diff options
| author |  Miek Gieben <miek@miek.nl>
| 2018-01-03 11:11:56 +0000 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-01-03 11:11:56 +0000 |
| commit | 311af9314dc9cd3db3bfe6a4e212d5842151e9fb (patch) | |
| tree | 79bc694919e28cdb966058024fcafcd4d06ef97d /plugin/dnssec/handler_test.go | |
| parent | 7fe5b0bb1f34735859d611e170fa8709adac73ea (diff) | |
| download | coredns-311af9314dc9cd3db3bfe6a4e212d5842151e9fb.tar.gz coredns-311af9314dc9cd3db3bfe6a4e212d5842151e9fb.tar.zst coredns-311af9314dc9cd3db3bfe6a4e212d5842151e9fb.zip | |
plugin/dnssec: implement shotgun from CloudFlare (#1305)
* plugin/dnssec: implement shotgun from CloudFlare
Put a whole bunch of types in the NSEC bitmap and remove the one that's
being asked for.
Add more records for queries to the apex, SOA, DNSKEY, MX.
Diffstat (limited to 'plugin/dnssec/handler_test.go')
| -rw-r--r-- | plugin/dnssec/handler_test.go | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/plugin/dnssec/handler_test.go b/plugin/dnssec/handler_test.go index ba24a45d1..77bf36f32 100644 --- a/plugin/dnssec/handler_test.go +++ b/plugin/dnssec/handler_test.go @@ -73,9 +73,29 @@ var dnsTestCases = []test.Case{ Extra: []dns.RR{test.OPT(4096, true)}, }, { + Qname: "wwwww.miek.nl.", Qtype: dns.TypeAAAA, Do: true, + Ns: []dns.RR{ + test.RRSIG("miek.nl. 1800 IN RRSIG SOA 13 2 3600 20171220135446 20171212105446 18512 miek.nl. hCRzzjYz6w=="), + test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), + test.NSEC("wwwww.miek.nl. 1800 IN NSEC \\000.wwwww.miek.nl. A HINFO TXT LOC SRV CERT SSHFP RRSIG NSEC TLSA HIP OPENPGPKEY SPF"), + test.RRSIG("wwwww.miek.nl. 1800 IN RRSIG NSEC 13 3 3600 20171220135446 20171212105446 18512 miek.nl. cVUQWs8xw=="), + }, + Extra: []dns.RR{test.OPT(4096, true)}, + }, + { + Qname: "miek.nl.", Qtype: dns.TypeHINFO, Do: true, + Ns: []dns.RR{ + test.NSEC("miek.nl. 1800 IN NSEC \\000.miek.nl. A NS SOA MX TXT AAAA LOC SRV CERT SSHFP RRSIG NSEC DNSKEY TLSA HIP OPENPGPKEY SPF"), + test.RRSIG("miek.nl. 1800 IN RRSIG NSEC 13 2 3600 20171220141741 20171212111741 18512 miek.nl. GuXROL7Uu+UiPcg=="), + test.RRSIG("miek.nl. 1800 IN RRSIG SOA 13 2 3600 20171220141741 20171212111741 18512 miek.nl. 8bLTReqmuQtw=="), + test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"), + }, + Extra: []dns.RR{test.OPT(4096, true)}, + }, + { Qname: "www.example.org.", Qtype: dns.TypeAAAA, Do: true, Rcode: dns.RcodeServerFailure, - // Extra: []dns.RR{test.OPT(4096, true)}, // test.ErrorHandler is a simple handler that does not do EDNS. + // Extra: []dns.RR{test.OPT(4096, true)}, // test.ErrorHandler is a simple handler that does not do EDNS on ServerFailure }, } @@ -131,6 +151,17 @@ func TestLookupDNSKEY(t *testing.T) { } test.SortAndCheck(t, resp, tc) + + // If there is an NSEC present in authority section check if the bitmap does not have the qtype set. + for _, rr := range resp.Ns { + if n, ok := rr.(*dns.NSEC); ok { + for i := range n.TypeBitMap { + if n.TypeBitMap[i] == tc.Qtype { + t.Errorf("bitmap contains qtype: %d", tc.Qtype) + } + } + } + } } } |