1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
|
package file
import (
"strings"
"testing"
"github.com/coredns/coredns/plugin/pkg/dnsrecorder"
"github.com/coredns/coredns/plugin/test"
"github.com/miekg/dns"
"golang.org/x/net/context"
)
// RFC 6672, Section 2.2. Assuming QTYPE != DNAME.
var dnameSubstitutionTestCases = []struct {
qname string
owner string
target string
expected string
}{
{"com.", "example.com.", "example.net.", ""},
{"example.com.", "example.com.", "example.net.", ""},
{"a.example.com.", "example.com.", "example.net.", "a.example.net."},
{"a.b.example.com.", "example.com.", "example.net.", "a.b.example.net."},
{"ab.example.com.", "b.example.com.", "example.net.", ""},
{"foo.example.com.", "example.com.", "example.net.", "foo.example.net."},
{"a.x.example.com.", "x.example.com.", "example.net.", "a.example.net."},
{"a.example.com.", "example.com.", "y.example.net.", "a.y.example.net."},
{"cyc.example.com.", "example.com.", "example.com.", "cyc.example.com."},
{"cyc.example.com.", "example.com.", "c.example.com.", "cyc.c.example.com."},
{"shortloop.x.x.", "x.", ".", "shortloop.x."},
{"shortloop.x.", "x.", ".", "shortloop."},
}
func TestDNAMESubstitution(t *testing.T) {
for i, tc := range dnameSubstitutionTestCases {
result := substituteDNAME(tc.qname, tc.owner, tc.target)
if result != tc.expected {
if result == "" {
result = "<no match>"
}
t.Errorf("Case %d: Expected %s -> %s, got %v", i, tc.qname, tc.expected, result)
return
}
}
}
var dnameTestCases = []test.Case{
{
Qname: "dname.miek.nl.", Qtype: dns.TypeDNAME,
Answer: []dns.RR{
test.DNAME("dname.miek.nl. 1800 IN DNAME test.miek.nl."),
},
Ns: miekAuth,
},
{
Qname: "dname.miek.nl.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("dname.miek.nl. 1800 IN A 127.0.0.1"),
},
Ns: miekAuth,
},
{
Qname: "dname.miek.nl.", Qtype: dns.TypeMX,
Answer: []dns.RR{},
Ns: []dns.RR{
test.SOA("miek.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1282630057 14400 3600 604800 14400"),
},
},
{
Qname: "a.dname.miek.nl.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.CNAME("a.dname.miek.nl. 1800 IN CNAME a.test.miek.nl."),
test.A("a.test.miek.nl. 1800 IN A 139.162.196.78"),
test.DNAME("dname.miek.nl. 1800 IN DNAME test.miek.nl."),
},
Ns: miekAuth,
},
{
Qname: "www.dname.miek.nl.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("a.test.miek.nl. 1800 IN A 139.162.196.78"),
test.DNAME("dname.miek.nl. 1800 IN DNAME test.miek.nl."),
test.CNAME("www.dname.miek.nl. 1800 IN CNAME www.test.miek.nl."),
test.CNAME("www.test.miek.nl. 1800 IN CNAME a.test.miek.nl."),
},
Ns: miekAuth,
},
}
func TestLookupDNAME(t *testing.T) {
zone, err := Parse(strings.NewReader(dbMiekNLDNAME), testzone, "stdin", 0)
if err != nil {
t.Fatalf("Expect no error when reading zone, got %q", err)
}
fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
ctx := context.TODO()
for _, tc := range dnameTestCases {
m := tc.Msg()
rec := dnsrecorder.New(&test.ResponseWriter{})
_, err := fm.ServeDNS(ctx, rec, m)
if err != nil {
t.Errorf("Expected no error, got %v\n", err)
return
}
resp := rec.Msg
test.SortAndCheck(t, resp, tc)
}
}
var dnameDnssecTestCases = []test.Case{
{
// We have no auth section, because the test zone does not have nameservers.
Qname: "ns.example.org.", Qtype: dns.TypeA,
Answer: []dns.RR{
test.A("ns.example.org. 1800 IN A 127.0.0.1"),
},
},
{
Qname: "dname.example.org.", Qtype: dns.TypeDNAME,
Do: true,
Answer: []dns.RR{
test.DNAME("dname.example.org. 1800 IN DNAME test.example.org."),
test.RRSIG("dname.example.org. 1800 IN RRSIG DNAME 5 3 1800 20170702091734 20170602091734 54282 example.org. HvXtiBM="),
},
Extra: []dns.RR{test.OPT(4096, true)},
},
{
Qname: "a.dname.example.org.", Qtype: dns.TypeA,
Do: true,
Answer: []dns.RR{
test.CNAME("a.dname.example.org. 1800 IN CNAME a.test.example.org."),
test.DNAME("dname.example.org. 1800 IN DNAME test.example.org."),
test.RRSIG("dname.example.org. 1800 IN RRSIG DNAME 5 3 1800 20170702091734 20170602091734 54282 example.org. HvXtiBM="),
},
Extra: []dns.RR{test.OPT(4096, true)},
},
}
func TestLookupDNAMEDNSSEC(t *testing.T) {
zone, err := Parse(strings.NewReader(dbExampleDNAMESigned), testzone, "stdin", 0)
if err != nil {
t.Fatalf("Expect no error when reading zone, got %q", err)
}
fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{"example.org.": zone}, Names: []string{"example.org."}}}
ctx := context.TODO()
for _, tc := range dnameDnssecTestCases {
m := tc.Msg()
rec := dnsrecorder.New(&test.ResponseWriter{})
_, err := fm.ServeDNS(ctx, rec, m)
if err != nil {
t.Errorf("Expected no error, got %v\n", err)
return
}
resp := rec.Msg
test.SortAndCheck(t, resp, tc)
}
}
const dbMiekNLDNAME = `
$TTL 30M
$ORIGIN miek.nl.
@ IN SOA linode.atoom.net. miek.miek.nl. (
1282630057 ; Serial
4H ; Refresh
1H ; Retry
7D ; Expire
4H ) ; Negative Cache TTL
IN NS linode.atoom.net.
IN NS ns-ext.nlnetlabs.nl.
IN NS omval.tednet.nl.
IN NS ext.ns.whyscream.net.
test IN MX 1 aspmx.l.google.com.
IN MX 5 alt1.aspmx.l.google.com.
IN MX 5 alt2.aspmx.l.google.com.
IN MX 10 aspmx2.googlemail.com.
IN MX 10 aspmx3.googlemail.com.
a.test IN A 139.162.196.78
IN AAAA 2a01:7e00::f03c:91ff:fef1:6735
www.test IN CNAME a.test
dname IN DNAME test
dname IN A 127.0.0.1
a.dname IN A 127.0.0.1
`
const dbExampleDNAMESigned = `
; File written on Fri Jun 2 10:17:34 2017
; dnssec_signzone version 9.10.3-P4-Debian
example.org. 1800 IN SOA a.example.org. b.example.org. (
1282630057 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
14400 ; minimum (4 hours)
)
1800 RRSIG SOA 5 2 1800 (
20170702091734 20170602091734 54282 example.org.
mr5eQtFs1GubgwaCcqrpiF6Cgi822OkESPeV
X0OJYq3JzthJjHw8TfYAJWQ2yGqhlePHir9h
FT/uFZdYyytHq+qgIUbJ9IVCrq0gZISZdHML
Ry1DNffMR9CpD77KocOAUABfopcvH/3UGOHn
TFxkAr447zPaaoC68JYGxYLfZk8= )
1800 NS ns.example.org.
1800 RRSIG NS 5 2 1800 (
20170702091734 20170602091734 54282 example.org.
McM4UdMxkscVQkJnnEbdqwyjpPgq5a/EuOLA
r2MvG43/cwOaWULiZoNzLi5Rjzhf+GTeVTan
jw6EsL3gEuYI1nznwlLQ04/G0XAHjbq5VvJc
rlscBD+dzf774yfaTjRNoeo2xTem6S7nyYPW
Y+1f6xkrsQPLYJfZ6VZ9QqyupBw= )
14400 NSEC dname.example.org. NS SOA RRSIG NSEC DNSKEY
14400 RRSIG NSEC 5 2 14400 (
20170702091734 20170602091734 54282 example.org.
VT+IbjDFajM0doMKFipdX3+UXfCn3iHIxg5x
LElp4Q/YddTbX+6tZf53+EO+G8Kye3JDLwEl
o8VceijNeF3igZ+LiZuXCei5Qg/TJ7IAUnAO
xd85IWwEYwyKkKd6Z2kXbAN2pdcHE8EmboQd
wfTr9oyWhpZk1Z+pN8vdejPrG0M= )
1800 DNSKEY 256 3 5 (
AwEAAczLlmTk5bMXUzpBo/Jta6MWSZYy3Nfw
gz8t/pkfSh4IlFF6vyXZhEqCeQsCBdD7ltkD
h5qd4A+nFrYOMwsi5XIjoHMlJN15xwFS9EgS
ZrZmuxePIEiYB5KccEf9JQMgM1t07Iu1FnrY
02OuAqGWcO4tuyTLaK3QP4MLQOfAgKqf
) ; ZSK; alg = RSASHA1; key id = 54282
1800 RRSIG DNSKEY 5 2 1800 (
20170702091734 20170602091734 54282 example.org.
MBgSRtZ6idJblLIHxZWpWL/1oqIwImb1mkl7
hDFxqV6Hw19yLX06P7gcJEWiisdZBkVEfcOK
LeMJly05vgKfrMzLgIu2Ry4bL8AMKc8NMXBG
b1VDCEBW69P2omogj2KnORHDCZQr/BX9+wBU
5rIMTTKlMSI5sT6ecJHHEymtiac= )
dname.example.org. 1800 IN A 127.0.0.1
1800 RRSIG A 5 3 1800 (
20170702091734 20170602091734 54282 example.org.
LPCK2nLyDdGwvmzGLkUO2atEUjoc+aEspkC3
keZCdXZaLnAwBH7dNAjvvXzzy0WrgWeiyDb4
+rJ2N0oaKEZicM4QQDHKhugJblKbU5G4qTey
LSEaV3vvQnzGd0S6dCqnwfPj9czagFN7Zlf5
DmLtdxx0aiDPCUpqT0+H/vuGPfk= )
1800 DNAME test.example.org.
1800 RRSIG DNAME 5 3 1800 (
20170702091734 20170602091734 54282 example.org.
HvX79T1flWJ8H9/1XZjX6gz8rP/o2jbfPXJ9
vC7ids/ZJilSReabLru4DCqcw1IV2DM/CZdE
tBnED/T2PJXvMut9tnYMrz+ZFPxoV6XyA3Z7
bok3B0OuxizzAN2EXdol04VdbMHoWUzjQCzi
0Ri12zLGRPzDepZ7FolgD+JtiBM= )
14400 NSEC a.dname.example.org. A DNAME RRSIG NSEC
14400 RRSIG NSEC 5 3 14400 (
20170702091734 20170602091734 54282 example.org.
U3ZPYMUBJl3wF2SazQv/kBf6ec0CH+7n0Hr9
w6lBKkiXz7P9WQzJDVnTHEZOrbDI6UetFGyC
6qcaADCASZ9Wxc+riyK1Hl4ox+Y/CHJ97WHy
oS2X//vEf6qmbHQXin0WQtFdU/VCRYF40X5v
8VfqOmrr8iKiEqXND8XNVf58mTw= )
a.dname.example.org. 1800 IN A 127.0.0.1
1800 RRSIG A 5 4 1800 (
20170702091734 20170602091734 54282 example.org.
y7RHBWZwli8SJQ4BgTmdXmYS3KGHZ7AitJCx
zXFksMQtNoOfVEQBwnFqjAb8ezcV5u92h1gN
i1EcuxCFiElML1XFT8dK2GnlPAga9w3oIwd5
wzW/YHcnR0P9lF56Sl7RoIt6+jJqOdRfixS6
TDoLoXsNbOxQ+qV3B8pU2Tam204= )
14400 NSEC ns.example.org. A RRSIG NSEC
14400 RRSIG NSEC 5 4 14400 (
20170702091734 20170602091734 54282 example.org.
Tmu27q3+xfONSZZtZLhejBUVtEw+83ZU1AFb
Rsxctjry/x5r2JSxw/sgSAExxX/7tx/okZ8J
oJqtChpsr91Kiw3eEBgINi2lCYIpMJlW4cWz
8bYlHfR81VsKYgy/cRgrq1RRvBoJnw+nwSty
mKPIvUtt67LAvLxJheSCEMZLCKI= )
ns.example.org. 1800 IN A 127.0.0.1
1800 RRSIG A 5 3 1800 (
20170702091734 20170602091734 54282 example.org.
mhi1SGaaAt+ndQEg5uKWKCH0HMzaqh/9dUK3
p2wWMBrLbTZrcWyz10zRnvehicXDCasbBrer
ZpDQnz5AgxYYBURvdPfUzx1XbNuRJRE4l5PN
CEUTlTWcqCXnlSoPKEJE5HRf7v0xg2BrBUfM
4mZnW2bFLwjrRQ5mm/mAmHmTROk= )
14400 NSEC example.org. A RRSIG NSEC
14400 RRSIG NSEC 5 3 14400 (
20170702091734 20170602091734 54282 example.org.
loHcdjX+NIWLAkUDfPSy2371wrfUvrBQTfMO
17eO2Y9E/6PE935NF5bjQtZBRRghyxzrFJhm
vY1Ad5ZTb+NLHvdSWbJQJog+eCc7QWp64WzR
RXpMdvaE6ZDwalWldLjC3h8QDywDoFdndoRY
eHOsmTvvtWWqtO6Fa5A8gmHT5HA= )
`
|
