Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[master] Merge branch 'trac2586'

JINMEI Tatuya 12 years ago
parent
24b3e0cb75 8d1f4d45b8
commit
3a3c7f52a1
2 changed files with 11 additions and 24 deletions
Unified View Show Diff Stats
  1. 4 17
      src/bin/auth/tests/query_unittest.cc
  2. 7 7
      src/bin/auth/tests/testdata/example-base-inc.zone

+ 4 - 17
src/bin/auth/tests/query_unittest.cc
View File 

@@ -1372,17 +1372,11 @@ TEST_P(QueryTest, nxdomainWithNSEC) {
 
 }
 
 }
 
 
 
 TEST_P(QueryTest, nxdomainWithNSEC2) {
 
 TEST_P(QueryTest, nxdomainWithNSEC2) {
 
-    // there seems to be a bug in the SQLite3 (or database in general) data
 
-    // source and this doesn't work (Trac #2586).
 
-    if (GetParam() == SQLITE3) {
 
-        return;
 
-    }
 
-
 
     // See comments about no_txt.  In this case the best possible wildcard
 
     // See comments about no_txt.  In this case the best possible wildcard
 
     // is derived from the next domain of the NSEC that proves NXDOMAIN, and
 
     // is derived from the next domain of the NSEC that proves NXDOMAIN, and
 
     // the NSEC to provide the non existence of wildcard is different from
 
     // the NSEC to provide the non existence of wildcard is different from
 
     // the first NSEC.
 
     // the first NSEC.
 
-    query.process(*list_, Name("(.no.example.com"), qtype, response,
 
+    query.process(*list_, Name("!.no.example.com"), qtype, response,
 
                   true);
 
                   true);
 
     responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
 
     responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
 
                   NULL, (string(soa_minttl_txt) +
 
                   NULL, (string(soa_minttl_txt) +
 
@@ -1392,19 +1386,12 @@ TEST_P(QueryTest, nxdomainWithNSEC2) {
 
                          string("mx.example.com. 3600 IN RRSIG ") +
 
                          string("mx.example.com. 3600 IN RRSIG ") +
 
                          getCommonRRSIGText("NSEC") + "\n" +
 
                          getCommonRRSIGText("NSEC") + "\n" +
 
                          string(nsec_no_txt) + "\n" +
 
                          string(nsec_no_txt) + "\n" +
 
-                         string(").no.example.com. 3600 IN RRSIG ") +
 
+                         string("&.no.example.com. 3600 IN RRSIG ") +
 
                          getCommonRRSIGText("NSEC")).c_str(),
 
                          getCommonRRSIGText("NSEC")).c_str(),
 
                   NULL, mock_finder->getOrigin());
 
                   NULL, mock_finder->getOrigin());
 
 }
 
 }
 
 
 
 TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
 
 TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
 
-    // there seems to be a bug in the SQLite3 (or database in general) data
 
-    // source and this doesn't work.  This is probably the same type of bug
 
-    // as nxdomainWithNSEC2 (Trac #2586).
 
-    if (GetParam() == SQLITE3) {
 
-        return;
 
-    }
 
-
 
     // See comments about nz_txt.  In this case we only need one NSEC,
 
     // See comments about nz_txt.  In this case we only need one NSEC,
 
     // which proves both NXDOMAIN and the non existence of wildcard.
 
     // which proves both NXDOMAIN and the non existence of wildcard.
 
     query.process(*list_, Name("nx.no.example.com"), qtype, response,
 
     query.process(*list_, Name("nx.no.example.com"), qtype, response,
 
@@ -1414,7 +1401,7 @@ TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
 
                          string("example.com. 0 IN RRSIG ") +
 
                          string("example.com. 0 IN RRSIG ") +
 
                          getCommonRRSIGText("SOA") + "\n" +
 
                          getCommonRRSIGText("SOA") + "\n" +
 
                          string(nsec_no_txt) + "\n" +
 
                          string(nsec_no_txt) + "\n" +
 
-                         string(").no.example.com. 3600 IN RRSIG ") +
 
+                         string("&.no.example.com. 3600 IN RRSIG ") +
 
                          getCommonRRSIGText("NSEC")).c_str(),
 
                          getCommonRRSIGText("NSEC")).c_str(),
 
                   NULL, mock_finder->getOrigin());
 
                   NULL, mock_finder->getOrigin());
 
 }
 
 }
 
@@ -1528,7 +1515,7 @@ TEST_P(QueryTest, nxrrsetWithNSEC) {
 
 TEST_P(QueryTest, emptyNameWithNSEC) {
 
 TEST_P(QueryTest, emptyNameWithNSEC) {
 
     // Empty non terminal with DNSSEC proof.  This is one of the cases of
 
     // Empty non terminal with DNSSEC proof.  This is one of the cases of
 
     // Section 3.1.3.2 of RFC4035.
 
     // Section 3.1.3.2 of RFC4035.
 
-    // mx.example.com. NSEC ).no.example.com. proves no.example.com. is a
 
+    // mx.example.com. NSEC &.no.example.com. proves no.example.com. is a
 
     // non empty terminal node.  Note that it also implicitly proves there
 
     // non empty terminal node.  Note that it also implicitly proves there
 
     // should be no closer wildcard match (because the empty name is an
 
     // should be no closer wildcard match (because the empty name is an
 
     // exact match), so we only need one NSEC.
 
     // exact match), so we only need one NSEC.

+ 7 - 7
src/bin/auth/tests/testdata/example-base-inc.zone
View File 

@@ -150,32 +150,32 @@ t.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 e
 
 ;; the best possible wildcard is below the "next domain" of the NSEC RR that
 
 ;; the best possible wildcard is below the "next domain" of the NSEC RR that
 
 ;; proves the NXDOMAIN, i.e.,
 
 ;; proves the NXDOMAIN, i.e.,
 
 ;; mx.example.com. (exist)
 
 ;; mx.example.com. (exist)
 
-;; (.no.example.com. (qname, NXDOMAIN)
 
-;; ).no.example.com. (exist)
 
+;; !.no.example.com. (qname, NXDOMAIN)
 
+;; &.no.example.com. (exist)
 
 ;; *.no.example.com. (best possible wildcard, not exist)
 
 ;; *.no.example.com. (best possible wildcard, not exist)
 
 ;var=no_txt
 
 ;var=no_txt
 
-\).no.example.com. 3600 IN AAAA 2001:db8::53
 
+&.no.example.com. 3600 IN AAAA 2001:db8::53
 
 ;; NSEC records.
 
 ;; NSEC records.
 
 ;var=nsec_apex_txt
 
 ;var=nsec_apex_txt
 
 example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
 
 example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
 
 ;var=
 
 ;var=
 
 example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 ;var=nsec_mx_txt
 
 ;var=nsec_mx_txt
 
-mx.example.com. 3600 IN NSEC \).no.example.com. MX NSEC RRSIG
 
+mx.example.com. 3600 IN NSEC &.no.example.com. MX NSEC RRSIG
 
 
 
 ;var=
 
 ;var=
 
 mx.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 mx.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 
 
 ;var=nsec_no_txt
 
 ;var=nsec_no_txt
 
-\).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
 
+&.no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
 
 
 
 ;var=
 
 ;var=
 
-\).no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
+&.no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 
 
 ;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
 
 ;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
 
 ;; non existence of wildcard.  The following records will be used for that
 
 ;; non existence of wildcard.  The following records will be used for that
 
 ;; test.
 
 ;; test.
 
-;; ).no.example.com. (exist, whose NSEC proves everything)
 
+;; &.no.example.com. (exist, whose NSEC proves everything)
 
 ;; *.no.example.com. (best possible wildcard, not exist)
 
 ;; *.no.example.com. (best possible wildcard, not exist)
 
 ;; nx.no.example.com. (NXDOMAIN)
 
 ;; nx.no.example.com. (NXDOMAIN)
 
 ;; nz.no.example.com. (exist)
 
 ;; nz.no.example.com. (exist)