diff options
| author |  Miek Gieben <miek@miek.nl>
| 2016-03-30 20:52:09 +0100 |
|---|---|---|
| committer | Miek Gieben <miek@miek.nl>
| 2016-03-30 20:52:09 +0100 |
| commit | 24394f0d4decf683e56ffd9514321fe57418dff1 (patch) | |
| tree | 5300bec97fca5c87ee09e0a228c0afeb389fc4d1 /middleware/file/dnssec_test.go | |
| parent | 4a313d67ff6031fec3743ba01e81f4961027ffe8 (diff) | |
| parent | 3591e2a6aa1197ac5f63841af7eb587a9873611f (diff) | |
| download | coredns-24394f0d4decf683e56ffd9514321fe57418dff1.tar.gz coredns-24394f0d4decf683e56ffd9514321fe57418dff1.tar.zst coredns-24394f0d4decf683e56ffd9514321fe57418dff1.zip | |
Merge pull request #58 from miekg/dnssec-serving-nsec
Get positive dnssec stuff going
Diffstat (limited to 'middleware/file/dnssec_test.go')
| -rw-r--r-- | middleware/file/dnssec_test.go | 56 |
1 files changed, 45 insertions, 11 deletions
diff --git a/middleware/file/dnssec_test.go b/middleware/file/dnssec_test.go index 57cce90c5..dc19235da 100644 --- a/middleware/file/dnssec_test.go +++ b/middleware/file/dnssec_test.go @@ -14,55 +14,90 @@ import ( var dnssecTestCases = []coretest.Case{ { - Qname: "miek.nl.", Qtype: dns.TypeSOA, + Qname: "miek.nl.", Qtype: dns.TypeSOA, Do: true, Answer: []dns.RR{ + // because we sort, this look fishy, but it is OK. + coretest.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="), coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), }, }, { - Qname: "miek.nl.", Qtype: dns.TypeAAAA, + Qname: "miek.nl.", Qtype: dns.TypeAAAA, Do: true, Answer: []dns.RR{ coretest.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"), + coretest.RRSIG("miek.nl. 1800 IN RRSIG AAAA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. SsRT="), }, }, { - Qname: "miek.nl.", Qtype: dns.TypeMX, + Qname: "miek.nl.", Qtype: dns.TypeMX, Do: true, Answer: []dns.RR{ coretest.MX("miek.nl. 1800 IN MX 1 aspmx.l.google.com."), coretest.MX("miek.nl. 1800 IN MX 10 aspmx2.googlemail.com."), coretest.MX("miek.nl. 1800 IN MX 10 aspmx3.googlemail.com."), coretest.MX("miek.nl. 1800 IN MX 5 alt1.aspmx.l.google.com."), coretest.MX("miek.nl. 1800 IN MX 5 alt2.aspmx.l.google.com."), + coretest.RRSIG("miek.nl. 1800 IN RRSIG MX 8 2 1800 20160426031301 20160327031301 12051 miek.nl. kLqG+iOr="), }, }, { - Qname: "www.miek.nl.", Qtype: dns.TypeA, + Qname: "www.miek.nl.", Qtype: dns.TypeA, Do: true, Answer: []dns.RR{ coretest.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."), }, Extra: []dns.RR{ coretest.A("a.miek.nl. 1800 IN A 139.162.196.78"), - coretest.AAAA("a.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"), + coretest.RRSIG("a.miek.nl. 1800 IN RRSIG A 8 3 1800 20160426031301 20160327031301 12051 miek.nl. lxLotCjWZ3kihTxk="), }, }, { - Qname: "a.miek.nl.", Qtype: dns.TypeSRV, + // NoData + Qname: "a.miek.nl.", Qtype: dns.TypeSRV, Do: true, Ns: []dns.RR{ + coretest.NSEC("a.miek.nl. 14400 IN NSEC archive.miek.nl. A AAAA RRSIG NSEC"), + coretest.RRSIG("a.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. GqnF6cutipmSHEao="), + coretest.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="), coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), }, }, { - Qname: "b.miek.nl.", Qtype: dns.TypeA, + Qname: "b.miek.nl.", Qtype: dns.TypeA, Do: true, Rcode: dns.RcodeNameError, Ns: []dns.RR{ + coretest.NSEC("archive.miek.nl. 14400 IN NSEC go.dns.miek.nl. CNAME RRSIG NSEC"), + coretest.RRSIG("archive.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. jEpx8lcp4do5fWXg="), + coretest.NSEC("miek.nl. 14400 IN NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY"), + coretest.RRSIG("miek.nl. 14400 IN RRSIG NSEC 8 2 14400 20160426031301 20160327031301 12051 miek.nl. mFfc3r/9PSC1H6oSpdC"), + coretest.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="), + coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), + }, + }, + { + Qname: "b.blaat.miek.nl.", Qtype: dns.TypeA, Do: true, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + coretest.NSEC("archive.miek.nl. 14400 IN NSEC go.dns.miek.nl. CNAME RRSIG NSEC"), + coretest.RRSIG("archive.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. jEpx8lcp4do5fWXg="), + coretest.NSEC("miek.nl. 14400 IN NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY"), + coretest.RRSIG("miek.nl. 14400 IN RRSIG NSEC 8 2 14400 20160426031301 20160327031301 12051 miek.nl. mFfc3r/9PSC1H6oSpdC"), + coretest.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="), + coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), + }, + }, + { + Qname: "b.a.miek.nl.", Qtype: dns.TypeA, Do: true, + Rcode: dns.RcodeNameError, + Ns: []dns.RR{ + // dedupped NSEC, because 1 nsec tells all + coretest.NSEC("a.miek.nl. 14400 IN NSEC archive.miek.nl. A AAAA RRSIG NSEC"), + coretest.RRSIG("a.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. GqnF6cut/RRGPQ1QGQE1ipmSHEao="), + coretest.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="), coretest.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), }, }, } -// TODO(miek): enable -func testLookupDNSSEC(t *testing.T) { +func TestLookupDNSSEC(t *testing.T) { zone, err := Parse(strings.NewReader(dbMiekNL_signed), testzone, "stdin") if err != nil { t.Fatalf("expect no error when reading zone, got %q", err) @@ -72,8 +107,7 @@ func testLookupDNSSEC(t *testing.T) { ctx := context.TODO() for _, tc := range dnssecTestCases { - m := new(dns.Msg) - m.SetQuestion(dns.Fqdn(tc.Qname), tc.Qtype) + m := tc.Msg() rec := middleware.NewResponseRecorder(&middleware.TestResponseWriter{}) _, err := fm.ServeDNS(ctx, rec, m) |