- only add NSEC/NSEC3 when DNSSEC was requested

- add unit test for wildcard->CNAME->NXRRSET
- add unit test for wildcard->CNAME->NXDOMAIN


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1496 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/auth/data_source.cc

@@ -475,10 +475,12 @@ tryWildcard(Query& q, QueryTaskPtr task, const DataSrc* ds,
     // A wildcard was found.
     if (found) {
         // Prove the nonexistence of the name we were looking for
-        result = proveNX(q, task, ds, *zonename, true);
-        if (result != DataSrc::SUCCESS) {
-            m.setRcode(Rcode::SERVFAIL());
-            return (DataSrc::ERROR);
+        if (q.wantDnssec()) {
+            result = proveNX(q, task, ds, *zonename, true);
+            if (result != DataSrc::SUCCESS) {
+                m.setRcode(Rcode::SERVFAIL());
+                return (DataSrc::ERROR);
+            }
         }
 
         // Add the data to the answer section (but with the name changed to

src/lib/auth/tests/datasrc_unittest.cc

@@ -377,6 +377,75 @@ TEST_F(DataSrcTest, WildcardCname) {
     EXPECT_TRUE(it->isLast());
 }
 
+TEST_F(DataSrcTest, WildcardCnameNodata) {
+    // A wildcard containing a CNAME whose target does not include
+    // data of this type.
+    readAndProcessQuery("testdata/q_wild2_aaaa");
+    headerCheck(msg, Rcode::NOERROR(), true, true, true, 2, 4, 0);
+
+    RRsetIterator rit = msg.beginSection(Section::ANSWER());
+    RRsetPtr rrset = *rit;
+    EXPECT_EQ(Name("www.wild2.example.com"), rrset->getName());
+    EXPECT_EQ(RRType::CNAME(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+
+    RdataIteratorPtr it = rrset->getRdataIterator();
+    it->first();
+    EXPECT_EQ("www.example.com.", it->getCurrent().toText());
+    it->next();
+    EXPECT_TRUE(it->isLast());
+
+    rit = msg.beginSection(Section::AUTHORITY());
+    rrset = *rit;
+    EXPECT_EQ(Name("*.wild2.example.com"), rrset->getName());
+    EXPECT_EQ(RRType::NSEC(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+    ++rit;
+    ++rit;
+
+    rrset = *rit;
+    EXPECT_EQ(Name("www.example.com"), rrset->getName());
+    EXPECT_EQ(RRType::NSEC(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+}
+
+TEST_F(DataSrcTest, WildcardCnameNxdomain) {
+    // A wildcard containing a CNAME whose target does not exist
+    readAndProcessQuery("testdata/q_wild3_a");
+    headerCheck(msg, Rcode::NOERROR(), true, true, true, 2, 6, 0);
+
+    RRsetIterator rit = msg.beginSection(Section::ANSWER());
+    RRsetPtr rrset = *rit;
+    EXPECT_EQ(Name("www.wild3.example.com"), rrset->getName());
+    EXPECT_EQ(RRType::CNAME(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+
+    RdataIteratorPtr it = rrset->getRdataIterator();
+    it->first();
+    EXPECT_EQ("spork.example.com.", it->getCurrent().toText());
+    it->next();
+    EXPECT_TRUE(it->isLast());
+
+    rit = msg.beginSection(Section::AUTHORITY());
+    rrset = *rit;
+    EXPECT_EQ(Name("*.wild3.example.com"), rrset->getName());
+    EXPECT_EQ(RRType::NSEC(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+    ++rit;
+    ++rit;
+
+    rrset = *rit;
+    EXPECT_EQ(Name("foo.example.com"), rrset->getName());
+    EXPECT_EQ(RRType::NSEC(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+    ++rit;
+    ++rit;
+
+    rrset = *rit;
+    EXPECT_EQ(Name("example.com"), rrset->getName());
+    EXPECT_EQ(RRType::NSEC(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+}
 TEST_F(DataSrcTest, AuthDelegation) {
     readAndProcessQuery("testdata/q_sql1");
 

src/lib/auth/tests/test_datasrc.cc

@@ -58,6 +58,7 @@ const Name cnameext("cname-ext.example.com");
 const Name dname("dname.example.com");
 const Name wild("*.wild.example.com");
 const Name wild2("*.wild2.example.com");
+const Name wild3("*.wild3.example.com");
 const Name subzone("subzone.example.com");
 const Name loop1("loop1.example.com");
 const Name loop2("loop2.example.com");
@@ -83,6 +84,8 @@ RRsetPtr wild_a;
 RRsetPtr wild_nsec;
 RRsetPtr wild2_cname;
 RRsetPtr wild2_nsec;
+RRsetPtr wild3_cname;
+RRsetPtr wild3_nsec;
 RRsetPtr dname_dname;
 RRsetPtr dname_nsec;
 RRsetPtr sql1_ns;
@@ -306,7 +309,7 @@ TestDataSrc::init() {
     rrsig->addRdata(generic::RRSIG("NSEC 5 3 7200 20100322084538 20100220084538 33495 example.com. OoGYslRj4xjZnBuzgOqsrvkDAHWycmQzbUxCRmgWnCbXiobJK7/ynONH3jm8G3vGlU0lwpHkhNs6cUK+6Nu8W49X3MT0Xksl/brroLcXYLi3vfxnYUNMMpXdeFl6WNNfoJRo90F/f/TWXAClRrDS29qiG3G1PEJZikIxZsZ0tyM="));
     wild_nsec->addRRsig(rrsig);
 
-    // *.wild2.example.com HERE
+    // *.wild2.example.com
     wild2_cname = RRsetPtr(new RRset(wild2, RRClass::IN(), RRType::CNAME(),
                                      RRTTL(3600)));
     wild2_cname->addRdata(generic::CNAME("www.example.com"));
@@ -318,7 +321,7 @@ TestDataSrc::init() {
 
     wild2_nsec = RRsetPtr(new RRset(wild2, RRClass::IN(),
                                     RRType::NSEC(), RRTTL(3600)));
-    wild2_nsec->addRdata(generic::NSEC("www.example.com. CNAME RRSIG NSEC"));
+    wild2_nsec->addRdata(generic::NSEC("*.wild3.example.com. CNAME RRSIG NSEC"));
 
     rrsig = RRsetPtr(new RRset(wild2, RRClass::IN(), RRType::RRSIG(),
                                RRTTL(3600)));
@@ -326,6 +329,26 @@ TestDataSrc::init() {
     rrsig->addRdata(generic::RRSIG("NSEC 5 3 7200 20100410212307 20100311212307 33495 example.com. EuSzh6or8mbvwru2H7fyYeMpW6J8YZ528rabU38V/lMN0TdamghIuCneAvSNaZgwk2MSN1bWpZqB2kAipaM/ZI9/piLlTvVjjOQ8pjk0auwCEqT7Z7Qng3E92O9yVzO+WHT9QZn/fR6t60392In4IvcBGjZyjzQk8njIwbui xGA="));
     wild2_nsec->addRRsig(rrsig);
 
+    // *.wild3.example.com -- a wildcard record with a lame CNAME
+    wild3_cname = RRsetPtr(new RRset(wild3, RRClass::IN(), RRType::CNAME(),
+                                     RRTTL(3600)));
+    wild3_cname->addRdata(generic::CNAME("spork.example.com"));
+
+    rrsig = RRsetPtr(new RRset(wild3, RRClass::IN(), RRType::RRSIG(),
+                               RRTTL(3600)));
+    rrsig->addRdata(generic::RRSIG("CNAME 5 3 3600 20100410212307 20100311212307 33495 example.com. pGHtGdRBi4GKFSKszi6SsKvuBLDX8dFhZubU0tMojQ9SJuiFNF+WtxvdAYuUaoWP/9VLUaYmiw5u7JnzmR84DiXZPEs6DtD+UJdOZhaS7V7RTpE+tMOfVQBLpUnRWYtlTTmiBpFquzf3DdIxgUFhEPEuJJyp3LFRxJObCaq9 nvI="));
+    wild3_cname->addRRsig(rrsig);
+
+    wild3_nsec = RRsetPtr(new RRset(wild3, RRClass::IN(),
+                                    RRType::NSEC(), RRTTL(3600)));
+    wild3_nsec->addRdata(generic::NSEC("www.example.com. CNAME RRSIG NSEC"));
+
+    rrsig = RRsetPtr(new RRset(wild3, RRClass::IN(), RRType::RRSIG(),
+                               RRTTL(3600)));
+
+    rrsig->addRdata(generic::RRSIG("NSEC 5 3 7200 20100410212307 20100311212307 33495 example.com. EuSzh6or8mbvwru2H7fyYeMpW6J8YZ528rabU38V/lMN0TdamghIuCneAvSNaZgwk2MSN1bWpZqB2kAipaM/ZI9/piLlTvVjjOQ8pjk0auwCEqT7Z7Qng3E92O9yVzO+WHT9QZn/fR6t60392In4IvcBGjZyjzQk8njIwbui xGA="));
+    wild3_nsec->addRRsig(rrsig);
+
     // foo.example.com
     foo_cname = RRsetPtr(new RRset(foo, RRClass::IN(), RRType::CNAME(),
                                            RRTTL(3600)));
@@ -631,6 +654,18 @@ TestDataSrc::findRecords(const Name& name, const RRType& rdtype,
                     flags |= CNAME_FOUND;
                 }
             }
+        } else if (name == wild3) {
+            if (any) {
+                target.addRRset(wild3_cname);
+                target.addRRset(wild3_nsec);
+            } else if (rdtype == RRType::NSEC()) {
+                target.addRRset(wild3_nsec);
+            } else {
+                target.addRRset(wild3_cname);
+                if (rdtype != RRType::CNAME()) {
+                    flags |= CNAME_FOUND;
+                }
+            }
         } else if (name == www) {
             if (any) {
                 target.addRRset(www_a);
@@ -803,8 +838,10 @@ TestDataSrc::findPreviousName(const Name& qname,
             target = subzone;
         } else if (qname < wild2) {
             target = wild;
-        } else if (qname < www) {
+        } else if (qname < wild3) {
             target = wild2;
+        } else if (qname < www) {
+            target = wild3;
         } else {
             target = www;
         }

src/lib/auth/tests/testdata/q_wild2_aaaa

@@ -0,0 +1,4 @@
+# www.wild2.example.com/AAAA (wildcard CNAME NXRRSET)
+  d8 ef 01 00 00 01 00 00 00 00 00 00 03 77 77 77
+  05 77 69 6c 64 32 07 65 78 61 6d 70 6c 65 03 63
+  6f 6d 00 00 1c 00 01

src/lib/auth/tests/testdata/q_wild3_a

@@ -0,0 +1,4 @@
+# www.wild3.example.com/A (wildcard, CNAME, target does not exist)
+  d8 ef 01 00 00 01 00 00 00 00 00 00 03 77 77 77
+  05 77 69 6c 64 33 07 65 78 61 6d 70 6c 65 03 63
+  6f 6d 00 00 01 00 01