSECSigned()) {
-                addNXDOMAINProof(zfinder, db_result.rrset);
-                break;
-            }
             if (dnssec_ && db_result.isNSEC3Signed()) {
                 addNSEC3NXDOMAINProof(zfinder);
+                break;
+            }
+            if (dnssec_ && db_result.rrset) {
+                addNXDOMAINProof(zfinder, db_result.rrset);
             }
             break;
         case ZoneFinder::NXRRSET:

src/bin/auth/tests/query_unittest.cc

@@ -1632,35 +1632,22 @@ TEST_F(QueryTest, nxdomainWithNSEC3Proof) {
     mock_finder->setNSEC3Flag(true);
     Query(memory_client, Name("nxdomain.example.com"), qtype,
               response, true).process();
-
-    std::cout<<response.toText()<<std::endl;
     responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
                   NULL, (string(soa_txt) +
                          string("example.com. 3600 IN RRSIG ") +
                          getCommonRRSIGText("SOA") + "\n" +
                          string(nsec3_apex_txt) + "\n" +
                          string("0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG ") +
-                         getCommonRRSIGText("NSEC") + "\n" +
+                         getCommonRRSIGText("NSEC3") + "\n" +
                          string(nsec3_www_txt) + "\n" +
                          string("q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG ") +
-                         getCommonRRSIGText("NSEC")).c_str(),
+                         getCommonRRSIGText("NSEC3")).c_str(),
                   NULL, mock_finder->getOrigin());
-
 }
 
 // The following are tentative tests until we really add tests for the
 // query logic for these cases.  At that point it's probably better to
 // clean them up.
-TEST_F(QueryTest, nxdomainWithNSEC3) {
-    mock_finder->setNSEC3Flag(true);
-    ZoneFinder::FindResult result = mock_finder->find(
-        Name("nxdomain.example.com"), RRType::A(), ZoneFinder::FIND_DNSSEC);
-    EXPECT_EQ(ZoneFinder::NXDOMAIN, result.code);
-    EXPECT_FALSE(result.rrset);
-    EXPECT_TRUE(result.isNSEC3Signed());
-    EXPECT_FALSE(result.isWildcard());
-}
-
 TEST_F(QueryTest, nxrrsetWithNSEC3) {
     mock_finder->setNSEC3Flag(true);
     ZoneFinder::FindResult result = mock_finder->find(