aboutsummaryrefslogtreecommitdiff
path: root/plugin/dnssec/handler_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/dnssec/handler_test.go')
-rw-r--r--plugin/dnssec/handler_test.go33
1 files changed, 32 insertions, 1 deletions
diff --git a/plugin/dnssec/handler_test.go b/plugin/dnssec/handler_test.go
index ba24a45d1..77bf36f32 100644
--- a/plugin/dnssec/handler_test.go
+++ b/plugin/dnssec/handler_test.go
@@ -73,9 +73,29 @@ var dnsTestCases = []test.Case{
Extra: []dns.RR{test.OPT(4096, true)},
},
{
+ Qname: "wwwww.miek.nl.", Qtype: dns.TypeAAAA, Do: true,
+ Ns: []dns.RR{
+ test.RRSIG("miek.nl. 1800 IN RRSIG SOA 13 2 3600 20171220135446 20171212105446 18512 miek.nl. hCRzzjYz6w=="),
+ test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
+ test.NSEC("wwwww.miek.nl. 1800 IN NSEC \\000.wwwww.miek.nl. A HINFO TXT LOC SRV CERT SSHFP RRSIG NSEC TLSA HIP OPENPGPKEY SPF"),
+ test.RRSIG("wwwww.miek.nl. 1800 IN RRSIG NSEC 13 3 3600 20171220135446 20171212105446 18512 miek.nl. cVUQWs8xw=="),
+ },
+ Extra: []dns.RR{test.OPT(4096, true)},
+ },
+ {
+ Qname: "miek.nl.", Qtype: dns.TypeHINFO, Do: true,
+ Ns: []dns.RR{
+ test.NSEC("miek.nl. 1800 IN NSEC \\000.miek.nl. A NS SOA MX TXT AAAA LOC SRV CERT SSHFP RRSIG NSEC DNSKEY TLSA HIP OPENPGPKEY SPF"),
+ test.RRSIG("miek.nl. 1800 IN RRSIG NSEC 13 2 3600 20171220141741 20171212111741 18512 miek.nl. GuXROL7Uu+UiPcg=="),
+ test.RRSIG("miek.nl. 1800 IN RRSIG SOA 13 2 3600 20171220141741 20171212111741 18512 miek.nl. 8bLTReqmuQtw=="),
+ test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
+ },
+ Extra: []dns.RR{test.OPT(4096, true)},
+ },
+ {
Qname: "www.example.org.", Qtype: dns.TypeAAAA, Do: true,
Rcode: dns.RcodeServerFailure,
- // Extra: []dns.RR{test.OPT(4096, true)}, // test.ErrorHandler is a simple handler that does not do EDNS.
+ // Extra: []dns.RR{test.OPT(4096, true)}, // test.ErrorHandler is a simple handler that does not do EDNS on ServerFailure
},
}
@@ -131,6 +151,17 @@ func TestLookupDNSKEY(t *testing.T) {
}
test.SortAndCheck(t, resp, tc)
+
+ // If there is an NSEC present in authority section check if the bitmap does not have the qtype set.
+ for _, rr := range resp.Ns {
+ if n, ok := rr.(*dns.NSEC); ok {
+ for i := range n.TypeBitMap {
+ if n.TypeBitMap[i] == tc.Qtype {
+ t.Errorf("bitmap contains qtype: %d", tc.Qtype)
+ }
+ }
+ }
+ }
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-24 16:54:25 +0000