Handle NSEC queries at zone cut correctly, and add a unit test

git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1329 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/auth/data_source.cc

@@ -537,10 +537,11 @@ DataSrc::doQuery(Query& q)
 
             // Query found a referral; let's find out if that was expected--
             // i.e., if an NS was at the zone apex, or if we were querying
-            // specifically for the DS or DNAME record.
+            // specifically for the DS, NSEC, or DNAME record.
             if ((task->flags & REFERRAL) != 0 &&
                 (zonename->getLabelCount() == task->qname.getLabelCount() ||
                  task->qtype == RRType::DS() ||
+                 task->qtype == RRType::NSEC() ||
                  task->qtype == RRType::DNAME())) {
                 task->flags &= ~REFERRAL;
             }

src/lib/auth/tests/datasrc_unittest.cc

@@ -482,7 +482,7 @@ TEST_F(DataSrcTest, NSDelegation) {
     EXPECT_TRUE(it->isLast());
 }
 
-TEST_F(DataSrcTest, ANYDelegation) {
+TEST_F(DataSrcTest, ANYZonecut) {
     // An ANY query at a zone cut should behave the same as any other
     // delegation
     readAndProcessQuery(msg, "testdata/q_subzone_any");
@@ -514,6 +514,34 @@ TEST_F(DataSrcTest, ANYDelegation) {
     EXPECT_TRUE(it->isLast());
 }
 
+TEST_F(DataSrcTest, NSECZonecut) {
+    readAndProcessQuery(msg, "testdata/q_subzone_nsec");
+
+    headerCheck(msg, Rcode::NOERROR(), true, true, true, 2, 4, 6);
+
+    RRsetIterator rit = msg.beginSection(Section::ANSWER());
+    RRsetPtr rrset = *rit;
+    EXPECT_EQ(Name("subzone.example.com."), rrset->getName());
+    EXPECT_EQ(RRType::NSEC(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+
+    rit = msg.beginSection(Section::AUTHORITY());
+    rrset = *rit;
+    EXPECT_EQ(Name("example.com"), rrset->getName());
+    EXPECT_EQ(RRType::NS(), rrset->getType());
+    EXPECT_EQ(RRClass::IN(), rrset->getClass());
+
+    RdataIteratorPtr it = rrset->getRdataIterator();
+    it->first();
+    EXPECT_EQ("dns01.example.com.", it->getCurrent().toText());
+    it->next();
+    EXPECT_EQ("dns02.example.com.", it->getCurrent().toText());
+    it->next();
+    EXPECT_EQ("dns03.example.com.", it->getCurrent().toText());
+    it->next();
+    EXPECT_TRUE(it->isLast());
+}
+
 TEST_F(DataSrcTest, DS) {
     readAndProcessQuery(msg, "testdata/q_subzone_ds");
 

src/lib/auth/tests/testdata/q_subzone_any

@@ -1,4 +1,4 @@
-# www.subzone.example.com/A (delegation to non-local zone)
-  00 7c 01 00 00 01 00 00 00 00 00 00 03 77 77 77
-  07 73 75 62 7a 6f 6e 65 07 65 78 61 6d 70 6c 65
-  03 63 6f 6d 00 00 ff 00 01
+# subzone.example.com/ANY (ANY query at zone cut)
+  14 f0 01 00 00 01 00 00 00 00 00 00 07 73 75 62
+  7a 6f 6e 65 07 65 78 61 6d 70 6c 65 03 63 6f 6d
+  00 00 ff 00 01

src/lib/auth/tests/testdata/q_subzone_ns

@@ -1,4 +1,4 @@
-# www.subzone.example.com/NS (delegation to non-local zone)
-  00 7c 01 00 00 01 00 00 00 00 00 00 03 77 77 77
-  07 73 75 62 7a 6f 6e 65 07 65 78 61 6d 70 6c 65
-  03 63 6f 6d 00 00 02 00 01
+# subzone.example.com/NS (delegation to non-local zone)
+  14 f0 01 00 00 01 00 00 00 00 00 00 07 73 75 62
+  7a 6f 6e 65 07 65 78 61 6d 70 6c 65 03 63 6f 6d
+  00 00 02 00 01

src/lib/auth/tests/testdata/q_subzone_nsec

@@ -0,0 +1,4 @@
+# subzone.example.com/NSEC (NSEC query at zone cut)
+  14 f0 01 00 00 01 00 00 00 00 00 00 07 73 75 62
+  7a 6f 6e 65 07 65 78 61 6d 70 6c 65 03 63 6f 6d
+  00 00 2f 00 01