aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--middleware/dnssec/handler_test.go11
-rw-r--r--middleware/file/delegation_test.go8
-rw-r--r--middleware/file/dnssec_test.go13
-rw-r--r--middleware/file/lookup.go15
-rw-r--r--middleware/file/lookup_test.go6
-rw-r--r--middleware/file/wildcard_test.go30
6 files changed, 68 insertions, 15 deletions
diff --git a/middleware/dnssec/handler_test.go b/middleware/dnssec/handler_test.go
index c1ed240c3..e8ca68c6f 100644
--- a/middleware/dnssec/handler_test.go
+++ b/middleware/dnssec/handler_test.go
@@ -43,6 +43,9 @@ var dnsTestCases = []test.Case{
Answer: []dns.RR{
test.MX("miek.nl. 1800 IN MX 1 aspmx.l.google.com."),
},
+ Ns: []dns.RR{
+ test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
+ },
},
{
Qname: "miek.nl.", Qtype: dns.TypeMX, Do: true,
@@ -50,6 +53,10 @@ var dnsTestCases = []test.Case{
test.MX("miek.nl. 1800 IN MX 1 aspmx.l.google.com."),
test.RRSIG("miek.nl. 1800 IN RRSIG MX 13 2 3600 20160503192428 20160425162428 18512 miek.nl. 4nxuGKitXjPVA9zP1JIUvA09"),
},
+ Ns: []dns.RR{
+ test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
+ test.RRSIG("miek.nl. 1800 IN RRSIG NS 13 2 3600 20161217114912 20161209084912 18512 miek.nl. ad9gA8VWgF1H8ze9/0Rk2Q=="),
+ },
Extra: []dns.RR{test.OPT(4096, true)},
},
{
@@ -60,6 +67,10 @@ var dnsTestCases = []test.Case{
test.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."),
test.RRSIG("www.miek.nl. 1800 IN RRSIG CNAME 13 3 3600 20160503193047 20160425163047 18512 miek.nl. E3qGZn"),
},
+ Ns: []dns.RR{
+ test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
+ test.RRSIG("miek.nl. 1800 IN RRSIG NS 13 2 3600 20161217114912 20161209084912 18512 miek.nl. ad9gA8VWgF1H8ze9/0Rk2Q=="),
+ },
Extra: []dns.RR{test.OPT(4096, true)},
},
{
diff --git a/middleware/file/delegation_test.go b/middleware/file/delegation_test.go
index 63ca1d264..9b72e7033 100644
--- a/middleware/file/delegation_test.go
+++ b/middleware/file/delegation_test.go
@@ -62,6 +62,7 @@ var delegationTestCases = []test.Case{
Answer: []dns.RR{
test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
},
+ Ns: miekAuth,
},
{
Qname: "miek.nl.", Qtype: dns.TypeAAAA,
@@ -135,6 +136,13 @@ var secureDelegationTestCases = []test.Case{
},
}
+var miekAuth = []dns.RR{
+ test.NS("miek.nl. 1800 IN NS ext.ns.whyscream.net."),
+ test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
+ test.NS("miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
+ test.NS("miek.nl. 1800 IN NS omval.tednet.nl."),
+}
+
func TestLookupDelegation(t *testing.T) {
testDelegation(t, dbMiekNLDelegation, testzone, delegationTestCases)
}
diff --git a/middleware/file/dnssec_test.go b/middleware/file/dnssec_test.go
index 40e6429ea..ebce6fd78 100644
--- a/middleware/file/dnssec_test.go
+++ b/middleware/file/dnssec_test.go
@@ -19,6 +19,7 @@ var dnssecTestCases = []test.Case{
test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
},
+ Ns: auth,
Extra: []dns.RR{test.OPT(4096, true)},
},
{
@@ -27,6 +28,7 @@ var dnssecTestCases = []test.Case{
test.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
test.RRSIG("miek.nl. 1800 IN RRSIG AAAA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. SsRT="),
},
+ Ns: auth,
Extra: []dns.RR{test.OPT(4096, true)},
},
{
@@ -50,6 +52,7 @@ var dnssecTestCases = []test.Case{
test.MX("miek.nl. 1800 IN MX 5 alt2.aspmx.l.google.com."),
test.RRSIG("miek.nl. 1800 IN RRSIG MX 8 2 1800 20160426031301 20160327031301 12051 miek.nl. kLqG+iOr="),
},
+ Ns: auth,
Extra: []dns.RR{test.OPT(4096, true)},
},
{
@@ -60,7 +63,7 @@ var dnssecTestCases = []test.Case{
test.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."),
test.RRSIG("www.miek.nl. 1800 RRSIG CNAME 8 3 1800 20160426031301 20160327031301 12051 miek.nl. NVZmMJaypS+wDL2Lar4Zw1zF"),
},
-
+ Ns: auth,
Extra: []dns.RR{
test.OPT(4096, true),
},
@@ -116,6 +119,14 @@ var dnssecTestCases = []test.Case{
},
}
+var auth = []dns.RR{
+ test.NS("miek.nl. 1800 IN NS ext.ns.whyscream.net."),
+ test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
+ test.NS("miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
+ test.NS("miek.nl. 1800 IN NS omval.tednet.nl."),
+ test.RRSIG("miek.nl. 1800 IN RRSIG NS 8 2 1800 20160426031301 20160327031301 12051 miek.nl. ZLtsQhwazbqSpztFoR1Vxs="),
+}
+
func TestLookupDNSSEC(t *testing.T) {
zone, err := Parse(strings.NewReader(dbMiekNLSigned), testzone, "stdin")
if err != nil {
diff --git a/middleware/file/lookup.go b/middleware/file/lookup.go
index c3dc8ad1c..c1844b7df 100644
--- a/middleware/file/lookup.go
+++ b/middleware/file/lookup.go
@@ -40,8 +40,7 @@ func (z *Zone) Lookup(state request.Request, qname string) ([]dns.RR, []dns.RR,
}()
if qtype == dns.TypeSOA {
- soa := z.soa(do)
- return soa, nil, nil, Success
+ return z.soa(do), z.ns(do), nil, Success
}
if qtype == dns.TypeNS && qname == z.origin {
nsrrs := z.ns(do)
@@ -146,7 +145,7 @@ func (z *Zone) Lookup(state request.Request, qname string) ([]dns.RR, []dns.RR,
rrs = append(rrs, sigs...)
}
- return rrs, nil, nil, Success
+ return rrs, z.ns(do), nil, Success
}
@@ -154,7 +153,7 @@ func (z *Zone) Lookup(state request.Request, qname string) ([]dns.RR, []dns.RR,
// Found wildcard.
if wildElem != nil {
- auth := []dns.RR{}
+ auth := z.ns(do)
if rrs := wildElem.Types(dns.TypeCNAME, qname); len(rrs) > 0 {
return z.searchCNAME(state, wildElem, rrs)
@@ -275,7 +274,7 @@ func (z *Zone) searchCNAME(state request.Request, elem *tree.Elem, rrs []dns.RR)
if !dns.IsSubDomain(z.origin, targetName) {
rrs = append(rrs, z.externalLookup(state, targetName, qtype)...)
}
- return rrs, nil, nil, Success
+ return rrs, z.ns(do), nil, Success
}
i := 0
@@ -300,12 +299,12 @@ Redo:
rrs = append(rrs, z.externalLookup(state, targetName, qtype)...)
}
}
- return rrs, nil, nil, Success
+ return rrs, z.ns(do), nil, Success
}
i++
if i > maxChain {
- return rrs, nil, nil, Success
+ return rrs, z.ns(do), nil, Success
}
goto Redo
@@ -324,7 +323,7 @@ Redo:
}
}
- return rrs, nil, nil, Success
+ return rrs, z.ns(do), nil, Success
}
func cnameForType(targets []dns.RR, origQtype uint16) []dns.RR {
diff --git a/middleware/file/lookup_test.go b/middleware/file/lookup_test.go
index d8efd6ea6..198fe1099 100644
--- a/middleware/file/lookup_test.go
+++ b/middleware/file/lookup_test.go
@@ -19,6 +19,7 @@ var dnsTestCases = []test.Case{
test.A("a.miek.nl. 1800 IN A 139.162.196.78"),
test.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."),
},
+ Ns: miekAuth,
},
{
Qname: "www.miek.nl.", Qtype: dns.TypeAAAA,
@@ -26,24 +27,28 @@ var dnsTestCases = []test.Case{
test.AAAA("a.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
test.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."),
},
+ Ns: miekAuth,
},
{
Qname: "miek.nl.", Qtype: dns.TypeSOA,
Answer: []dns.RR{
test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
},
+ Ns: miekAuth,
},
{
Qname: "miek.nl.", Qtype: dns.TypeAAAA,
Answer: []dns.RR{
test.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
},
+ Ns: miekAuth,
},
{
Qname: "mIeK.NL.", Qtype: dns.TypeAAAA,
Answer: []dns.RR{
test.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
},
+ Ns: miekAuth,
},
{
Qname: "miek.nl.", Qtype: dns.TypeMX,
@@ -54,6 +59,7 @@ var dnsTestCases = []test.Case{
test.MX("miek.nl. 1800 IN MX 5 alt1.aspmx.l.google.com."),
test.MX("miek.nl. 1800 IN MX 5 alt2.aspmx.l.google.com."),
},
+ Ns: miekAuth,
},
{
Qname: "a.miek.nl.", Qtype: dns.TypeSRV,
diff --git a/middleware/file/wildcard_test.go b/middleware/file/wildcard_test.go
index 4acc21bde..a4313fe8f 100644
--- a/middleware/file/wildcard_test.go
+++ b/middleware/file/wildcard_test.go
@@ -18,12 +18,14 @@ var wildcardTestCases = []test.Case{
Answer: []dns.RR{
test.TXT(`wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
+ Ns: dnssexAuth[:len(dnssexAuth)-1], // remove RRSIG on the end
},
{
Qname: "a.wild.dnssex.nl.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`a.wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
+ Ns: dnssexAuth[:len(dnssexAuth)-1], // remove RRSIG on the end
},
{
Qname: "wild.dnssex.nl.", Qtype: dns.TypeTXT, Do: true,
@@ -31,10 +33,10 @@ var wildcardTestCases = []test.Case{
test.RRSIG("wild.dnssex.nl. 1800 IN RRSIG TXT 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. FUZSTyvZfeuuOpCm"),
test.TXT(`wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
- Ns: []dns.RR{
+ Ns: append([]dns.RR{
test.NSEC("a.dnssex.nl. 14400 IN NSEC www.dnssex.nl. A AAAA RRSIG NSEC"),
test.RRSIG("a.dnssex.nl. 14400 IN RRSIG NSEC 8 3 14400 20160428190224 20160329190224 14460 dnssex.nl. S+UMs2ySgRaaRY"),
- },
+ }, dnssexAuth...),
Extra: []dns.RR{test.OPT(4096, true)},
},
{
@@ -43,10 +45,10 @@ var wildcardTestCases = []test.Case{
test.RRSIG("a.wild.dnssex.nl. 1800 IN RRSIG TXT 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. FUZSTyvZfeuuOpCm"),
test.TXT(`a.wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
- Ns: []dns.RR{
+ Ns: append([]dns.RR{
test.NSEC("a.dnssex.nl. 14400 IN NSEC www.dnssex.nl. A AAAA RRSIG NSEC"),
test.RRSIG("a.dnssex.nl. 14400 IN RRSIG NSEC 8 3 14400 20160428190224 20160329190224 14460 dnssex.nl. S+UMs2ySgRaaRY"),
- },
+ }, dnssexAuth...),
Extra: []dns.RR{test.OPT(4096, true)},
},
// nodata responses
@@ -61,14 +63,21 @@ var wildcardTestCases = []test.Case{
Ns: []dns.RR{
// TODO(miek): needs closest encloser proof as well? This is the wrong answer
test.NSEC(`*.dnssex.nl. 14400 IN NSEC a.dnssex.nl. TXT RRSIG NSEC`),
- test.RRSIG(`*.dnssex.nl. 14400 IN RRSIG NSEC 8 2 14400 20160428190224 20160329190224 14460 dnssex.nl. os6INm6q2eXknD5z8TpfbK00uxVbQefMvHcR/RNX/kh0xXvzAaaDOV+Ge/Ko+2dXnKP+J1LYG9ffXNpdbaQy5ygzH5F041GJst4566GdG/jt7Z7vLHYxEBTpZfxo+PLsXQXH3VTemZyuWyDfqJzafXJVH1F0nDrcXmMlR6jlBHA=`),
- test.RRSIG(`dnssex.nl. 1800 IN RRSIG SOA 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. CA/Y3m9hCOiKC/8ieSOv8SeP964BUdG/8MC3WtKljUosK9Z9bBGrVizDjjqgq++lyH8BZJcTaabAsERs4xj5PRtcxicwQXZACX5VYjXHQeZmCyytFU5wq2gcXSmvUH86zZzftx3RGPvn1aOoTlcvoC3iF8fYUCpROlUS0YR8Cdw=`),
+ test.RRSIG(`*.dnssex.nl. 14400 IN RRSIG NSEC 8 2 14400 20160428190224 20160329190224 14460 dnssex.nl. os6INm6q2eXknD5z8TaaDOV+Ge/Ko+2dXnKP+J1fqJzafXJVH1F0nDrcXmMlR6jlBHA=`),
+ test.RRSIG(`dnssex.nl. 1800 IN RRSIG SOA 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. CA/Y3m9hCOiKC/8ieSOv8SeP964Bq++lyH8BZJcTaabAsERs4xj5PRtcxicwQXZiF8fYUCpROlUS0YR8Cdw=`),
test.SOA(`dnssex.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1459281744 14400 3600 604800 14400`),
},
Extra: []dns.RR{test.OPT(4096, true)},
},
}
+var dnssexAuth = []dns.RR{
+ test.NS("dnssex.nl. 1800 IN NS linode.atoom.net."),
+ test.NS("dnssex.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
+ test.NS("dnssex.nl. 1800 IN NS omval.tednet.nl."),
+ test.RRSIG("dnssex.nl. 1800 IN RRSIG NS 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. dLIeEvP86jj5ndkcLzhgvWixTABjWAGRTGQsPsVDFXsGMf9TGGC9FEomgkCVeNC0="),
+}
+
func TestLookupWildcard(t *testing.T) {
zone, err := Parse(strings.NewReader(dbDnssexNLSigned), testzone1, "stdin")
if err != nil {
@@ -115,12 +124,14 @@ var wildcardDoubleTestCases = []test.Case{
Answer: []dns.RR{
test.TXT(`wild.w.example.org. IN TXT "Wildcard"`),
},
+ Ns: exampleAuth,
},
{
Qname: "wild.c.example.org.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`wild.c.example.org. IN TXT "c Wildcard"`),
},
+ Ns: exampleAuth,
},
{
Qname: "wild.d.example.org.", Qtype: dns.TypeTXT,
@@ -128,15 +139,22 @@ var wildcardDoubleTestCases = []test.Case{
test.TXT(`alias.example.org. IN TXT "Wildcard CNAME expansion"`),
test.CNAME(`wild.d.example.org. IN CNAME alias.example.org`),
},
+ Ns: exampleAuth,
},
{
Qname: "alias.example.org.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`alias.example.org. IN TXT "Wildcard CNAME expansion"`),
},
+ Ns: exampleAuth,
},
}
+var exampleAuth = []dns.RR{
+ test.NS("example.org. 3600 IN NS a.iana-servers.net."),
+ test.NS("example.org. 3600 IN NS b.iana-servers.net."),
+}
+
func TestLookupDoubleWildcard(t *testing.T) {
zone, err := Parse(strings.NewReader(exampleOrg), "example.org.", "stdin")
if err != nil {
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-11 23:31:37 +0000