Think about wildcards

author: Miek Gieben <miek@miek.nl> 2016-03-29 21:25:06 +0100
committer: Miek Gieben <miek@miek.nl> 2016-03-30 13:26:51 +0000
commit: 9ba31ceb87fa5caafcbd5819d67084aba3a7b43e (patch)
tree: 48fa35f46fefde2d9e6c6918919b88cd604a83c9
parent: ec69798ca26e29639aaf0601bb8a1c078b0a2836 (diff)
download: coredns-9ba31ceb87fa5caafcbd5819d67084aba3a7b43e.tar.gz
coredns-9ba31ceb87fa5caafcbd5819d67084aba3a7b43e.tar.zst
coredns-9ba31ceb87fa5caafcbd5819d67084aba3a7b43e.zip
4 files changed, 230 insertions, 150 deletions
diff --git a/middleware/file/lookup.go b/middleware/file/lookup.go
index e250f9d50..3d3de9679 100644
--- a/middleware/file/lookup.go
+++ b/middleware/file/lookup.go
@@ -35,8 +35,9 @@ func (z *Zone) Lookup(qname string, qtype uint16, do bool) ([]dns.RR, []dns.RR,
 
 	elem := z.Tree.Get(rr)
 	if elem == nil {
-		// wildcard lookup
-		return z.nameError(elem, rr, do)
+		if elem == nil {
+			return z.nameError(elem, rr, do)
+		}
 	}
 
 	rrs := elem.Types(dns.TypeCNAME)
@@ -71,10 +72,7 @@ func (z *Zone) nameError(elem *tree.Elem, rr dns.RR, do bool) ([]dns.RR, []dns.R
 	if do {
 		ret = append(ret, z.SIG...)
 		// Now we need two NSEC, one to deny the wildcard and one to deny the name.
-		elem := z.Tree.Prev(rr)
-		ret = append(ret, z.lookupNSEC(elem, do))
-		elem = z.Tree.Prev(wildcard(rr))
-		ret = append(ret, z.lookupNSEC(elem, do))
+		// Needs closest encloser!!
 	}
 	return nil, ret, nil, NameError
 }
@@ -142,12 +140,3 @@ func signatureForSubType(rrs []dns.RR, subtype uint16) []dns.RR {
 	}
 	return sigs
 }
-
-// wildcard returns rr with the first label exchanged for a wildcard '*'.
-func wildcard(rr dns.RR) dns.RR {
-	// root label, TODO(miek)
-	s := rr.Header().Name
-	i, _ := dns.NextLabel(s, 0)
-	rr.Header().Name = "*" + s[i:]
-	return rr
-}
diff --git a/middleware/file/lookup_test.go b/middleware/file/lookup_test.go
index 5e755f040..9b4e31cc8 100644
--- a/middleware/file/lookup_test.go
+++ b/middleware/file/lookup_test.go
@@ -60,7 +60,10 @@ var dnsTestCases = []coretest.Case{
 	},
 }
 
-const testzone = "miek.nl."
+const (
+	testzone  = "miek.nl."
+	testzone1 = "dnssex.nl."
+)
 
 func TestLookup(t *testing.T) {
 	zone, err := Parse(strings.NewReader(dbMiekNL), testzone, "stdin")
diff --git a/middleware/file/wildcard.test.go b/middleware/file/wildcard.test.go
deleted file mode 100644
index a18d22ebc..000000000
--- a/middleware/file/wildcard.test.go
+++ /dev/null
@@ -1,134 +0,0 @@
-package file
-
-import (
-	"sort"
-	"strings"
-	"testing"
-
-	"github.com/miekg/coredns/middleware"
-	coretest "github.com/miekg/coredns/middleware/testing"
-
-	"github.com/miekg/dns"
-	"golang.org/x/net/context"
-)
-
-var dnssecWildcardTestCases = []coretest.Case{
-	{
-		Qname: "miek.nl.", Qtype: dns.TypeSOA, Do: true,
-		Answer: []dns.RR{
-			// because we sort, this look fishy, but it is OK.
-			coretest.RRSIG("miek.nl.	1800	IN	RRSIG	SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
-			coretest.SOA("miek.nl.	1800	IN	SOA	linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
-		},
-	},
-	{
-		Qname: "miek.nl.", Qtype: dns.TypeAAAA, Do: true,
-		Answer: []dns.RR{
-			coretest.AAAA("miek.nl.	1800	IN	AAAA	2a01:7e00::f03c:91ff:fef1:6735"),
-			coretest.RRSIG("miek.nl.	1800	IN	RRSIG	AAAA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. SsRT="),
-		},
-	},
-	{
-		Qname: "miek.nl.", Qtype: dns.TypeMX, Do: true,
-		Answer: []dns.RR{
-			coretest.MX("miek.nl.	1800	IN	MX	1 aspmx.l.google.com."),
-			coretest.MX("miek.nl.	1800	IN	MX	10 aspmx2.googlemail.com."),
-			coretest.MX("miek.nl.	1800	IN	MX	10 aspmx3.googlemail.com."),
-			coretest.MX("miek.nl.	1800	IN	MX	5 alt1.aspmx.l.google.com."),
-			coretest.MX("miek.nl.	1800	IN	MX	5 alt2.aspmx.l.google.com."),
-			coretest.RRSIG("miek.nl.	1800	IN	RRSIG	MX 8 2 1800 20160426031301 20160327031301 12051 miek.nl. kLqG+iOr="),
-		},
-	},
-	{
-		Qname: "www.miek.nl.", Qtype: dns.TypeA, Do: true,
-		Answer: []dns.RR{
-			coretest.CNAME("www.miek.nl.	1800	IN	CNAME	a.miek.nl."),
-		},
-
-		Extra: []dns.RR{
-			coretest.A("a.miek.nl.	1800	IN	A	139.162.196.78"),
-			coretest.RRSIG("a.miek.nl.	1800	IN	RRSIG	A 8 3 1800 20160426031301 20160327031301 12051 miek.nl. lxLotCjWZ3kihTxk="),
-		},
-	},
-	{
-		// NoData
-		Qname: "a.miek.nl.", Qtype: dns.TypeSRV, Do: true,
-		Ns: []dns.RR{
-			coretest.NSEC("a.miek.nl.	14400	IN	NSEC	archive.miek.nl. A AAAA RRSIG NSEC"),
-			coretest.RRSIG("a.miek.nl.	14400	IN	RRSIG	NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. GqnF6cutipmSHEao="),
-			coretest.RRSIG("miek.nl.	1800	IN	RRSIG	SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
-			coretest.SOA("miek.nl.	1800	IN	SOA	linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
-		},
-	},
-	/* HAHA nsec... shit.
-	// disprove *.miek.nl and that b.miek.nl does not exist
-	{
-		Qname: "b.miek.nl.", Qtype: dns.TypeA,
-		Rcode: dns.RcodeNameError,
-		Ns: []dns.RR{
-			coretest.SOA("miek.nl.	1800	IN	SOA	linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
-		},
-	},
-	*/
-}
-
-func testLookupDNSSECWildcard(t *testing.T) {
-	zone, err := Parse(strings.NewReader(dbMiekNL_signed), testzone, "stdin")
-	if err != nil {
-		t.Fatalf("expect no error when reading zone, got %q", err)
-	}
-
-	fm := File{Next: coretest.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
-	ctx := context.TODO()
-
-	for _, tc := range dnssecWildcardTestCases {
-		m := tc.Msg()
-
-		rec := middleware.NewResponseRecorder(&middleware.TestResponseWriter{})
-		_, err := fm.ServeDNS(ctx, rec, m)
-		if err != nil {
-			t.Errorf("expected no error, got %v\n", err)
-			return
-		}
-		resp := rec.Msg()
-
-		sort.Sort(coretest.RRSet(resp.Answer))
-		sort.Sort(coretest.RRSet(resp.Ns))
-		sort.Sort(coretest.RRSet(resp.Extra))
-
-		if resp.Rcode != tc.Rcode {
-			t.Errorf("rcode is %q, expected %q", dns.RcodeToString[resp.Rcode], dns.RcodeToString[tc.Rcode])
-			t.Logf("%v\n", resp)
-			continue
-		}
-
-		if len(resp.Answer) != len(tc.Answer) {
-			t.Errorf("answer for %q contained %d results, %d expected", tc.Qname, len(resp.Answer), len(tc.Answer))
-			t.Logf("%v\n", resp)
-			continue
-		}
-		if len(resp.Ns) != len(tc.Ns) {
-			t.Errorf("authority for %q contained %d results, %d expected", tc.Qname, len(resp.Ns), len(tc.Ns))
-			t.Logf("%v\n", resp)
-			continue
-		}
-		if len(resp.Extra) != len(tc.Extra) {
-			t.Errorf("additional for %q contained %d results, %d expected", tc.Qname, len(resp.Extra), len(tc.Extra))
-			t.Logf("%v\n", resp)
-			continue
-		}
-
-		if !coretest.CheckSection(t, tc, coretest.Answer, resp.Answer) {
-			t.Logf("%v\n", resp)
-		}
-		if !coretest.CheckSection(t, tc, coretest.Ns, resp.Ns) {
-			t.Logf("%v\n", resp)
-
-		}
-		if !coretest.CheckSection(t, tc, coretest.Extra, resp.Extra) {
-			t.Logf("%v\n", resp)
-		}
-	}
-}
-
-const dbMiekNL_wildcard_signed = `§`
diff --git a/middleware/file/wildcard_test.go b/middleware/file/wildcard_test.go
new file mode 100644
index 000000000..81b799955
--- /dev/null
+++ b/middleware/file/wildcard_test.go
@@ -0,0 +1,222 @@
+package file
+
+import (
+	"sort"
+	"strings"
+	"testing"
+
+	"github.com/miekg/coredns/middleware"
+	coretest "github.com/miekg/coredns/middleware/testing"
+
+	"github.com/miekg/dns"
+	"golang.org/x/net/context"
+)
+
+var dnssecWildcardTestCases = []coretest.Case{
+	{
+		Qname: "blaat.dnssex.nl.", Qtype: dns.TypeTXT, Do: true,
+		Answer: []dns.RR{},
+	},
+}
+
+func testLookupDNSSECWildcard(t *testing.T) {
+	zone, err := Parse(strings.NewReader(dbMiekNL_signed), testzone1, "stdin")
+	if err != nil {
+		t.Fatalf("expect no error when reading zone, got %q", err)
+	}
+
+	fm := File{Next: coretest.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone1: zone}, Names: []string{testzone1}}}
+	ctx := context.TODO()
+
+	for _, tc := range dnssecWildcardTestCases {
+		m := tc.Msg()
+
+		rec := middleware.NewResponseRecorder(&middleware.TestResponseWriter{})
+		_, err := fm.ServeDNS(ctx, rec, m)
+		if err != nil {
+			t.Errorf("expected no error, got %v\n", err)
+			return
+		}
+		resp := rec.Msg()
+
+		sort.Sort(coretest.RRSet(resp.Answer))
+		sort.Sort(coretest.RRSet(resp.Ns))
+		sort.Sort(coretest.RRSet(resp.Extra))
+
+		if resp.Rcode != tc.Rcode {
+			t.Errorf("rcode is %q, expected %q", dns.RcodeToString[resp.Rcode], dns.RcodeToString[tc.Rcode])
+			t.Logf("%v\n", resp)
+			continue
+		}
+
+		if len(resp.Answer) != len(tc.Answer) {
+			t.Errorf("answer for %q contained %d results, %d expected", tc.Qname, len(resp.Answer), len(tc.Answer))
+			t.Logf("%v\n", resp)
+			continue
+		}
+		if len(resp.Ns) != len(tc.Ns) {
+			t.Errorf("authority for %q contained %d results, %d expected", tc.Qname, len(resp.Ns), len(tc.Ns))
+			t.Logf("%v\n", resp)
+			continue
+		}
+		if len(resp.Extra) != len(tc.Extra) {
+			t.Errorf("additional for %q contained %d results, %d expected", tc.Qname, len(resp.Extra), len(tc.Extra))
+			t.Logf("%v\n", resp)
+			continue
+		}
+
+		if !coretest.CheckSection(t, tc, coretest.Answer, resp.Answer) {
+			t.Logf("%v\n", resp)
+		}
+		if !coretest.CheckSection(t, tc, coretest.Ns, resp.Ns) {
+			t.Logf("%v\n", resp)
+		}
+		if !coretest.CheckSection(t, tc, coretest.Extra, resp.Extra) {
+			t.Logf("%v\n", resp)
+		}
+	}
+}
+
+const dbMiekNL_wildcard_signed = `
+; File written on Tue Mar 29 21:02:24 2016
+; dnssec_signzone version 9.10.3-P4-Ubuntu
+dnssex.nl.		1800	IN SOA	linode.atoom.net. miek.miek.nl. (
+					1459281744 ; serial
+					14400      ; refresh (4 hours)
+					3600       ; retry (1 hour)
+					604800     ; expire (1 week)
+					14400      ; minimum (4 hours)
+					)
+			1800	RRSIG	SOA 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					CA/Y3m9hCOiKC/8ieSOv8SeP964BUdG/8MC3
+					WtKljUosK9Z9bBGrVizDjjqgq++lyH8BZJcT
+					aabAsERs4xj5PRtcxicwQXZACX5VYjXHQeZm
+					CyytFU5wq2gcXSmvUH86zZzftx3RGPvn1aOo
+					TlcvoC3iF8fYUCpROlUS0YR8Cdw= )
+			1800	NS	omval.tednet.nl.
+			1800	NS	linode.atoom.net.
+			1800	NS	ns-ext.nlnetlabs.nl.
+			1800	RRSIG	NS 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					dLIeEvP86jj5nd3orv9bH7hTvkblF4Na0sbl
+					k6fJA6ha+FPN1d6Pig3NNEEVQ/+wlOp/JTs2
+					v07L7roEEUCbBprI8gMSld2gFDwNLW3DAB4M
+					WD/oayYdAnumekcLzhgvWixTABjWAGRTGQsP
+					sVDFXsGMf9TGGC9FEomgkCVeNC0= )
+			1800	A	139.162.196.78
+			1800	RRSIG	A 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					LKJKLzPiSEDWOLAag2YpfD5EJCuDcEAJu+FZ
+					Xy+4VyOv9YvRHCTL4vbrevOo5+XymY2RxU1q
+					j+6leR/Fe7nlreSj2wzAAk2bIYn4m6r7hqeO
+					aKZsUFfpX8cNcFtGEywfHndCPELbRxFeEziP
+					utqHFLPNMX5nYCpS28w4oJ5sAnM= )
+			1800	TXT	"Doing It Safe Is Better"
+			1800	RRSIG	TXT 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					f6S+DUfJK1UYdOb3AHgUXzFTTtu+yLp/Fv7S
+					Hv0CAGhXAVw+nBbK719igFvBtObS33WKwzxD
+					1pQNMaJcS6zeevtD+4PKB1KDC4fyJffeEZT6
+					E30jGR8Y29/xA+Fa4lqDNnj9zP3b8TiABCle
+					ascY5abkgWCALLocFAzFJQ/27YQ= )
+			1800	AAAA	2a01:7e00::f03c:91ff:fef1:6735
+			1800	RRSIG	AAAA 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					PWcPSawEUBAfCuv0liEOQ8RYe7tfNW4rubIJ
+					LE+dbrub1DUer3cWrDoCYFtOufvcbkYJQ2CQ
+					AGjJmAQ5J2aqYDOPMrKa615V0KT3ifbZJcGC
+					gkIic4U/EXjaQpRoLdDzR9MyVXOmbA6sKYzj
+					ju1cNkLqM8D7Uunjl4pIr6rdSFo= )
+			14400	NSEC	*.dnssex.nl. A NS SOA TXT AAAA RRSIG NSEC DNSKEY
+			14400	RRSIG	NSEC 8 2 14400 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					oIvM6JZIlNc1aNKGTxv58ApSnDr1nDPPgnD9
+					9oJZRIn7eb5WnpeDz2H3z5+x6Bhlp5hJJaUp
+					KJ3Ss6Jg/IDnrmIvKmgq6L6gHj1Y1IiHmmU8
+					VeZTRzdTsDx/27OsN23roIvsytjveNSEMfIm
+					iLZ23x5kg1kBdJ9p3xjYHm5lR+8= )
+			1800	DNSKEY	256 3 8 (
+					AwEAAazSO6uvLPEVknDA8yxjFe8nnAMU7txp
+					wb19k55hQ81WV3G4bpBM1NdN6sbYHrkXaTNx
+					2bQWAkvX6pz0XFx3z/MPhW+vkakIWFYpyQ7R
+					AT5LIJfToVfiCDiyhhF0zVobKBInO9eoGjd9
+					BAW3TUt+LmNAO/Ak5D5BX7R3CuA7v9k7
+					) ; ZSK; alg = RSASHA256; key id = 14460
+			1800	DNSKEY	257 3 8 (
+					AwEAAbyeaV9zg0IqdtgYoqK5jJ239anzwG2i
+					gvH1DxSazLyaoNvEkCIvPgMLW/JWfy7Z1mQp
+					SMy9DtzL5pzRyQgw7kIeXLbi6jufUFd9pxN+
+					xnzKLf9mY5AcnGToTrbSL+jnMT67wG+c34+Q
+					PeVfucHNUePBxsbz2+4xbXiViSQyCQGv
+					) ; KSK; alg = RSASHA256; key id = 18772
+			1800	RRSIG	DNSKEY 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					cFSFtJE+DBGNxb52AweFaVHBe5Ue5MDpqNdC
+					TIneUnEhP2m+vK4zJ/TraK0WdQFpsX63pod8
+					PZ9y03vHUfewivyonCCBD3DcNdoU9subhN22
+					tez9Ct8Z5/9E4RAz7orXal4M1VUEhRcXSEH8
+					SJW20mfVsqJAiKqqNeGB/pAj23I= )
+			1800	RRSIG	DNSKEY 8 2 1800 (
+					20160428190224 20160329190224 18772 dnssex.nl.
+					oiiwo/7NYacePqohEp50261elhm6Dieh4j2S
+					VZGAHU5gqLIQeW9CxKJKtSCkBVgUo4cvO4Rn
+					2tzArAuclDvBrMXRIoct8u7f96moeFE+x5FI
+					DYqICiV6k449ljj9o4t/5G7q2CRsEfxZKpTI
+					A/L0+uDk0RwVVzL45+TnilcsmZs= )
+*.dnssex.nl.		1800	IN TXT	"Doing It Safe Is Better"
+			1800	RRSIG	TXT 8 2 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					FUZSTyvZfeuuOpCmNzVKOfITRHJ6/ygjmnnb
+					XGBxVUyQjoLuYXwD5XqZWGw4iKH6QeSDfGCx
+					4MPqA4qQmW7Wwth7mat9yMfA4+p2sO84bysl
+					7/BG9+W2G+q1uQiM9bX9V42P2X/XuW5Y/t9Y
+					8u1sljQ7D8WwS6naH/vbaJxnDBw= )
+			14400	NSEC	a.dnssex.nl. TXT RRSIG NSEC
+			14400	RRSIG	NSEC 8 2 14400 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					os6INm6q2eXknD5z8TpfbK00uxVbQefMvHcR
+					/RNX/kh0xXvzAaaDOV+Ge/Ko+2dXnKP+J1LY
+					G9ffXNpdbaQy5ygzH5F041GJst4566GdG/jt
+					7Z7vLHYxEBTpZfxo+PLsXQXH3VTemZyuWyDf
+					qJzafXJVH1F0nDrcXmMlR6jlBHA= )
+www.dnssex.nl.		1800	IN CNAME a.dnssex.nl.
+			1800	RRSIG	CNAME 8 3 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					Omv42q/uVvdNsWQoSrQ6m6w6U7r7Abga7uF4
+					25b3gZlse0C+WyMyGFMGUbapQm7azvBpreeo
+					uKJHjzd+ufoG+Oul6vU9vyoj+ejgHzGLGbJQ
+					HftfP+UqP5SWvAaipP/LULTWKPuiBcLDLiBI
+					PGTfsq0DB6R+qCDTV0fNnkgxEBQ= )
+			14400	NSEC	dnssex.nl. CNAME RRSIG NSEC
+			14400	RRSIG	NSEC 8 3 14400 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					TBN3ddfZW+kC84/g3QlNNJMeLZoyCalPQylt
+					KXXLPGuxfGpl3RYRY8KaHbP+5a8MnHjqjuMB
+					Lofb7yKMFxpSzMh8E36vnOqry1mvkSakNj9y
+					9jM8PwDjcpYUwn/ql76MsmNgEV5CLeQ7lyH4
+					AOrL79yOSQVI3JHJIjKSiz88iSw= )
+a.dnssex.nl.		1800	IN A	139.162.196.78
+			1800	RRSIG	A 8 3 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					OXHpFj9nSpKi5yA/ULH7MOpGAWfyJ2yC/2xa
+					Pw0fqSY4QvcRt+V3adcFA4H9+P1b32GpxEjB
+					lXmCJID+H4lYkhUR4r4IOZBVtKG2SJEBZXip
+					pH00UkOIBiXxbGzfX8VL04v2G/YxUgLW57kA
+					aknaeTOkJsO20Y+8wmR9EtzaRFI= )
+			1800	AAAA	2a01:7e00::f03c:91ff:fef1:6735
+			1800	RRSIG	AAAA 8 3 1800 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					jrepc/VnRzJypnrG0WDEqaAr3HMjWrPxJNX0
+					86gbFjZG07QxBmrA1rj0jM9YEWTjjyWb2tT7
+					lQhzKDYX/0XdOVUeeOM4FoSks80V+pWR8fvj
+					AZ5HmX69g36tLosMDKNR4lXcrpv89QovG4Hr
+					/r58fxEKEFJqrLDjMo6aOrg+uKA= )
+			14400	NSEC	www.dnssex.nl. A AAAA RRSIG NSEC
+			14400	RRSIG	NSEC 8 3 14400 (
+					20160428190224 20160329190224 14460 dnssex.nl.
+					S+UM62wXRNNFN3QDWK5YFWUbHBXC4aqaqinZ
+					A2ZDeC+IQgyw7vazPz7cLI5T0YXXks0HTMlr
+					soEjKnnRZsqSO9EuUavPNE1hh11Jjm0fB+5+
+					+Uro0EmA5Dhgc0Z2VpbXVQEhNDf/pI1gem15
+					RffN2tBYNykZn4Has2ySgRaaRYQ= )`
author	Miek Gieben <miek@miek.nl>	2016-03-29 21:25:06 +0100
committer	Miek Gieben <miek@miek.nl>	2016-03-30 13:26:51 +0000
commit	9ba31ceb87fa5caafcbd5819d67084aba3a7b43e (patch)
tree	48fa35f46fefde2d9e6c6918919b88cd604a83c9
parent	ec69798ca26e29639aaf0601bb8a1c078b0a2836 (diff)
download	coredns-9ba31ceb87fa5caafcbd5819d67084aba3a7b43e.tar.gz coredns-9ba31ceb87fa5caafcbd5819d67084aba3a7b43e.tar.zst coredns-9ba31ceb87fa5caafcbd5819d67084aba3a7b43e.zip