aboutsummaryrefslogtreecommitdiff
path: root/middleware/file/dnssec_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/file/dnssec_test.go')
-rw-r--r--middleware/file/dnssec_test.go358
1 files changed, 0 insertions, 358 deletions
diff --git a/middleware/file/dnssec_test.go b/middleware/file/dnssec_test.go
deleted file mode 100644
index 136a9dfee..000000000
--- a/middleware/file/dnssec_test.go
+++ /dev/null
@@ -1,358 +0,0 @@
-package file
-
-import (
- "strings"
- "testing"
-
- "github.com/coredns/coredns/middleware/pkg/dnsrecorder"
- "github.com/coredns/coredns/middleware/test"
-
- "github.com/miekg/dns"
- "golang.org/x/net/context"
-)
-
-var dnssecTestCases = []test.Case{
- {
- Qname: "miek.nl.", Qtype: dns.TypeSOA, Do: true,
- Answer: []dns.RR{
- test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
- test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
- },
- Ns: auth,
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "miek.nl.", Qtype: dns.TypeAAAA, Do: true,
- Answer: []dns.RR{
- test.AAAA("miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
- test.RRSIG("miek.nl. 1800 IN RRSIG AAAA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. SsRT="),
- },
- Ns: auth,
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "miek.nl.", Qtype: dns.TypeNS, Do: true,
- Answer: []dns.RR{
- test.NS("miek.nl. 1800 IN NS ext.ns.whyscream.net."),
- test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
- test.NS("miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
- test.NS("miek.nl. 1800 IN NS omval.tednet.nl."),
- test.RRSIG("miek.nl. 1800 IN RRSIG NS 8 2 1800 20160426031301 20160327031301 12051 miek.nl. ZLtsQhwaz+lHfNpztFoR1Vxs="),
- },
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "miek.nl.", Qtype: dns.TypeMX, Do: true,
- Answer: []dns.RR{
- test.MX("miek.nl. 1800 IN MX 1 aspmx.l.google.com."),
- test.MX("miek.nl. 1800 IN MX 10 aspmx2.googlemail.com."),
- test.MX("miek.nl. 1800 IN MX 10 aspmx3.googlemail.com."),
- test.MX("miek.nl. 1800 IN MX 5 alt1.aspmx.l.google.com."),
- test.MX("miek.nl. 1800 IN MX 5 alt2.aspmx.l.google.com."),
- test.RRSIG("miek.nl. 1800 IN RRSIG MX 8 2 1800 20160426031301 20160327031301 12051 miek.nl. kLqG+iOr="),
- },
- Ns: auth,
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "www.miek.nl.", Qtype: dns.TypeA, Do: true,
- Answer: []dns.RR{
- test.A("a.miek.nl. 1800 IN A 139.162.196.78"),
- test.RRSIG("a.miek.nl. 1800 IN RRSIG A 8 3 1800 20160426031301 20160327031301 12051 miek.nl. lxLotCjWZ3kihTxk="),
- test.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl."),
- test.RRSIG("www.miek.nl. 1800 RRSIG CNAME 8 3 1800 20160426031301 20160327031301 12051 miek.nl. NVZmMJaypS+wDL2Lar4Zw1zF"),
- },
- Ns: auth,
- Extra: []dns.RR{
- test.OPT(4096, true),
- },
- },
- {
- // NoData
- Qname: "a.miek.nl.", Qtype: dns.TypeSRV, Do: true,
- Ns: []dns.RR{
- test.NSEC("a.miek.nl. 14400 IN NSEC archive.miek.nl. A AAAA RRSIG NSEC"),
- test.RRSIG("a.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. GqnF6cutipmSHEao="),
- test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
- test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
- },
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "b.miek.nl.", Qtype: dns.TypeA, Do: true,
- Rcode: dns.RcodeNameError,
- Ns: []dns.RR{
- test.NSEC("archive.miek.nl. 14400 IN NSEC go.dns.miek.nl. CNAME RRSIG NSEC"),
- test.RRSIG("archive.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. jEpx8lcp4do5fWXg="),
- test.NSEC("miek.nl. 14400 IN NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY"),
- test.RRSIG("miek.nl. 14400 IN RRSIG NSEC 8 2 14400 20160426031301 20160327031301 12051 miek.nl. mFfc3r/9PSC1H6oSpdC"),
- test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
- test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
- },
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "b.blaat.miek.nl.", Qtype: dns.TypeA, Do: true,
- Rcode: dns.RcodeNameError,
- Ns: []dns.RR{
- test.NSEC("archive.miek.nl. 14400 IN NSEC go.dns.miek.nl. CNAME RRSIG NSEC"),
- test.RRSIG("archive.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. jEpx8lcp4do5fWXg="),
- test.NSEC("miek.nl. 14400 IN NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY"),
- test.RRSIG("miek.nl. 14400 IN RRSIG NSEC 8 2 14400 20160426031301 20160327031301 12051 miek.nl. mFfc3r/9PSC1H6oSpdC"),
- test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
- test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
- },
- Extra: []dns.RR{test.OPT(4096, true)},
- },
- {
- Qname: "b.a.miek.nl.", Qtype: dns.TypeA, Do: true,
- Rcode: dns.RcodeNameError,
- Ns: []dns.RR{
- // dedupped NSEC, because 1 nsec tells all
- test.NSEC("a.miek.nl. 14400 IN NSEC archive.miek.nl. A AAAA RRSIG NSEC"),
- test.RRSIG("a.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. GqnF6cut/RRGPQ1QGQE1ipmSHEao="),
- test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
- test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
- },
- Extra: []dns.RR{test.OPT(4096, true)},
- },
-}
-
-var auth = []dns.RR{
- test.NS("miek.nl. 1800 IN NS ext.ns.whyscream.net."),
- test.NS("miek.nl. 1800 IN NS linode.atoom.net."),
- test.NS("miek.nl. 1800 IN NS ns-ext.nlnetlabs.nl."),
- test.NS("miek.nl. 1800 IN NS omval.tednet.nl."),
- test.RRSIG("miek.nl. 1800 IN RRSIG NS 8 2 1800 20160426031301 20160327031301 12051 miek.nl. ZLtsQhwazbqSpztFoR1Vxs="),
-}
-
-func TestLookupDNSSEC(t *testing.T) {
- zone, err := Parse(strings.NewReader(dbMiekNLSigned), testzone, "stdin", 0)
- if err != nil {
- t.Fatalf("Expected no error when reading zone, got %q", err)
- }
-
- fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
- ctx := context.TODO()
-
- for _, tc := range dnssecTestCases {
- m := tc.Msg()
-
- rec := dnsrecorder.New(&test.ResponseWriter{})
- _, err := fm.ServeDNS(ctx, rec, m)
- if err != nil {
- t.Errorf("Expected no error, got %v\n", err)
- return
- }
-
- resp := rec.Msg
- test.SortAndCheck(t, resp, tc)
- }
-}
-
-func BenchmarkFileLookupDNSSEC(b *testing.B) {
- zone, err := Parse(strings.NewReader(dbMiekNLSigned), testzone, "stdin", 0)
- if err != nil {
- return
- }
-
- fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
- ctx := context.TODO()
- rec := dnsrecorder.New(&test.ResponseWriter{})
-
- tc := test.Case{
- Qname: "b.miek.nl.", Qtype: dns.TypeA, Do: true,
- Rcode: dns.RcodeNameError,
- Ns: []dns.RR{
- test.NSEC("archive.miek.nl. 14400 IN NSEC go.dns.miek.nl. CNAME RRSIG NSEC"),
- test.RRSIG("archive.miek.nl. 14400 IN RRSIG NSEC 8 3 14400 20160426031301 20160327031301 12051 miek.nl. jEpx8lcp4do5fWXg="),
- test.NSEC("miek.nl. 14400 IN NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY"),
- test.RRSIG("miek.nl. 14400 IN RRSIG NSEC 8 2 14400 20160426031301 20160327031301 12051 miek.nl. mFfc3r/9PSC1H6oSpdC"),
- test.RRSIG("miek.nl. 1800 IN RRSIG SOA 8 2 1800 20160426031301 20160327031301 12051 miek.nl. FIrzy07acBbtyQczy1dc="),
- test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
- },
- }
-
- m := tc.Msg()
-
- b.ResetTimer()
-
- for i := 0; i < b.N; i++ {
- fm.ServeDNS(ctx, rec, m)
- }
-}
-
-const dbMiekNLSigned = `
-; File written on Sun Mar 27 04:13:01 2016
-; dnssec_signzone version 9.10.3-P4-Ubuntu
-miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. (
- 1459051981 ; serial
- 14400 ; refresh (4 hours)
- 3600 ; retry (1 hour)
- 604800 ; expire (1 week)
- 14400 ; minimum (4 hours)
- )
- 1800 RRSIG SOA 8 2 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- FIrzy07acBzrf6kNW13Ypmq/ahojoMqOj0qJ
- ixTevTvwOEcVuw9GlJoYIHTYg+hm1sZHtx9K
- RiVmYsm8SHKsJA1WzixtT4K7vQvM+T+qbeOJ
- xA6YTivKUcGRWRXQlOTUAlHS/KqBEfmxKgRS
- 68G4oOEClFDSJKh7RbtyQczy1dc= )
- 1800 NS ext.ns.whyscream.net.
- 1800 NS omval.tednet.nl.
- 1800 NS linode.atoom.net.
- 1800 NS ns-ext.nlnetlabs.nl.
- 1800 RRSIG NS 8 2 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- ZLtsQhwaz+CwrgzgFiEAqbqS/JH65MYjziA3
- 6EXwlGDy41lcfGm71PpxA7cDzFhWNkJNk4QF
- q48wtpP4IGPPpHbnJHKDUXj6se7S+ylAGbS+
- VgVJ4YaVcE6xA9ZVhVpz8CSSjeH34vmqq9xj
- zmFjofuDvraZflHfNpztFoR1Vxs= )
- 1800 A 139.162.196.78
- 1800 RRSIG A 8 2 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- hl+6Q075tsCkxIqbop8zZ6U8rlFvooz7Izzx
- MgCZYVLcg75El28EXKIhBfRb1dPaKbd+v+AD
- wrJMHL131pY5sU2Ly05K+7CqmmyaXgDaVsKS
- rSw/TbhGDIItBemeseeuXGAKAbY2+gE7kNN9
- mZoQ9hRB3SrxE2jhctv66DzYYQQ= )
- 1800 MX 1 aspmx.l.google.com.
- 1800 MX 5 alt1.aspmx.l.google.com.
- 1800 MX 5 alt2.aspmx.l.google.com.
- 1800 MX 10 aspmx2.googlemail.com.
- 1800 MX 10 aspmx3.googlemail.com.
- 1800 RRSIG MX 8 2 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- kLqG+iOrKSzms1H9Et9me8Zts1rbyeCFSVQD
- G9is/u6ec3Lqg2vwJddf/yRsjVpVgadWSAkc
- GSDuD2dK8oBeP24axWc3Z1OY2gdMI7w+PKWT
- Z+pjHVjbjM47Ii/a6jk5SYeOwpGMsdEwhtTP
- vk2O2WGljifqV3uE7GshF5WNR10= )
- 1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
- 1800 RRSIG AAAA 8 2 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- SsRTHytW4YTAuHovHQgfIMhNwMtMp4gaAU/Z
- lgTO+IkBb9y9F8uHrf25gG6RqA1bnGV/gezV
- NU5negXm50bf1BNcyn3aCwEbA0rCGYIL+nLJ
- szlBVbBu6me/Ym9bbJlfgfHRDfsVy2ZkNL+B
- jfNQtGCSDoJwshjcqJlfIVSardo= )
- 14400 NSEC a.miek.nl. A NS SOA MX AAAA RRSIG NSEC DNSKEY
- 14400 RRSIG NSEC 8 2 14400 (
- 20160426031301 20160327031301 12051 miek.nl.
- mFfc3r/9PSC1H6oSpdC+FDy/Iu02W2Tf0x+b
- n6Lpe1gCC1uvcSUrrmBNlyAWRr5Zm+ZXssEb
- cKddRGiu/5sf0bUWrs4tqokL/HUl10X/sBxb
- HfwNAeD7R7+CkpMv67li5AhsDgmQzpX2r3P6
- /6oZyLvODGobysbmzeWM6ckE8IE= )
- 1800 DNSKEY 256 3 8 (
- AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6
- E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5EC
- IoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb
- 2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXH
- Py7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz
- ) ; ZSK; alg = RSASHA256; key id = 12051
- 1800 DNSKEY 257 3 8 (
- AwEAAcWdjBl4W4wh/hPxMDcBytmNCvEngIgB
- 9Ut3C2+QI0oVz78/WK9KPoQF7B74JQ/mjO4f
- vIncBmPp6mFNxs9/WQX0IXf7oKviEVOXLjct
- R4D1KQLX0wprvtUIsQFIGdXaO6suTT5eDbSd
- 6tTwu5xIkGkDmQhhH8OQydoEuCwV245ZwF/8
- AIsqBYDNQtQ6zhd6jDC+uZJXg/9LuPOxFHbi
- MTjp6j3CCW0kHbfM/YHZErWWtjPj3U3Z7knQ
- SIm5PO5FRKBEYDdr5UxWJ/1/20SrzI3iztvP
- wHDsA2rdHm/4YRzq7CvG4N0t9ac/T0a0Sxba
- /BUX2UVPWaIVBdTRBtgHi0s=
- ) ; KSK; alg = RSASHA256; key id = 33694
- 1800 RRSIG DNSKEY 8 2 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- o/D6o8+/bNGQyyRvwZ2hM0BJ+3HirvNjZoko
- yGhGe9sPSrYU39WF3JVIQvNJFK6W3/iwlKir
- TPOeYlN6QilnztFq1vpCxwj2kxJaIJhZecig
- LsKxY/fOHwZlIbBLZZadQG6JoGRLHnImSzpf
- xtyVaXQtfnJFC07HHt9np3kICfE= )
- 1800 RRSIG DNSKEY 8 2 1800 (
- 20160426031301 20160327031301 33694 miek.nl.
- Ak/mbbQVQV+nUgw5Sw/c+TSoYqIwbLARzuNE
- QJvJNoRR4tKVOY6qSxQv+j5S7vzyORZ+yeDp
- NlEa1T9kxZVBMABoOtLX5kRqZncgijuH8fxb
- L57Sv2IzINI9+DOcy9Q9p9ygtwYzQKrYoNi1
- 0hwHi6emGkVG2gGghruMinwOJASGgQy487Yd
- eIpcEKJRw73nxd2le/4/Vafy+mBpKWOczfYi
- 5m9MSSxcK56NFYjPG7TvdIw0m70F/smY9KBP
- pGWEdzRQDlqfZ4fpDaTAFGyRX0mPFzMbs1DD
- 3hQ4LHUSi/NgQakdH9eF42EVEDeL4cI69K98
- 6NNk6X9TRslO694HKw== )
-a.miek.nl. 1800 IN A 139.162.196.78
- 1800 RRSIG A 8 3 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- lxLotCjWZ3kikNNcePu6HOCqMHDINKFRJRD8
- laz2KQ9DKtgXPdnRw5RJvVITSj8GUVzw1ec1
- CYVEKu/eMw/rc953Zns528QBypGPeMNLe2vu
- C6a6UhZnGHA48dSd9EX33eSJs0MP9xsC9csv
- LGdzYmv++eslkKxkhSOk2j/hTxk= )
- 1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
- 1800 RRSIG AAAA 8 3 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- ji3QMlaUzlK85ppB5Pc+y2WnfqOi6qrm6dm1
- bXgsEov/5UV1Lmcv8+Y5NBbTbBlXGlWcpqNp
- uWpf9z3lbguDWznpnasN2MM8t7yxo/Cr7WRf
- QCzui7ewpWiA5hq7j0kVbM4nnDc6cO+U93hO
- mMhVbeVI70HM2m0HaHkziEyzVZk= )
- 14400 NSEC archive.miek.nl. A AAAA RRSIG NSEC
- 14400 RRSIG NSEC 8 3 14400 (
- 20160426031301 20160327031301 12051 miek.nl.
- GqnF6cut/KCxbnJj27MCjjVGkjObV0hLhHOP
- E1/GXAUTEKG6BWxJq8hidS3p/yrOmP5PEL9T
- 4FjBp0/REdVmGpuLaiHyMselES82p/uMMdY5
- QqRM6LHhZdO1zsRbyzOZbm5MsW6GR7K2kHlX
- 9TdBIULiRRGPQ1QGQE1ipmSHEao= )
-archive.miek.nl. 1800 IN CNAME a.miek.nl.
- 1800 RRSIG CNAME 8 3 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- s4zVJiDrVuUiUFr8CNQLuXYYfpqpl8rovL50
- BYsub/xK756NENiOTAOjYH6KYg7RSzsygJjV
- YQwXolZly2/KXAr48SCtxzkGFxLexxiKcFaj
- vm7ZDl7Btoa5l68qmBcxOX5E/W0IKITi4PNK
- mhBs7dlaf0IbPGNgMxae72RosxM= )
- 14400 NSEC go.dns.miek.nl. CNAME RRSIG NSEC
- 14400 RRSIG NSEC 8 3 14400 (
- 20160426031301 20160327031301 12051 miek.nl.
- jEp7LsoK++/PRFh2HieLzasA1jXBpp90NyDf
- RfpfOxdM69yRKfvXMc2bazIiMuDhxht79dGI
- Gj02cn1cvX60SlaHkeFtqTdJcHdK9rbI65EK
- YHFZFzGh9XVnuMJKpUsm/xS1dnUSAnXN8q+0
- xBlUDlQpsAFv/cx8lcp4do5fWXg= )
-go.dns.miek.nl. 1800 IN TXT "Hello!"
- 1800 RRSIG TXT 8 4 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- O0uo1NsXTq2TTfgOmGbHQQEchrcpllaDAMMX
- dTDizw3t+vZ5SR32qJ8W7y6VXLgUqJgcdRxS
- Fou1pp+t5juRZSQ0LKgxMpZAgHorkzPvRf1b
- E9eBKrDSuLGagsQRwHeldFGFgsXtCbf07vVH
- zoKR8ynuG4/cAoY0JzMhCts+56U= )
- 14400 NSEC www.miek.nl. TXT RRSIG NSEC
- 14400 RRSIG NSEC 8 4 14400 (
- 20160426031301 20160327031301 12051 miek.nl.
- BW6qo7kYe3Z+Y0ebaVTWTy1c3bpdf8WUEoXq
- WDQxLDEj2fFiuEBDaSN5lTWRg3wj8kZmr6Uk
- LvX0P29lbATFarIgkyiAdbOEdaf88nMfqBW8
- z2T5xrPQcN0F13uehmv395yAJs4tebRxErMl
- KdkVF0dskaDvw8Wo3YgjHUf6TXM= )
-www.miek.nl. 1800 IN CNAME a.miek.nl.
- 1800 RRSIG CNAME 8 3 1800 (
- 20160426031301 20160327031301 12051 miek.nl.
- MiQQh2lScoNiNVZmMJaypS+wDL2Lar4Zw1zF
- Uo4tL16BfQOt7yl8gXdAH2JMFqoKAoIdM2K6
- XwFOwKTOGSW0oNCOcaE7ts+1Z1U0H3O2tHfq
- FAzfg1s9pQ5zxk8J/bJgkVIkw2/cyB0y1/PK
- EmIqvChBSb4NchTuMCSqo63LJM8= )
- 14400 NSEC miek.nl. CNAME RRSIG NSEC
- 14400 RRSIG NSEC 8 3 14400 (
- 20160426031301 20160327031301 12051 miek.nl.
- OPPZ8iaUPrVKEP4cqeCiiv1WLRAY30GRIhc/
- me0gBwFkbmTEnvB+rUp831OJZDZBNKv4QdZj
- Uyc26wKUOQeUyMJqv4IRDgxH7nq9GB5JRjYZ
- IVxtGD1aqWLXz+8aMaf9ARJjtYUd3K4lt8Wz
- LbJSo5Wdq7GOWqhgkY5n3XD0/FA= )`