|
|
@@ -109,6 +109,13 @@ const char* const wild_txt_next =
|
|
|
"www.uwild.example.com. 3600 IN A 192.0.2.11\n";
|
|
|
const char* const nsec_wild_txt_next =
|
|
|
"www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG\n";
|
|
|
+// Wildcard empty
|
|
|
+const char* const empty_txt = "b.*.t.example.com. 3600 IN A 192.0.2.13\n";
|
|
|
+const char* const nsec_empty_txt =
|
|
|
+ "b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG\n";
|
|
|
+const char* const empty_prev_txt = "t.example.com. 3600 IN A 192.0.2.15\n";
|
|
|
+const char* const nsec_empty_prev_txt =
|
|
|
+ "t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG\n";
|
|
|
// Used in NXDOMAIN proof test. We are going to test some unusual case where
|
|
|
// the best possible wildcard is below the "next domain" of the NSEC RR that
|
|
|
// proves the NXDOMAIN, i.e.,
|
|
|
@@ -188,8 +195,9 @@ public:
|
|
|
nsec_apex_txt << nsec_mx_txt << nsec_no_txt << nsec_nz_txt <<
|
|
|
nsec_nxdomain_txt << nsec_www_txt << nonsec_a_txt <<
|
|
|
wild_txt << nsec_wild_txt << cnamewild_txt << nsec_cnamewild_txt <<
|
|
|
- wild_txt_nxrrset<<nsec_wild_txt_nxrrset<<wild_txt_next<<
|
|
|
- nsec_wild_txt_next;
|
|
|
+ wild_txt_nxrrset << nsec_wild_txt_nxrrset << wild_txt_next <<
|
|
|
+ nsec_wild_txt_next << empty_txt << nsec_empty_txt <<
|
|
|
+ empty_prev_txt << nsec_empty_prev_txt;
|
|
|
|
|
|
masterLoad(zone_stream, origin_, rrclass_,
|
|
|
boost::bind(&MockZoneFinder::loadRRset, this, _1));
|
|
|
@@ -407,24 +415,43 @@ MockZoneFinder::find(const Name& name, const RRType& type,
|
|
|
// due to the existence of closer name.
|
|
|
if ((options & NO_WILDCARD) == 0) {
|
|
|
const Name wild_suffix(name.split(1));
|
|
|
+ // Unit Tests use those domains for Wildcard test.
|
|
|
if (name.equals(Name("www.wild.example.com"))||
|
|
|
- name.equals(Name("www1.uwild.example.com"))) {
|
|
|
+ name.equals(Name("www1.uwild.example.com"))||
|
|
|
+ name.equals(Name("a.t.example.com"))) {
|
|
|
if (name.compare(wild_suffix).getRelation() ==
|
|
|
NameComparisonResult::SUBDOMAIN) {
|
|
|
domain = domains_.find(Name("*").concatenate(wild_suffix));
|
|
|
- assert(domain != domains_.end());
|
|
|
- RRsetStore::const_iterator found_rrset = domain->second.find(type);
|
|
|
- if (found_rrset != domain->second.end()) {
|
|
|
+ // Matched the QNAME
|
|
|
+ if (domain != domains_.end()) {
|
|
|
+ RRsetStore::const_iterator found_rrset = domain->second.find(type);
|
|
|
+ // Matched the QTYPE
|
|
|
+ if(found_rrset != domain->second.end()) {
|
|
|
return (FindResult(WILDCARD,
|
|
|
substituteWild(*found_rrset->second, name)));
|
|
|
- } else {
|
|
|
- found_rrset = domain->second.find(RRType::NSEC());
|
|
|
- assert(found_rrset != domain->second.end());
|
|
|
- Name newName = Name("*").concatenate(wild_suffix);
|
|
|
- return (FindResult(WILDCARD_NXRRSET,
|
|
|
+ } else {
|
|
|
+ // No matched QTYPE, this case is for WILDCARD_NXRRSET
|
|
|
+ found_rrset = domain->second.find(RRType::NSEC());
|
|
|
+ assert(found_rrset != domain->second.end());
|
|
|
+ Name newName = Name("*").concatenate(wild_suffix);
|
|
|
+ return (FindResult(WILDCARD_NXRRSET,
|
|
|
substituteWild(*found_rrset->second,newName)));
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ // This is empty non terminal name case on wildcard.
|
|
|
+ Name emptyName = Name("*").concatenate(wild_suffix);
|
|
|
+ for (Domains::reverse_iterator it = domains_.rbegin();
|
|
|
+ it != domains_.rend();
|
|
|
+ ++it) {
|
|
|
+ RRsetStore::const_iterator nsec_it;
|
|
|
+ if ((*it).first < emptyName &&
|
|
|
+ (nsec_it = (*it).second.find(RRType::NSEC()))
|
|
|
+ != (*it).second.end()) {
|
|
|
+ return (FindResult(WILDCARD_EMPTY, (*nsec_it).second));
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
-
|
|
|
+ return (FindResult(WILDCARD_EMPTY,RRsetPtr()));
|
|
|
}
|
|
|
}
|
|
|
const Name cnamewild_suffix("cnamewild.example.com");
|
|
|
@@ -979,6 +1006,26 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC) {
|
|
|
getCommonRRSIGText("NSEC") + "\n").c_str(),
|
|
|
NULL, mock_finder->getOrigin());
|
|
|
}
|
|
|
+
|
|
|
+TEST_F(QueryTest, wildcardEmptyWithNSEC) {
|
|
|
+ // WILDCARD_EMPTY with DNSSEC proof. We should have SOA, NSEC that proves the
|
|
|
+ // NXDOMAIN and their RRSIGs. In this case we need two NSEC RRs,
|
|
|
+ // one proves NXDOMAIN and the other proves non existence wildcard.
|
|
|
+ Query(memory_client, Name("a.t.example.com"), RRType::A(), response,
|
|
|
+ true).process();
|
|
|
+
|
|
|
+ responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
|
|
|
+ (string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
|
|
|
+ getCommonRRSIGText("SOA") + "\n" +
|
|
|
+ string(nsec_empty_prev_txt) +
|
|
|
+ string("t.example.com. 3600 IN RRSIG ") +
|
|
|
+ getCommonRRSIGText("NSEC")+"\n" +
|
|
|
+ string(nsec_empty_txt) +
|
|
|
+ string("b.*.t.example.com. 3600 IN RRSIG ") +
|
|
|
+ getCommonRRSIGText("NSEC")+"\n").c_str(),
|
|
|
+ NULL, mock_finder->getOrigin());
|
|
|
+}
|
|
|
+
|
|
|
/*
|
|
|
* This tests that when there's no SOA and we need a negative answer. It should
|
|
|
* throw in that case.
|
Xie Jiagui