Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[2586] use non-escaped labels for query tests so they work with sqlite3.

sqlite3 data source currently doesn't handle escaled labels 100% correctly,
especially in identifying the "previous name" for DNSSEC negative proofs.
since this is not the point of these tests, it should be better to work around
it by the use of non escaped labels.
JINMEI Tatuya 12 years ago
parent
9b16b116c9
commit
9a9b17823a
2 changed files with 11 additions and 24 deletions
Split View Show Diff Stats
  1. 4 17
      src/bin/auth/tests/query_unittest.cc
  2. 7 7
      src/bin/auth/tests/testdata/example-base-inc.zone

+ 4 - 17
src/bin/auth/tests/query_unittest.cc
View File 

@@ -1373,17 +1373,11 @@ TEST_P(QueryTest, nxdomainWithNSEC) {
 
 }
 
 
 TEST_P(QueryTest, nxdomainWithNSEC2) {
 
-    // there seems to be a bug in the SQLite3 (or database in general) data
 
-    // source and this doesn't work (Trac #2586).
 
-    if (GetParam() == SQLITE3) {
 
-        return;
 
-    }
 
-
 
     // See comments about no_txt.  In this case the best possible wildcard
 
     // is derived from the next domain of the NSEC that proves NXDOMAIN, and
 
     // the NSEC to provide the non existence of wildcard is different from
 
     // the first NSEC.
 
-    query.process(*list_, Name("(.no.example.com"), qtype, response,
 
+    query.process(*list_, Name("%.no.example.com"), qtype, response,
 
                   true);
 
     responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
 
                   NULL, (string(soa_minttl_txt) +
 
@@ -1393,19 +1387,12 @@ TEST_P(QueryTest, nxdomainWithNSEC2) {
 
                          string("mx.example.com. 3600 IN RRSIG ") +
 
                          getCommonRRSIGText("NSEC") + "\n" +
 
                          string(nsec_no_txt) + "\n" +
 
-                         string(").no.example.com. 3600 IN RRSIG ") +
 
+                         string("&.no.example.com. 3600 IN RRSIG ") +
 
                          getCommonRRSIGText("NSEC")).c_str(),
 
                   NULL, mock_finder->getOrigin());
 
 }
 
 
 TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
 
-    // there seems to be a bug in the SQLite3 (or database in general) data
 
-    // source and this doesn't work.  This is probably the same type of bug
 
-    // as nxdomainWithNSEC2 (Trac #2586).
 
-    if (GetParam() == SQLITE3) {
 
-        return;
 
-    }
 
-
 
     // See comments about nz_txt.  In this case we only need one NSEC,
 
     // which proves both NXDOMAIN and the non existence of wildcard.
 
     query.process(*list_, Name("nx.no.example.com"), qtype, response,
 
@@ -1415,7 +1402,7 @@ TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
 
                          string("example.com. 0 IN RRSIG ") +
 
                          getCommonRRSIGText("SOA") + "\n" +
 
                          string(nsec_no_txt) + "\n" +
 
-                         string(").no.example.com. 3600 IN RRSIG ") +
 
+                         string("&.no.example.com. 3600 IN RRSIG ") +
 
                          getCommonRRSIGText("NSEC")).c_str(),
 
                   NULL, mock_finder->getOrigin());
 
 }
 
@@ -1529,7 +1516,7 @@ TEST_P(QueryTest, nxrrsetWithNSEC) {
 
 TEST_P(QueryTest, emptyNameWithNSEC) {
 
     // Empty non terminal with DNSSEC proof.  This is one of the cases of
 
     // Section 3.1.3.2 of RFC4035.
 
-    // mx.example.com. NSEC ).no.example.com. proves no.example.com. is a
 
+    // mx.example.com. NSEC &.no.example.com. proves no.example.com. is a
 
     // non empty terminal node.  Note that it also implicitly proves there
 
     // should be no closer wildcard match (because the empty name is an
 
     // exact match), so we only need one NSEC.

+ 7 - 7
src/bin/auth/tests/testdata/example-base-inc.zone
View File 

@@ -150,32 +150,32 @@ t.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 e
 
 ;; the best possible wildcard is below the "next domain" of the NSEC RR that
 
 ;; proves the NXDOMAIN, i.e.,
 
 ;; mx.example.com. (exist)
 
-;; (.no.example.com. (qname, NXDOMAIN)
 
-;; ).no.example.com. (exist)
 
+;; %.no.example.com. (qname, NXDOMAIN)
 
+;; &.no.example.com. (exist)
 
 ;; *.no.example.com. (best possible wildcard, not exist)
 
 ;var=no_txt
 
-\).no.example.com. 3600 IN AAAA 2001:db8::53
 
+&.no.example.com. 3600 IN AAAA 2001:db8::53
 
 ;; NSEC records.
 
 ;var=nsec_apex_txt
 
 example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
 
 ;var=
 
 example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 ;var=nsec_mx_txt
 
-mx.example.com. 3600 IN NSEC \).no.example.com. MX NSEC RRSIG
 
+mx.example.com. 3600 IN NSEC &.no.example.com. MX NSEC RRSIG
 
 
 ;var=
 
 mx.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 
 ;var=nsec_no_txt
 
-\).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
 
+&.no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
 
 
 ;var=
 
-\).no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
+&.no.example.com. 3600 IN RRSIG NSEC 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
 
 
 ;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
 
 ;; non existence of wildcard.  The following records will be used for that
 
 ;; test.
 
-;; ).no.example.com. (exist, whose NSEC proves everything)
 
+;; &.no.example.com. (exist, whose NSEC proves everything)
 
 ;; *.no.example.com. (best possible wildcard, not exist)
 
 ;; nx.no.example.com. (NXDOMAIN)
 
 ;; nz.no.example.com. (exist)