d_pd.push_back({n.first, n.second});
d_pd.push_back({"validationstates", in_t{
- {"Indeterminate", Indeterminate },
- {"Bogus", Bogus },
- {"Insecure", Insecure },
- {"Secure", Secure },
+ {"Indeterminate", static_cast<unsigned int>(vState::Indeterminate) },
+ {"Bogus", static_cast<unsigned int>(vState::Bogus) },
+ {"Insecure", static_cast<unsigned int>(vState::Insecure) },
+ {"Secure", static_cast<unsigned int>(vState::Secure) },
}});
d_pd.push_back({"now", &g_now});
std::string requestorId;
std::string deviceId;
std::string deviceName;
- vState validationState{Indeterminate};
+ vState validationState{vState::Indeterminate};
bool& variable;
bool& wantsRPZ;
bool& logResponse;
}
}
- if (t_pdl || (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != Bogus)) {
+ if (t_pdl || (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != vState::Bogus)) {
if (res == RCode::NoError) {
auto i = ret.cbegin();
for(; i!= ret.cend(); ++i) {
if (t_pdl && t_pdl->nodata(dq, res)) {
shouldNotValidate = true;
}
- else if (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != Bogus) {
+ else if (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != vState::Bogus) {
res = getFakeAAAARecords(dq.qname, *g_dns64Prefix, ret);
shouldNotValidate = true;
}
auto state = sr.getValidationState();
- if(state == Secure) {
+ if(state == vState::Secure) {
if(sr.doLog()) {
g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" for "<<dc->getRemote()<<" validates correctly"<<endl;
}
if (dc->d_mdp.d_header.ad || DNSSECOK)
pw.getHeader()->ad=1;
}
- else if(state == Insecure) {
+ else if(state == vState::Insecure) {
if(sr.doLog()) {
g_log<<Logger::Warning<<"Answer to "<<dc->d_mdp.d_qname<<"|"<<QType(dc->d_mdp.d_qtype).getName()<<" for "<<dc->getRemote()<<" validates as Insecure"<<endl;
}
pw.getHeader()->ad=0;
}
- else if(state == Bogus) {
+ else if(state == vState::Bogus) {
if(t_bogusremotes)
t_bogusremotes->push_back(dc->d_source);
if(t_bogusqueryring)
}
if (cacheHit) {
- if(valState == Bogus) {
+ if(valState == vState::Bogus) {
if(t_bogusremotes)
t_bogusremotes->push_back(source);
if(t_bogusqueryring)
#endif
addGetStat("dnssec-validations", &g_stats.dnssecValidations);
- addGetStat("dnssec-result-insecure", &g_stats.dnssecResults[Insecure]);
- addGetStat("dnssec-result-secure", &g_stats.dnssecResults[Secure]);
- addGetStat("dnssec-result-bogus", &g_stats.dnssecResults[Bogus]);
- addGetStat("dnssec-result-indeterminate", &g_stats.dnssecResults[Indeterminate]);
- addGetStat("dnssec-result-nta", &g_stats.dnssecResults[NTA]);
+ addGetStat("dnssec-result-insecure", &g_stats.dnssecResults[vState::Insecure]);
+ addGetStat("dnssec-result-secure", &g_stats.dnssecResults[vState::Secure]);
+ addGetStat("dnssec-result-bogus", &g_stats.dnssecResults[vState::Bogus]);
+ addGetStat("dnssec-result-indeterminate", &g_stats.dnssecResults[vState::Indeterminate]);
+ addGetStat("dnssec-result-nta", &g_stats.dnssecResults[vState::NTA]);
addGetStat("policy-result-noaction", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NoAction]);
addGetStat("policy-result-drop", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Drop]);
for (const auto& j : i.d_records) {
count++;
try {
- fprintf(fp.get(), "%s %" PRId64 " IN %s %s ; (%s) auth=%i %s %s\n", i.d_qname.toString().c_str(), static_cast<int64_t>(i.d_ttd - now), DNSRecordContent::NumberToType(i.d_qtype).c_str(), j->getZoneRepresentation().c_str(), vStates[i.d_state], i.d_auth, i.d_netmask.empty() ? "" : i.d_netmask.toString().c_str(), !i.d_rtag ? "" : i.d_rtag.get().c_str());
+ fprintf(fp.get(), "%s %" PRId64 " IN %s %s ; (%s) auth=%i %s %s\n", i.d_qname.toString().c_str(), static_cast<int64_t>(i.d_ttd - now), DNSRecordContent::NumberToType(i.d_qtype).c_str(), j->getZoneRepresentation().c_str(), vStateToString(i.d_state).c_str(), i.d_auth, i.d_netmask.empty() ? "" : i.d_netmask.toString().c_str(), !i.d_rtag ? "" : i.d_rtag.get().c_str());
}
catch(...) {
fprintf(fp.get(), "; error printing '%s'\n", i.d_qname.empty() ? "EMPTY" : i.d_qname.toString().c_str());
int32_t get(time_t, const DNSName &qname, const QType& qt, bool requireAuth, vector<DNSRecord>* res, const ComboAddress& who, const OptTag& routingTag = boost::none, vector<std::shared_ptr<RRSIGRecordContent>>* signatures=nullptr, std::vector<std::shared_ptr<DNSRecord>>* authorityRecs=nullptr, bool* variable=nullptr, vState* state=nullptr, bool* wasAuth=nullptr);
- void replace(time_t, const DNSName &qname, const QType& qt, const vector<DNSRecord>& content, const vector<shared_ptr<RRSIGRecordContent>>& signatures, const std::vector<std::shared_ptr<DNSRecord>>& authorityRecs, bool auth, boost::optional<Netmask> ednsmask=boost::none, const OptTag& routingTag = boost::none, vState state=Indeterminate);
+ void replace(time_t, const DNSName &qname, const QType& qt, const vector<DNSRecord>& content, const vector<shared_ptr<RRSIGRecordContent>>& signatures, const std::vector<std::shared_ptr<DNSRecord>>& authorityRecs, bool auth, boost::optional<Netmask> ednsmask=boost::none, const OptTag& routingTag = boost::none, vState state=vState::Indeterminate);
void doPrune(size_t keep);
uint64_t doDump(int fd);
struct CacheEntry
{
CacheEntry(const boost::tuple<DNSName, uint16_t, OptTag, Netmask>& key, bool auth):
- d_qname(key.get<0>()), d_netmask(key.get<3>().getNormalized()), d_rtag(key.get<2>()), d_state(Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth)
+ d_qname(key.get<0>()), d_netmask(key.get<3>().getNormalized()), d_rtag(key.get<2>()), d_state(vState::Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth)
{
}
negcache_sequence_t& sidx = d_negcache.get<SequenceTag>();
for (const NegCacheEntry& ne : sidx) {
ret++;
- fprintf(fp, "%s %" PRId64 " IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStates[ne.d_validationState]);
+ fprintf(fp, "%s %" PRId64 " IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStateToString(ne.d_validationState).c_str());
for (const auto& rec : ne.authoritySOA.records) {
- fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStates[ne.d_validationState]);
+ fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str());
}
for (const auto& sig : ne.authoritySOA.signatures) {
fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str());
}
for (const auto& rec : ne.DNSSECRecords.records) {
- fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStates[ne.d_validationState]);
+ fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str());
}
for (const auto& sig : ne.DNSSECRecords.signatures) {
fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast<int64_t>(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str());
mutable uint32_t d_ttd; // Timestamp when this entry should die
recordsAndSignatures authoritySOA; // The upstream SOA record and RRSIGs
recordsAndSignatures DNSSECRecords; // The upstream NSEC(3) and RRSIGs
- mutable vState d_validationState{Indeterminate};
+ mutable vState d_validationState{vState::Indeterminate};
uint32_t getTTD() const
{
return d_ttd;
ret.clear();
res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::AAAA);
BOOST_CHECK_EQUAL(ret[0].d_name, target);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 5U); /* DNAME + RRSIG(DNAME) + CNAME + A + RRSIG(A) */
BOOST_CHECK_EQUAL(queries, 11U);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 5U); /* DNAME + RRSIG(DNAME) + CNAME + A + RRSIG(A) */
BOOST_CHECK_EQUAL(queries, 11U);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U); /* DNAME + RRSIG(DNAME) + CNAME + A */
BOOST_CHECK_EQUAL(queries, 9U);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U); /* DNAME + RRSIG(DNAME) + CNAME + A */
BOOST_CHECK_EQUAL(queries, 9U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U);
ret.clear();
res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U);
ret.clear();
res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U);
ret.clear();
res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U);
ret.clear();
res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U);
ret.clear();
res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U);
ret.clear();
res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 13U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 3U);
ret.clear();
res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 15U);
BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 4U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 5U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 5U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 5U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 5U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 0U);
/* com|NS, powerdns.com|NS, powerdns.com|A */
BOOST_CHECK_EQUAL(queriesCount, 3U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 0U);
/* we don't store empty results */
BOOST_CHECK_EQUAL(queriesCount, 4U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 0U);
BOOST_CHECK(sr->wasOutOfBand());
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
/* a second time, to check that the OOB flag is set when the query cache is used */
ret.clear();
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 0U);
BOOST_CHECK(sr->wasOutOfBand());
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
/* a third time, to check that the validation is disabled when the OOB flag is set */
ret.clear();
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 0U);
BOOST_CHECK(sr->wasOutOfBand());
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
}
BOOST_AUTO_TEST_CASE(test_auth_zone_oob_cname)
BOOST_CHECK(ret[1].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 0U);
BOOST_CHECK(sr->wasOutOfBand());
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
/* a second time, to check that the OOB flag is set when the query cache is used */
ret.clear();
BOOST_CHECK(ret[1].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 0U);
BOOST_CHECK(sr->wasOutOfBand());
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
/* a third time, to check that the validation is disabled when the OOB flag is set */
ret.clear();
BOOST_CHECK(ret[1].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 0U);
BOOST_CHECK(sr->wasOutOfBand());
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
}
BOOST_AUTO_TEST_CASE(test_auth_zone)
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 4U);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
}
BOOST_AUTO_TEST_CASE(test_auth_zone_delegation_point)
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 3U);
ret.clear();
res = sr->beginResolve(target, QType(QType::DNSKEY), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
/* 1 SOA + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* 13 NS + 0 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 13U);
/* no RRSIG so no query for DNSKEYs */
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 13U);
/* check that we capped the TTL to max-cache-bogus-ttl */
for (const auto& record : ret) {
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
/* no supported DS so no query for DNSKEYs */
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
/* no supported DS so no query for DNSKEYs */
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 2U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 3U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 3U);
ret.clear();
res = sr->beginResolve(DNSName("com."), QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 3U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(DNSName("com."), QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 7U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 7U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
}
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
/* Should be insecure because of the NTA */
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 5U);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
/* Should be insecure because of the NTA */
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 5U);
}
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
/* Should be insecure because of the NTA */
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 8U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 8U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* because we pass along the duplicated NSEC3 */
BOOST_REQUIRE_EQUAL(ret.size(), 9U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* because we pass along the duplicated NSEC3 */
BOOST_REQUIRE_EQUAL(ret.size(), 9U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 8U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 8U);
BOOST_CHECK_EQUAL(queriesCount, 6U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 10U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 10U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* A + RRSIG, NSEC + RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* A + RRSIG, NSEC + RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(DNSName("herokuapp.com."), QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 12U);
ret.clear();
res = sr->beginResolve(DNSName("dns1.p03.nsone.net."), QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 16U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(dsQueriesCount, 3U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 9U);
BOOST_CHECK_EQUAL(dsQueriesCount, 3U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
ret.clear();
res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 10U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 10U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 7U);
BOOST_CHECK_EQUAL(dsQueriesCount, 2U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 7U);
BOOST_CHECK_EQUAL(dsQueriesCount, 2U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_CHECK_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_CHECK_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 8U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
/* 4 NS: com at ., com at com, powerdns.com at com, powerdns.com at powerdns.com
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 7U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK(ret[0].d_type == QType::SOA);
BOOST_CHECK_EQUAL(queriesCount, 4U);
ret.clear();
res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK(ret[0].d_type == QType::SOA);
BOOST_CHECK_EQUAL(queriesCount, 4U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK(ret[0].d_type == QType::SOA);
BOOST_CHECK_EQUAL(queriesCount, 6U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 6U);
BOOST_CHECK(ret[0].d_type == QType::SOA);
BOOST_CHECK_EQUAL(queriesCount, 6U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::DS || record.d_type == QType::RRSIG);
ret.clear();
res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::DS || record.d_type == QType::RRSIG);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::SOA || record.d_type == QType::NSEC || record.d_type == QType::RRSIG);
ret.clear();
res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::SOA || record.d_type == QType::NSEC || record.d_type == QType::RRSIG);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 9U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 9U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 7U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 7U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
/* 4 NS (com from root, com from com, powerdns.com from com,
powerdns.com from powerdns.com)
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 7U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 11U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 12U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 12U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* no RRSIG to show */
BOOST_CHECK_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 10U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_CHECK_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 10U);
}
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
/* should be insecure but we have a TA for powerdns.com. */
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
/* We got a RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK(ret[0].d_type == QType::A);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 5U);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
/* should be insecure but we have a TA for powerdns.com., but no RRSIG so Bogus */
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* No RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK(ret[0].d_type == QType::A);
BOOST_CHECK_EQUAL(queriesCount, 4U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
/* 13 NS + 1 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 14U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
/* 13 NS + 0 RRSIG */
BOOST_REQUIRE_EQUAL(ret.size(), 13U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
ret.clear();
res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 13U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 0U);
/* com|NS, powerdns.com|NS, powerdns.com|A */
BOOST_CHECK_EQUAL(queriesCount, 3U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 0U);
/* we don't store empty results */
BOOST_CHECK_EQUAL(queriesCount, 4U);
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 0U);
/* com|NS, powerdns.com|NS, powerdns.com|A */
BOOST_CHECK_EQUAL(queriesCount, 3U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NXDomain);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 0U);
/* we don't store empty results */
BOOST_CHECK_EQUAL(queriesCount, 4U);
denialMap[std::make_pair(DNSName("example.org."), QType::NSEC)] = pair;
dState denialState = getDenial(denialMap, DNSName("b.example.org."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NXDOMAIN);
+ BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN);
denialState = getDenial(denialMap, DNSName("d.example.org."), QType::A, false, false);
/* let's check that d.example.org. is not denied by this proof */
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_1)
denialMap[std::make_pair(DNSName("z.example.org."), QType::NSEC)] = pair;
dState denialState = getDenial(denialMap, DNSName("a.example.org."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NXDOMAIN);
+ BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN);
denialState = getDenial(denialMap, DNSName("d.example.org."), QType::A, false, false);
/* let's check that d.example.org. is not denied by this proof */
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_2)
denialMap[std::make_pair(DNSName("y.example.org."), QType::NSEC)] = pair;
dState denialState = getDenial(denialMap, DNSName("z.example.org."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NXDOMAIN);
+ BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN);
denialState = getDenial(denialMap, DNSName("d.example.org."), QType::A, false, false);
/* let's check that d.example.org. is not denied by this proof */
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_denial_only_one_nsec)
denialMap[std::make_pair(DNSName("a.example.org."), QType::NSEC)] = pair;
dState denialState = getDenial(denialMap, DNSName("b.example.org."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NXDOMAIN);
+ BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN);
denialState = getDenial(denialMap, DNSName("a.example.org."), QType::A, false, false);
/* let's check that d.example.org. is not denied by this proof */
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_root_nxd_denial)
denialMap[std::make_pair(DNSName("."), QType::NSEC)] = pair;
dState denialState = getDenial(denialMap, DNSName("b."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NXDOMAIN);
+ BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN);
}
BOOST_AUTO_TEST_CASE(test_nsec_ancestor_nxqtype_denial)
dState denialState = getDenial(denialMap, DNSName("a."), QType::A, false, false);
/* no data means the qname/qtype is not denied, because an ancestor
delegation NSEC can only deny the DS */
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
/* it can not be used to deny any RRs below that owner name either */
denialState = getDenial(denialMap, DNSName("sub.a."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true);
- BOOST_CHECK_EQUAL(denialState, NXQTYPE);
+ BOOST_CHECK_EQUAL(denialState, dState::NXQTYPE);
}
BOOST_AUTO_TEST_CASE(test_nsec_insecure_delegation_denial)
/* Insecure because the NS is not set, so while it does
denies the DS, it can't prove an insecure delegation */
dState denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_nxqtype_cname)
/* this NSEC is not valid to deny a.powerdns.com|A since it states that a CNAME exists */
dState denialState = getDenial(denialMap, DNSName("a.powerdns.com."), QType::A, true, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec3_nxqtype_cname)
/* this NSEC3 is not valid to deny a.powerdns.com|A since it states that a CNAME exists */
dState denialState = getDenial(denialMap, DNSName("a.powerdns.com."), QType::A, false, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_nxdomain_denial_missing_wildcard)
denialMap[std::make_pair(DNSName("a.powerdns.com."), QType::NSEC)] = pair;
dState denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec3_nxdomain_denial_missing_wildcard)
denialMap[std::make_pair(records.at(0).d_name, records.at(0).d_type)] = pair;
dState denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::A, false, false);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec_ent_denial)
/* this NSEC is valid to prove a NXQTYPE at c.powerdns.com because it proves that
it is an ENT */
dState denialState = getDenial(denialMap, DNSName("c.powerdns.com."), QType::AAAA, true, true);
- BOOST_CHECK_EQUAL(denialState, NXQTYPE);
+ BOOST_CHECK_EQUAL(denialState, dState::NXQTYPE);
/* this NSEC is not valid to prove a NXQTYPE at b.powerdns.com,
it could prove a NXDOMAIN if it had an additional wildcard denial */
denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::AAAA, true, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
/* this NSEC is not valid to prove a NXQTYPE for QType::A at a.c.powerdns.com either */
denialState = getDenial(denialMap, DNSName("a.c.powerdns.com."), QType::A, true, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
/* if we add the wildcard denial proof, we should get a NXDOMAIN proof for b.powerdns.com */
recordContents.clear();
denialMap[std::make_pair(DNSName(").powerdns.com."), QType::NSEC)] = pair;
denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::A, true, false);
- BOOST_CHECK_EQUAL(denialState, NXDOMAIN);
+ BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN);
/* this NSEC is NOT valid to prove a NXDOMAIN at c.powerdns.com because it proves that
it exists and is an ENT */
denialState = getDenial(denialMap, DNSName("c.powerdns.com."), QType::AAAA, true, false);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial)
dState denialState = getDenial(denialMap, DNSName("a."), QType::A, false, true);
/* no data means the qname/qtype is not denied, because an ancestor
delegation NSEC3 can only deny the DS */
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true);
- BOOST_CHECK_EQUAL(denialState, NXQTYPE);
+ BOOST_CHECK_EQUAL(denialState, dState::NXQTYPE);
/* it can not be used to deny any RRs below that owner name either */
/* Add NSEC3 for the next closer */
denialMap[std::make_pair(records.at(0).d_name, records.at(0).d_type)] = pair;
denialState = getDenial(denialMap, DNSName("sub.a."), QType::A, false, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_nsec3_denial_too_many_iterations)
dState denialState = getDenial(denialMap, DNSName("a."), QType::A, false, true);
/* since we refuse to compute more than g_maxNSEC3Iterations iterations, it should be Insecure */
- BOOST_CHECK_EQUAL(denialState, INSECURE);
+ BOOST_CHECK_EQUAL(denialState, dState::INSECURE);
}
BOOST_AUTO_TEST_CASE(test_nsec3_insecure_delegation_denial)
/* Insecure because the NS is not set, so while it does
denies the DS, it can't prove an insecure delegation */
dState denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true);
- BOOST_CHECK_EQUAL(denialState, NODATA);
+ BOOST_CHECK_EQUAL(denialState, dState::NODENIAL);
}
BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity)
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
BOOST_CHECK_EQUAL(ne.d_ttd, fixedNow + 1);
- BOOST_CHECK_EQUAL(ne.d_validationState, Secure);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Secure);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
BOOST_CHECK_EQUAL(ne.d_ttd, fixedNow + SyncRes::s_maxbogusttl);
- BOOST_CHECK_EQUAL(ne.d_validationState, Bogus);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 3U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
}
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
}
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::A || record.d_type == QType::RRSIG);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::A || record.d_type == QType::RRSIG);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::A);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::A);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::A);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
/* check that we correctly capped the TTD for a Bogus record after
just-in-time validation */
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::A);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A || record.d_type == QType::RRSIG);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A || record.d_type == QType::RRSIG);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
/* check that we correctly capped the TTD for a Bogus record after
just-in-time validation */
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_CHECK_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::RRSIG || record.d_type == QType::A);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(addTarget, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_CHECK_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK(record.d_type == QType::RRSIG || record.d_type == QType::A);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
/* check that the entry has been negatively cached */
NegCache::NegCacheEntry ne;
BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Secure);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Secure);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Secure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 4U);
BOOST_CHECK_EQUAL(queriesCount, 4U);
}
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
/* check that the entry has not been negatively cached */
NegCache::NegCacheEntry ne;
BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0U);
BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0U);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure);
BOOST_REQUIRE_EQUAL(ret.size(), 1U);
BOOST_CHECK_EQUAL(queriesCount, 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Insecure);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Insecure);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0U);
BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0U);
sr->setDNSSECValidationRequested(false);
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
if (record.d_type == QType::SOA) {
NegCache::NegCacheEntry ne;
BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.d_ttd, now + SyncRes::s_maxnegttl);
sr->setDNSSECValidationRequested(true);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK_EQUAL(record.d_ttl, SyncRes::s_maxbogusttl);
}
BOOST_CHECK_EQUAL(queriesCount, 4U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Bogus);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.d_ttd, now + SyncRes::s_maxbogusttl);
sr->setDNSSECValidationRequested(false);
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
- BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus);
+ BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus);
BOOST_REQUIRE_EQUAL(ret.size(), 2U);
for (const auto& record : ret) {
BOOST_CHECK_EQUAL(record.d_ttl, SyncRes::s_maxbogusttl);
}
BOOST_CHECK_EQUAL(queriesCount, 4U);
BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true);
- BOOST_CHECK_EQUAL(ne.d_validationState, Bogus);
+ BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus);
BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U);
BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U);
BOOST_CHECK_EQUAL(ne.d_ttd, now + SyncRes::s_maxbogusttl);
dsmap_t ds;
auto state = sr->getDSRecords(target, ds, false, 0, false);
- BOOST_CHECK_EQUAL(state, Secure);
+ BOOST_CHECK_EQUAL(state, vState::Secure);
BOOST_REQUIRE_EQUAL(ds.size(), 1U);
for (const auto& i : ds) {
BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA256);
dsmap_t ds;
auto state = sr->getDSRecords(target, ds, false, 0, false);
- BOOST_CHECK_EQUAL(state, Secure);
+ BOOST_CHECK_EQUAL(state, vState::Secure);
BOOST_REQUIRE_EQUAL(ds.size(), 1U);
for (const auto& i : ds) {
BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA384);
dsmap_t ds;
auto state = sr->getDSRecords(target, ds, false, 0, false);
- BOOST_CHECK_EQUAL(state, Secure);
+ BOOST_CHECK_EQUAL(state, vState::Secure);
BOOST_REQUIRE_EQUAL(ds.size(), 2U);
for (const auto& i : ds) {
BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA256);
void primeHints(void)
{
// prime root cache
- const vState validationState = Insecure;
+ const vState validationState = vState::Insecure;
vector<DNSRecord> nsset;
t_rootNSZones.clear();
boost::replace_all(qstring, "+", "_");
boost::replace_all(qstring, "~", "_");
- vState state = Indeterminate;
+ vState state = vState::Indeterminate;
DNSName query(qstring);
int res = sr.beginResolve(query, QType(QType::TXT), 1, ret);
state = sr.getValidationState();
}
- if(state == Bogus) {
+ if(state == vState::Bogus) {
g_log<<Logger::Error<<"Failed to retrieve security status update for '" +pkgv+ "' on '"<<query<<"', DNSSEC validation result was Bogus!"<<endl;
if(g_security_status == 1) // If we were OK, go to unknown
g_security_status = 0;
/** everything begins here - this is the entry point just after receiving a packet */
int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qclass, vector<DNSRecord>&ret, unsigned int depth)
{
- vState state = Indeterminate;
+ vState state = vState::Indeterminate;
s_queries++;
d_wasVariable=false;
d_wasOutOfBand=false;
if (doSpecialNamesResolve(qname, qtype, qclass, ret)) {
- d_queryValidationState = Insecure; // this could fool our stats into thinking a validation took place
+ d_queryValidationState = vState::Insecure; // this could fool our stats into thinking a validation took place
return 0; // so do check before updating counters (we do now)
}
d_queryValidationState = state;
if (shouldValidate()) {
- if (d_queryValidationState != Indeterminate) {
+ if (d_queryValidationState != vState::Indeterminate) {
g_stats.dnssecValidations++;
}
increaseDNSSECStateCounter(d_queryValidationState);
LOG(prefix<<qname<<": Wants "<< (d_doDNSSEC ? "" : "NO ") << "DNSSEC processing, "<<(d_requireAuthData ? "" : "NO ")<<"auth data in query for "<<qtype.getName()<<endl);
- state = Indeterminate;
+ state = vState::Indeterminate;
if (s_maxdepth && depth > s_maxdepth) {
string msg = "More than " + std::to_string(s_maxdepth) + " (max-recursion-depth) levels of recursion needed while resolving " + qname.toLogString();
d_DNSSECValidationRequested = false;
try {
- vState newState = Indeterminate;
+ vState newState = vState::Indeterminate;
res_t resv4;
// If IPv4 ever becomes second class, we should revisit this
if (doResolve(qname, QType::A, resv4, depth+1, beenthere, newState) == 0) { // this consults cache, OR goes out
if (s_doIPv6) {
if (ret.empty()) {
// We did not find IPv4 addresses, try to get IPv6 ones
- newState = Indeterminate;
+ newState = vState::Indeterminate;
res_t resv6;
if (doResolve(qname, QType::AAAA, resv6, depth+1, beenthere, newState) == 0) { // this consults cache, OR goes out
for (const auto &i : resv6) {
void SyncRes::updateValidationStatusInCache(const DNSName &qname, const QType& qt, bool aa, vState newState) const
{
- if (newState == Bogus) {
+ if (newState == vState::Bogus) {
s_RC->updateValidationStatus(d_now.tv_sec, qname, qt, d_cacheRemote, d_routingTag, aa, newState, s_maxbogusttl + d_now.tv_sec);
}
else {
if(record.d_ttl > (unsigned int) d_now.tv_sec) {
- if (!wasAuthZone && shouldValidate() && (wasAuth || wasForwardRecurse) && state == Indeterminate && d_requireAuthData) {
+ if (!wasAuthZone && shouldValidate() && (wasAuth || wasForwardRecurse) && state == vState::Indeterminate && d_requireAuthData) {
/* This means we couldn't figure out the state when this entry was cached,
most likely because we hadn't computed the zone cuts yet. */
/* make sure they are computed before validating */
computeZoneCuts(subdomain, g_rootdnsname, depth);
vState recordState = getValidationStatus(foundName, false);
- if (recordState == Secure) {
- LOG(prefix<<qname<<": got Indeterminate state from the "<<foundQT.getName()<<" cache, validating.."<<endl);
+ if (recordState == vState::Secure) {
+ LOG(prefix<<qname<<": got vState::Indeterminate state from the "<<foundQT.getName()<<" cache, validating.."<<endl);
state = SyncRes::validateRecordsWithSigs(depth, foundName, foundQT, foundName, cset, signatures);
- if (state != Indeterminate) {
- LOG(prefix<<qname<<": got Indeterminate state from the CNAME cache, new validation result is "<<state<<endl);
- if (state == Bogus) {
+ if (state != vState::Indeterminate) {
+ LOG(prefix<<qname<<": got vState::Indeterminate state from the CNAME cache, new validation result is "<<state<<endl);
+ if (state == vState::Bogus) {
capTTL = s_maxbogusttl;
}
updateValidationStatusInCache(foundName, foundQT, wasAuth, state);
}
set<GetBestNSAnswer>beenthere;
- vState cnameState = Indeterminate;
+ vState cnameState = vState::Indeterminate;
res = doResolve(newTarget, qtype, ret, depth+1, beenthere, cnameState);
LOG(prefix<<qname<<": updating validation state for response to "<<qname<<" from "<<state<<" with the state from the DNAME/CNAME quest: "<<cnameState<<endl);
updateValidationState(state, cnameState);
const DNSName& owner = entry.first.name;
vState recordState = getValidationStatus(owner, false);
- if (state == Indeterminate) {
+ if (state == vState::Indeterminate) {
state = recordState;
}
- if (recordState == Secure) {
+ if (recordState == vState::Secure) {
recordState = SyncRes::validateRecordsWithSigs(depth, qname, qtype, owner, entry.second.records, entry.second.signatures);
}
- if (recordState != Indeterminate && recordState != state) {
+ if (recordState != vState::Indeterminate && recordState != state) {
updateValidationState(state, recordState);
- if (state != Secure) {
+ if (state != vState::Secure) {
break;
}
}
}
- if (state == Secure) {
+ if (state == vState::Secure) {
vState neValidationState = ne.d_validationState;
- dState expectedState = res == RCode::NXDomain ? NXDOMAIN : NXQTYPE;
+ dState expectedState = res == RCode::NXDomain ? dState::NXDOMAIN : dState::NXQTYPE;
dState denialState = getDenialValidationState(ne, state, expectedState, false);
- updateDenialValidationState(neValidationState, ne.d_name, state, denialState, expectedState, qtype == QType::DS || expectedState == NXDOMAIN);
+ updateDenialValidationState(neValidationState, ne.d_name, state, denialState, expectedState, qtype == QType::DS || expectedState == dState::NXDOMAIN);
}
- if (state != Indeterminate) {
+ if (state != vState::Indeterminate) {
/* validation succeeded, let's update the cache entry so we don't have to validate again */
boost::optional<uint32_t> capTTD = boost::none;
- if (state == Bogus) {
+ if (state == vState::Bogus) {
capTTD = d_now.tv_sec + s_maxbogusttl;
}
t_sstorage.negcache.updateValidationStatus(ne.d_name, ne.d_qtype, state, capTTD);
labels.pop_back();
while(!labels.empty()) {
if (t_sstorage.negcache.get(negCacheName, QType(0), d_now, ne, true)) {
- if (ne.d_validationState == Indeterminate && validationEnabled()) {
- // LOG(prefix << negCacheName << " negatively cached and Indeterminate, trying to validate NXDOMAIN" << endl);
+ if (ne.d_validationState == vState::Indeterminate && validationEnabled()) {
+ // LOG(prefix << negCacheName << " negatively cached and vState::Indeterminate, trying to validate NXDOMAIN" << endl);
// ...
// And get the updated ne struct
//t_sstorage.negcache.get(negCacheName, QType(0), d_now, ne, true);
}
- if ((s_hardenNXD == HardenNXD::Yes && ne.d_validationState != Bogus) || ne.d_validationState == Secure) {
+ if ((s_hardenNXD == HardenNXD::Yes && ne.d_validationState != vState::Bogus) || ne.d_validationState == vState::Secure) {
res = RCode::NXDomain;
sttl = ne.d_ttd - d_now.tv_sec;
giveNegative = true;
state = cachedState;
- if (!wasAuthZone && shouldValidate() && state == Indeterminate) {
- LOG(prefix<<qname<<": got Indeterminate state for records retrieved from the negative cache, validating.."<<endl);
+ if (!wasAuthZone && shouldValidate() && state == vState::Indeterminate) {
+ LOG(prefix<<qname<<": got vState::Indeterminate state for records retrieved from the negative cache, validating.."<<endl);
computeNegCacheValidationStatus(ne, qname, qtype, res, state, depth);
- if (state != cachedState && state == Bogus) {
+ if (state != cachedState && state == vState::Bogus) {
sttl = std::min(sttl, s_maxbogusttl);
}
}
LOG(prefix<<sqname<<": Found cache hit for "<<sqt.getName()<<": ");
- if (!wasAuthZone && shouldValidate() && (wasCachedAuth || wasForwardRecurse) && cachedState == Indeterminate && d_requireAuthData) {
+ if (!wasAuthZone && shouldValidate() && (wasCachedAuth || wasForwardRecurse) && cachedState == vState::Indeterminate && d_requireAuthData) {
/* This means we couldn't figure out the state when this entry was cached,
most likely because we hadn't computed the zone cuts yet. */
computeZoneCuts(subdomain, g_rootdnsname, depth);
vState recordState = getValidationStatus(qname, false);
- if (recordState == Secure) {
- LOG(prefix<<sqname<<": got Indeterminate state from the cache, validating.."<<endl);
+ if (recordState == vState::Secure) {
+ LOG(prefix<<sqname<<": got vState::Indeterminate state from the cache, validating.."<<endl);
if (sqt == QType::DNSKEY) {
cachedState = validateDNSKeys(sqname, cset, signatures, depth);
}
cachedState = recordState;
}
- if (cachedState != Indeterminate) {
- LOG(prefix<<qname<<": got Indeterminate state from the cache, validation result is "<<cachedState<<endl);
- if (cachedState == Bogus) {
+ if (cachedState != vState::Indeterminate) {
+ LOG(prefix<<qname<<": got vState::Indeterminate state from the cache, validation result is "<<cachedState<<endl);
+ if (cachedState == vState::Bogus) {
capTTL = s_maxbogusttl;
}
updateValidationStatusInCache(sqname, sqt, wasCachedAuth, cachedState);
{
LOG(d_prefix<<"validation state was "<<state<<", state update is "<<stateUpdate);
- if (stateUpdate == TA) {
- state = Secure;
+ if (stateUpdate == vState::TA) {
+ state = vState::Secure;
}
- else if (stateUpdate == NTA) {
- state = Insecure;
+ else if (stateUpdate == vState::NTA) {
+ state = vState::Insecure;
}
- else if (stateUpdate == Bogus) {
- state = Bogus;
+ else if (stateUpdate == vState::Bogus) {
+ state = vState::Bogus;
}
- else if (state == Indeterminate) {
+ else if (state == vState::Indeterminate) {
state = stateUpdate;
}
- else if (stateUpdate == Insecure) {
- if (state != Bogus) {
- state = Insecure;
+ else if (stateUpdate == vState::Insecure) {
+ if (state != vState::Bogus) {
+ state = vState::Insecure;
}
}
LOG(", validation state is now "<<state<<endl);
if (luaLocal->dsAnchors.empty()) {
LOG(d_prefix<<": No trust anchors configured, everything is Insecure"<<endl);
/* We have no TA, everything is insecure */
- return Insecure;
+ return vState::Insecure;
}
std::string reason;
if (haveNegativeTrustAnchor(luaLocal->negAnchors, zone, reason)) {
LOG(d_prefix<<": got NTA for '"<<zone<<"'"<<endl);
- return NTA;
+ return vState::NTA;
}
if (getTrustAnchor(luaLocal->dsAnchors, zone, ds)) {
LOG(d_prefix<<": got TA for '"<<zone<<"'"<<endl);
- return TA;
+ return vState::TA;
}
else {
LOG(d_prefix<<": no TA found for '"<<zone<<"' among "<< luaLocal->dsAnchors.size()<<endl);
if (zone.isRoot()) {
/* No TA for the root */
- return Insecure;
+ return vState::Insecure;
}
- return Indeterminate;
+ return vState::Indeterminate;
}
static size_t countSupportedDS(const dsmap_t& dsmap)
{
vState result = getTA(zone, ds);
- if (result != Indeterminate || taOnly) {
+ if (result != vState::Indeterminate || taOnly) {
if (foundCut) {
- *foundCut = (result != Indeterminate);
+ *foundCut = (result != vState::Indeterminate);
}
- if (result == TA) {
+ if (result == vState::TA) {
if (countSupportedDS(ds) == 0) {
ds.clear();
- result = Insecure;
+ result = vState::Insecure;
}
else {
- result = Secure;
+ result = vState::Secure;
}
}
- else if (result == NTA) {
- result = Insecure;
+ else if (result == vState::NTA) {
+ result = vState::Insecure;
}
return result;
std::set<GetBestNSAnswer> beenthere;
std::vector<DNSRecord> dsrecords;
- vState state = Indeterminate;
+ vState state = vState::Indeterminate;
const bool oldCacheOnly = setCacheOnly(false);
int rcode = doResolve(zone, QType(QType::DS), dsrecords, depth + 1, beenthere, state);
setCacheOnly(oldCacheOnly);
- a signed zone (Secure) to an unsigned one (Insecure)
- an unsigned zone to another unsigned one (Insecure stays Insecure, Bogus stays Bogus)
*/
- return state == Secure ? Insecure : state;
+ return state == vState::Secure ? vState::Insecure : state;
} else {
/* we have a DS */
if (foundCut) {
}
LOG(d_prefix<<": returning Bogus state from "<<__func__<<"("<<zone<<")"<<endl);
- return Bogus;
+ return vState::Bogus;
}
bool SyncRes::haveExactValidationStatus(const DNSName& domain)
vState SyncRes::getValidationStatus(const DNSName& subdomain, bool allowIndeterminate)
{
- vState result = Indeterminate;
+ vState result = vState::Indeterminate;
if (!shouldValidate()) {
return result;
do {
const auto& it = d_cutStates.find(name);
if (it != d_cutStates.cend()) {
- if (allowIndeterminate || it->second != Indeterminate) {
+ if (allowIndeterminate || it->second != vState::Indeterminate) {
LOG(d_prefix<<": got status "<<it->second<<" for name "<<subdomain<<" (from "<<name<<")"<<endl);
return it->second;
}
{
bool foundCut = false;
dsmap_t ds;
- vState dsState = getDSRecords(qname, ds, newState == Bogus || existingState == Insecure || existingState == Bogus, depth, false, &foundCut);
+ vState dsState = getDSRecords(qname, ds, newState == vState::Bogus || existingState == vState::Insecure || existingState == vState::Bogus, depth, false, &foundCut);
- if (dsState != Indeterminate) {
+ if (dsState != vState::Indeterminate) {
newState = dsState;
}
const auto cutIt = d_cutStates.find(qname);
if (cutIt != d_cutStates.cend()) {
- if (cutIt->second != Indeterminate) {
+ if (cutIt->second != vState::Indeterminate) {
LOG(d_prefix<<": - Cut already known at "<<qname<<endl);
cutState = cutIt->second;
continue;
/* no need to look for NS and DS if we are already insecure or bogus,
just look for (N)TA
*/
- if (cutState == Insecure || cutState == Bogus) {
+ if (cutState == vState::Insecure || cutState == vState::Bogus) {
dsmap_t cutDS;
vState newState = getDSRecords(qname, cutDS, true, depth);
- if (newState == Indeterminate) {
+ if (newState == vState::Indeterminate) {
continue;
}
continue;
}
- vState newState = Indeterminate;
- /* temporarily mark as Indeterminate, so that we won't enter an endless loop
+ vState newState = vState::Indeterminate;
+ /* temporarily mark as vState::Indeterminate, so that we won't enter an endless loop
trying to determine that zone cut again. */
d_cutStates[qname] = newState;
bool foundCut = lookForCut(qname, depth, cutState, newState);
if (foundCut) {
LOG(d_prefix<<": - Found cut at "<<qname<<endl);
- if (newState != Indeterminate) {
+ if (newState != vState::Indeterminate) {
cutState = newState;
}
LOG(d_prefix<<": New state for "<<qname<<" is "<<cutState<<endl);
if (!signer.empty() && zone.isPartOf(signer)) {
vState state = getDSRecords(signer, ds, false, depth);
- if (state != Secure) {
+ if (state != vState::Secure) {
return state;
}
}
covering this set, this looks Bogus. */
if (validatedKeys.size() != tentativeKeys.size()) {
LOG(d_prefix<<": returning Bogus state from "<<__func__<<"("<<zone<<")"<<endl);
- return Bogus;
+ return vState::Bogus;
}
- return Secure;
+ return vState::Secure;
}
vState SyncRes::getDNSKeys(const DNSName& signer, skeyset_t& keys, unsigned int depth)
std::set<GetBestNSAnswer> beenthere;
LOG(d_prefix<<"Retrieving DNSKeys for "<<signer<<endl);
- vState state = Indeterminate;
+ vState state = vState::Indeterminate;
const bool oldCacheOnly = setCacheOnly(false);
int rcode = doResolve(signer, QType(QType::DNSKEY), records, depth + 1, beenthere, state);
setCacheOnly(oldCacheOnly);
}
if (rcode == RCode::NoError) {
- if (state == Secure) {
+ if (state == vState::Secure) {
for (const auto& key : records) {
if (key.d_type == QType::DNSKEY) {
auto content = getRR<DNSKEYRecordContent>(key);
}
LOG(d_prefix<<"Returning Bogus state from "<<__func__<<"("<<signer<<")"<<endl);
- return Bogus;
+ return vState::Bogus;
}
vState SyncRes::validateRecordsWithSigs(unsigned int depth, const DNSName& qname, const QType& qtype, const DNSName& name, const std::vector<DNSRecord>& records, const std::vector<std::shared_ptr<RRSIGRecordContent> >& signatures)
DS (or a denial of a DS) signed by the DS itself, since we should be
requesting it from the parent zone. Something is very wrong */
LOG(d_prefix<<"The DS for "<<qname<<" is signed by itself, going Bogus"<<endl);
- return Bogus;
+ return vState::Bogus;
}
- return Indeterminate;
+ return vState::Indeterminate;
}
vState state = getDNSKeys(signer, keys, depth);
- if (state != Secure) {
+ if (state != vState::Secure) {
return state;
}
}
} else {
LOG(d_prefix<<"Bogus!"<<endl);
- return Bogus;
+ return vState::Bogus;
}
sortedRecords_t recordcontents;
LOG(d_prefix<<"Going to validate "<<recordcontents.size()<< " record contents with "<<signatures.size()<<" sigs and "<<keys.size()<<" keys for "<<name<<endl);
if (validateWithKeySet(d_now.tv_sec, name, recordcontents, signatures, keys, false)) {
LOG(d_prefix<<"Secure!"<<endl);
- return Secure;
+ return vState::Secure;
}
LOG(d_prefix<<"Bogus!"<<endl);
- return Bogus;
+ return vState::Bogus;
}
static bool allowAdditionalEntry(std::unordered_set<DNSName>& allowedAdditionals, const DNSRecord& rec)
vState recordState = getValidationStatus(i->first.name, false);
LOG(d_prefix<<": got initial zone status "<<recordState<<" for record "<<i->first.name<<"|"<<DNSRecordContent::NumberToType(i->first.type)<<endl);
- if (shouldValidate() && recordState == Secure) {
+ if (shouldValidate() && recordState == vState::Secure) {
vState initialState = recordState;
if (expectSignature) {
LOG(d_prefix<<"Validating non-additional record for "<<i->first.name<<endl);
recordState = validateRecordsWithSigs(depth, qname, qtype, i->first.name, i->second.records, i->second.signatures);
/* we might have missed a cut (zone cut within the same auth servers), causing the NS query for an Insecure zone to seem Bogus during zone cut determination */
- if (qtype == QType::NS && i->second.signatures.empty() && recordState == Bogus && haveExactValidationStatus(i->first.name) && getValidationStatus(i->first.name) == Indeterminate) {
- recordState = Indeterminate;
+ if (qtype == QType::NS && i->second.signatures.empty() && recordState == vState::Bogus && haveExactValidationStatus(i->first.name) && getValidationStatus(i->first.name) == vState::Indeterminate) {
+ recordState = vState::Indeterminate;
}
}
}
}
}
else {
- recordState = Indeterminate;
+ recordState = vState::Indeterminate;
/* in a non authoritative answer, we only care about the DS record (or lack of) */
if ((i->first.type == QType::DS || i->first.type == QType::NSEC || i->first.type == QType::NSEC3) && i->first.place == DNSResourceRecord::AUTHORITY) {
}
}
- if (initialState == Secure && state != recordState && expectSignature) {
+ if (initialState == vState::Secure && state != recordState && expectSignature) {
updateValidationState(state, recordState);
}
}
}
}
- if (recordState == Bogus) {
+ if (recordState == vState::Bogus) {
/* this is a TTD by now, be careful */
for(auto& record : i->second.records) {
record.d_ttl = std::min(record.d_ttl, static_cast<uint32_t>(s_maxbogusttl + d_now.tv_sec));
void SyncRes::updateDenialValidationState(vState& neValidationState, const DNSName& neName, vState& state, const dState denialState, const dState expectedState, bool allowOptOut)
{
if (denialState == expectedState) {
- neValidationState = Secure;
+ neValidationState = vState::Secure;
}
else {
- if (denialState == OPTOUT && allowOptOut) {
+ if (denialState == dState::OPTOUT && allowOptOut) {
LOG(d_prefix<<"OPT-out denial found for "<<neName<<endl);
/* rfc5155 states:
"The AD bit, as defined by [RFC4035], MUST NOT be set when returning a
At best the Opt-Out NSEC3 RR proves that there is no signed DS (so no
secure delegation).
*/
- neValidationState = Insecure;
+ neValidationState = vState::Insecure;
}
- else if (denialState == INSECURE) {
+ else if (denialState == dState::INSECURE) {
LOG(d_prefix<<"Insecure denial found for "<<neName<<", returning Insecure"<<endl);
- neValidationState = Insecure;
+ neValidationState = vState::Insecure;
}
else {
LOG(d_prefix<<"Invalid denial found for "<<neName<<", returning Bogus, res="<<denialState<<", expectedState="<<expectedState<<endl);
- neValidationState = Bogus;
+ neValidationState = vState::Bogus;
}
updateValidationState(state, neValidationState);
}
dState SyncRes::getDenialValidationState(const NegCache::NegCacheEntry& ne, const vState state, const dState expectedState, bool referralToUnsigned)
{
cspmap_t csp = harvestCSPFromNE(ne);
- return getDenial(csp, ne.d_name, ne.d_qtype.getCode(), referralToUnsigned, expectedState == NXQTYPE);
+ return getDenial(csp, ne.d_name, ne.d_qtype.getCode(), referralToUnsigned, expectedState == dState::NXQTYPE);
}
bool SyncRes::processRecords(const std::string& prefix, const DNSName& qname, const QType& qtype, const DNSName& auth, LWResult& lwr, const bool sendRDQuery, vector<DNSRecord>& ret, set<DNSName>& nsset, DNSName& newtarget, DNSName& newauth, bool& realreferral, bool& negindic, vState& state, const bool needWildcardProof, const bool gatherWildcardProof, const unsigned int wildcardLabelsCount)
ne.d_auth = rec.d_name;
harvestNXRecords(lwr.d_records, ne, d_now.tv_sec, &lowestTTL);
- if (state == Secure) {
- dState denialState = getDenialValidationState(ne, state, NXDOMAIN, false);
- updateDenialValidationState(ne.d_validationState, ne.d_name, state, denialState, NXDOMAIN, true);
+ if (state == vState::Secure) {
+ dState denialState = getDenialValidationState(ne, state, dState::NXDOMAIN, false);
+ updateDenialValidationState(ne.d_validationState, ne.d_name, state, denialState, dState::NXDOMAIN, true);
}
else {
ne.d_validationState = state;
}
- if (ne.d_validationState == Bogus) {
+ if (ne.d_validationState == vState::Bogus) {
lowestTTL = min(lowestTTL, s_maxbogusttl);
}
done=true;
- if (state == Secure && needWildcardProof) {
+ if (state == vState::Secure && needWildcardProof) {
/* We have a positive answer synthesized from a wildcard, we need to check that we have
proof that the exact name doesn't exist so the wildcard can be used,
as described in section 5.3.4 of RFC 4035 and 5.3 of RFC 7129.
cspmap_t csp = harvestCSPFromNE(ne);
dState res = getDenial(csp, qname, ne.d_qtype.getCode(), false, false, false, wildcardLabelsCount);
- if (res != NXDOMAIN) {
- vState st = Bogus;
- if (res == INSECURE) {
+ if (res != dState::NXDOMAIN) {
+ vState st = vState::Bogus;
+ if (res == dState::INSECURE) {
/* Some part could not be validated, for example a NSEC3 record with a too large number of iterations,
this is not enough to warrant a Bogus, but go Insecure. */
- st = Insecure;
+ st = vState::Insecure;
LOG(d_prefix<<"Unable to validate denial in wildcard expanded positive response found for "<<qname<<", returning Insecure, res="<<res<<endl);
}
else {
}
else if(realreferral && rec.d_place==DNSResourceRecord::AUTHORITY && (rec.d_type==QType::NSEC || rec.d_type==QType::NSEC3) && newauth.isPartOf(auth)) {
/* we might have received a denial of the DS, let's check */
- if (state == Secure) {
+ if (state == vState::Secure) {
NegCache::NegCacheEntry ne;
ne.d_auth = auth;
ne.d_name = newauth;
uint32_t lowestTTL = rec.d_ttl;
harvestNXRecords(lwr.d_records, ne, d_now.tv_sec, &lowestTTL);
- dState denialState = getDenialValidationState(ne, state, NXQTYPE, true);
+ dState denialState = getDenialValidationState(ne, state, dState::NXQTYPE, true);
- if (denialState == NXQTYPE || denialState == OPTOUT || denialState == INSECURE) {
+ if (denialState == dState::NXQTYPE || denialState == dState::OPTOUT || denialState == dState::INSECURE) {
ne.d_ttd = lowestTTL + d_now.tv_sec;
- ne.d_validationState = Secure;
- if (denialState == OPTOUT) {
- ne.d_validationState = Insecure;
+ ne.d_validationState = vState::Secure;
+ if (denialState == dState::OPTOUT) {
+ ne.d_validationState = vState::Insecure;
}
LOG(prefix<<qname<<": got negative indication of DS record for '"<<newauth<<"'"<<endl);
ne.d_qtype = qtype;
harvestNXRecords(lwr.d_records, ne, d_now.tv_sec, &lowestTTL);
- if (state == Secure) {
- dState denialState = getDenialValidationState(ne, state, NXQTYPE, false);
- updateDenialValidationState(ne.d_validationState, ne.d_name, state, denialState, NXQTYPE, qtype == QType::DS);
+ if (state == vState::Secure) {
+ dState denialState = getDenialValidationState(ne, state, dState::NXQTYPE, false);
+ updateDenialValidationState(ne.d_validationState, ne.d_name, state, denialState, dState::NXQTYPE, qtype == QType::DS);
} else {
ne.d_validationState = state;
}
- if (ne.d_validationState == Bogus) {
+ if (ne.d_validationState == vState::Bogus) {
lowestTTL = min(lowestTTL, s_maxbogusttl);
rec.d_ttl = min(rec.d_ttl, s_maxbogusttl);
}
LOG(prefix<<qname<<": status=got a CNAME referral, starting over with "<<newtarget<<endl);
set<GetBestNSAnswer> beenthere2;
- vState cnameState = Indeterminate;
+ vState cnameState = vState::Indeterminate;
*rcode = doResolve(newtarget, qtype, ret, depth + 1, beenthere2, cnameState);
LOG(prefix<<qname<<": updating validation state for response to "<<qname<<" from "<<state<<" with the state from the CNAME quest: "<<cnameState<<endl);
updateValidationState(state, cnameState);
if(lwr.d_rcode == RCode::NXDomain) {
LOG(prefix<<qname<<": status=NXDOMAIN, we are done "<<(negindic ? "(have negative SOA)" : "")<<endl);
- if (state == Secure && (lwr.d_aabit || sendRDQuery) && !negindic) {
- updateValidationState(state, Bogus);
+ if (state == vState::Secure && (lwr.d_aabit || sendRDQuery) && !negindic) {
+ updateValidationState(state, vState::Bogus);
}
if(d_doDNSSEC)
if(nsset.empty() && !lwr.d_rcode && (negindic || lwr.d_aabit || sendRDQuery)) {
LOG(prefix<<qname<<": status=noerror, other types may exist, but we are done "<<(negindic ? "(have negative SOA) " : "")<<(lwr.d_aabit ? "(have aa bit) " : "")<<endl);
- if(state == Secure && (lwr.d_aabit || sendRDQuery) && !negindic) {
- updateValidationState(state, Bogus);
+ if(state == vState::Secure && (lwr.d_aabit || sendRDQuery) && !negindic) {
+ updateValidationState(state, vState::Bogus);
}
if(d_doDNSSEC)
LOG(prefix<<qname<<": Domain is out-of-band"<<endl);
/* setting state to indeterminate since validation is disabled for local auth zone,
and Insecure would be misleading. */
- state = Indeterminate;
+ state = vState::Indeterminate;
d_wasOutOfBand = doOOBResolve(qname, qtype, lwr.d_records, depth, lwr.d_rcode);
lwr.d_tcbit=false;
lwr.d_aabit=true;
res=sr.beginResolve(g_rootdnsname, QType(QType::NS), 1, ret, depth + 1);
if (g_dnssecmode != DNSSECMode::Off && g_dnssecmode != DNSSECMode::ProcessNoValidate) {
auto state = sr.getValidationState();
- if (state == Bogus)
+ if (state == vState::Bogus)
throw PDNSException("Got Bogus validation result for .|NS");
}
return res;
asyncresolve_t d_asyncResolve{nullptr};
struct timeval d_now;
string d_prefix;
- vState d_queryValidationState{Indeterminate};
+ vState d_queryValidationState{vState::Indeterminate};
/* When d_cacheonly is set to true, we will only check the cache.
* This is set when the RD bit is unset in the incoming query
pw.commit();
string rpacket((const char*)&packet[0], packet.size());
- rpc.insertResponsePacket(tag, qhash, string(qpacket), qname, QType::A, QClass::IN, string(rpacket), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag, qhash, string(qpacket), qname, QType::A, QClass::IN, string(rpacket), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 1U);
rpc.doPruneTo(0);
BOOST_CHECK_EQUAL(rpc.size(), 0U);
- rpc.insertResponsePacket(tag, qhash, string(qpacket), qname, QType::A, QClass::IN, string(rpacket), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag, qhash, string(qpacket), qname, QType::A, QClass::IN, string(rpacket), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 1U);
rpc.doWipePacketCache(qname);
BOOST_CHECK_EQUAL(rpc.size(), 0U);
- rpc.insertResponsePacket(tag, qhash, string(qpacket), qname, QType::A, QClass::IN, string(rpacket), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag, qhash, string(qpacket), qname, QType::A, QClass::IN, string(rpacket), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 1U);
uint32_t qhash2 = 0;
bool found = rpc.getResponsePacket(tag, qpacket, time(nullptr), &fpacket, &age, &qhash2);
BOOST_CHECK(r1packet != r2packet);
/* inserting a response for tag1 */
- rpc.insertResponsePacket(tag1, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r1packet), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag1, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r1packet), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 1U);
/* inserting a different response for tag2, should not override the first one */
- rpc.insertResponsePacket(tag2, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r2packet), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag2, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r2packet), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 2U);
/* remove all responses from the cache */
BOOST_CHECK_EQUAL(rpc.size(), 0U);
/* reinsert both */
- rpc.insertResponsePacket(tag1, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r1packet), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag1, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r1packet), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 1U);
- rpc.insertResponsePacket(tag2, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r2packet), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag2, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r2packet), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 2U);
/* remove the responses by qname, should remove both */
BOOST_CHECK_EQUAL(rpc.size(), 0U);
/* insert the response for tag1 */
- rpc.insertResponsePacket(tag1, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r1packet), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag1, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r1packet), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 1U);
/* we can retrieve it */
BOOST_CHECK_EQUAL(temphash, qhash);
/* adding a response for the second tag */
- rpc.insertResponsePacket(tag2, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r2packet), time(0), ttd, Indeterminate, 0, 0, boost::none);
+ rpc.insertResponsePacket(tag2, qhash, string(qpacket), qname, QType::A, QClass::IN, string(r2packet), time(0), ttd, vState::Indeterminate, 0, 0, boost::none);
BOOST_CHECK_EQUAL(rpc.size(), 2U);
/* We still get the correct response for the first tag */
for(const auto& sig : csp.second.signatures) {
cerr<<"got rrsig "<<sig->d_signer<<"/"<<sig->d_tag<<endl;
vState state = getKeysFor(tro, sig->d_signer, keys);
- cerr<<"! state = "<<vStates[state]<<", now have "<<keys.size()<<" keys at "<<qname<<endl;
+ cerr<<"! state = "<<state<<", now have "<<keys.size()<<" keys at "<<qname<<endl;
// dsmap.insert(make_pair(dsrc.d_tag, dsrc));
}
}
else {
cerr<<"no sigs, hoping for Insecure"<<endl;
vState state = getKeysFor(tro, qname, keys);
- cerr<<"! state = "<<vStates[state]<<", now have "<<keys.size()<<" keys at "<<qname<<endl;
+ cerr<<"! state = "<<state<<", now have "<<keys.size()<<" keys at "<<qname<<endl;
}
cerr<<"! validated "<<validrrsets.size()<<" RRsets out of "<<cspmap.size()<<endl;
#define LOG(x) if(g_dnssecLOG) { g_log <<Logger::Warning << x; }
-const char *dStates[]={"nodata", "nxdomain", "nxqtype", "empty non-terminal", "insecure", "opt-out"};
-const char *vStates[]={"Indeterminate", "Bogus", "Insecure", "Secure", "NTA", "TA"};
-
static vector<shared_ptr<DNSKEYRecordContent > > getByTag(const skeyset_t& keys, uint16_t tag, uint8_t algorithm)
{
vector<shared_ptr<DNSKEYRecordContent>> ret;
/*
This function checks whether the existence of qname|qtype is denied by the NSEC and NSEC3
in validrrsets.
- - If `referralToUnsigned` is true and qtype is QType::DS, this functions returns NODATA
+ - If `referralToUnsigned` is true and qtype is QType::DS, this functions returns NODENIAL
if a NSEC or NSEC3 proves that the name exists but no NS type exists, as specified in RFC 5155 section 8.9.
- If `wantsNoDataProof` is set but a NSEC proves that the whole name does not exist, the function will return
NXQTYPE is the name is proven to be ENT and NXDOMAIN otherwise.
LOG("type is "<<QType(qtype).getName()<<", NS is "<<std::to_string(nsec->isSet(QType::NS))<<", SOA is "<<std::to_string(nsec->isSet(QType::SOA))<<", signer is "<<signer<<", owner name is "<<owner<<endl);
/* this is an "ancestor delegation" NSEC RR */
LOG("An ancestor delegation NSEC RR can only deny the existence of a DS"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
/* check if the type is denied */
if(qname == owner) {
if (nsec->isSet(qtype)) {
LOG("Does _not_ deny existence of type "<<QType(qtype).getName()<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
LOG("Denies existence of type "<<QType(qtype).getName()<<endl);
/* RFC 6840 section 4.3 */
if (nsec->isSet(QType::CNAME)) {
LOG("However a CNAME exists"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
/*
*/
if (referralToUnsigned && qtype == QType::DS && !nsec->isSet(QType::NS)) {
LOG("However, no NS record exists at this level!"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
/* we know that the name exists (but this qtype doesn't) so except
}
if (!needWildcardProof || provesNoWildCard(qname, qtype, validrrsets)) {
- return NXQTYPE;
+ return dState::NXQTYPE;
}
LOG("But the existence of a wildcard is not denied for "<<qname<<"/"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
/* check if the whole NAME is denied existing */
/* if the name is an ENT and we received a NODATA answer,
we are fine with a NSEC proving that the name does not exist. */
LOG("Denies existence of type "<<qname<<"/"<<QType(qtype).getName()<<" by proving that "<<qname<<" is an ENT"<<endl);
- return NXQTYPE;
+ return dState::NXQTYPE;
}
else {
/* but for a NXDOMAIN proof, this doesn't make sense! */
LOG("but it tries to deny the existence of "<<qname<<" by proving that "<<qname<<" is an ENT, this does not make sense!"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
}
if (!needWildcardProof) {
LOG("and we did not need a wildcard proof"<<endl);
- return NXDOMAIN;
+ return dState::NXDOMAIN;
}
LOG("but we do need a wildcard proof so ");
if (wantsNoDataProof) {
LOG("looking for NODATA proof"<<endl);
if (provesNoDataWildCard(qname, qtype, validrrsets)) {
- return NXQTYPE;
+ return dState::NXQTYPE;
}
}
else {
LOG("looking for NO wildcard proof"<<endl);
if (provesNoWildCard(qname, qtype, validrrsets)) {
- return NXDOMAIN;
+ return dState::NXDOMAIN;
}
}
LOG("But the existence of a wildcard is not denied for "<<qname<<"/"<<QType(qtype).getName()<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
LOG("Did not deny existence of "<<QType(qtype).getName()<<", "<<owner<<"?="<<qname<<", "<<nsec->isSet(qtype)<<", next: "<<nsec->d_next<<endl);
string h = getHashFromNSEC3(qname, nsec3);
if (h.empty()) {
LOG("Unsupported hash, ignoring"<<endl);
- return INSECURE;
+ return dState::INSECURE;
}
nsec3Seen = true;
LOG("type is "<<QType(qtype).getName()<<", NS is "<<std::to_string(nsec3->isSet(QType::NS))<<", SOA is "<<std::to_string(nsec3->isSet(QType::SOA))<<", signer is "<<signer<<", owner name is "<<v.first.first<<endl);
/* this is an "ancestor delegation" NSEC3 RR */
LOG("An ancestor delegation NSEC3 RR can only deny the existence of a DS"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
// If the name exists, check if the qtype is denied
if(beginHash == h) {
if (nsec3->isSet(qtype)) {
LOG("Does _not_ deny existence of type "<<QType(qtype).getName()<<" for name "<<qname<<" (not opt-out)."<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
LOG("Denies existence of type "<<QType(qtype).getName()<<" for name "<<qname<<" (not opt-out)."<<endl);
/* RFC 6840 section 4.3 */
if (nsec3->isSet(QType::CNAME)) {
LOG("However a CNAME exists"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
/*
*/
if (referralToUnsigned && qtype == QType::DS && !nsec3->isSet(QType::NS)) {
LOG("However, no NS record exists at this level!"<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
- return NXQTYPE;
+ return dState::NXQTYPE;
}
}
}
/* if we have no NSEC3 records, we are done */
if (!nsec3Seen) {
- return NODATA;
+ return dState::NODENIAL;
}
DNSName closestEncloser(qname);
string h = getHashFromNSEC3(closestEncloser, nsec3);
if (h.empty()) {
- return INSECURE;
+ return dState::INSECURE;
}
string beginHash=fromBase32Hex(v.first.first.getRawLabels()[0]);
string h = getHashFromNSEC3(nextCloser, nsec3);
if (h.empty()) {
- return INSECURE;
+ return dState::INSECURE;
}
string beginHash=fromBase32Hex(v.first.first.getRawLabels()[0]);
if (needWildcardProof && !provesNSEC3NoWildCard(closestEncloser, qtype, validrrsets, &wildcardExists)) {
if (!isOptOut) {
LOG("But the existence of a wildcard is not denied for "<<qname<<"/"<<QType(qtype).getName()<<endl);
- return NODATA;
+ return dState::NODENIAL;
}
}
if (isOptOut) {
- return OPTOUT;
+ return dState::OPTOUT;
}
else {
if (wildcardExists) {
- return NXQTYPE;
+ return dState::NXQTYPE;
}
- return NXDOMAIN;
+ return dState::NXDOMAIN;
}
}
// There were no valid NSEC(3) records
// XXX maybe this should be INSECURE... it depends on the semantics of this function
- return NODATA;
+ return dState::NODENIAL;
}
/*
auto luaLocal = g_luaconfs.getLocal();
const auto anchors = luaLocal->dsAnchors;
if (anchors.empty()) // Nothing to do here
- return Insecure;
+ return vState::Insecure;
// Determine the lowest (i.e. with the most labels) Trust Anchor for zone
DNSName lowestTA(".");
*/
if(lowestTA.countLabels() <= lowestNTA.countLabels()) {
LOG("marking answer Insecure"<<endl);
- return NTA; // Not Insecure, this way validateRecords() can shortcut
+ return vState::NTA; // Not Insecure, this way validateRecords() can shortcut
}
LOG("but a Trust Anchor for "<<lowestTA<<" is configured, continuing validation."<<endl);
}
if(validkeys.empty())
{
LOG("ended up with zero valid DNSKEYs, going Bogus"<<endl);
- return Bogus;
+ return vState::Bogus;
}
LOG("situation: we have one or more valid DNSKEYs for ["<<*zoneCutIter<<"] (want ["<<zone<<"])"<<endl);
if(zoneCutIter == zoneCuts.cend()-1) {
LOG("requested keyset found! returning Secure for the keyset"<<endl);
keyset.insert(validkeys.cbegin(), validkeys.cend());
- return Secure;
+ return vState::Secure;
}
// We now have the DNSKEYs, use them to validate the DS records at the next zonecut
if(r.first == r.second) {
LOG("No DS for "<<*(zoneCutIter+1)<<", now look for a secure denial"<<endl);
dState res = getDenial(validrrsets, *(zoneCutIter+1), QType::DS, true, true);
- if (res == INSECURE || res == NXDOMAIN)
- return Bogus;
- if (res == NXQTYPE || res == OPTOUT)
- return Insecure;
+ if (res == dState::INSECURE || res == dState::NXDOMAIN)
+ return vState::Bogus;
+ if (res == dState::NXQTYPE || res == dState::OPTOUT)
+ return vState::Insecure;
}
/*
}
}
// There were no zone cuts (aka, we should never get here)
- return Bogus;
+ return vState::Bogus;
}
bool isSupportedDS(const DSRecordContent& ds)
return DNSName();
}
+const std::string& vStateToString(vState state)
+{
+ static const std::vector<std::string> vStates = {"Indeterminate", "Bogus", "Insecure", "Secure", "NTA", "TA"};
+ return vStates.at(static_cast<size_t>(state));
+}
+
std::ostream& operator<<(std::ostream &os, const vState d)
{
- os<<vStates[d];
+ os<<vStateToString(d);
return os;
}
std::ostream& operator<<(std::ostream &os, const dState d)
{
- os<<dStates[d];
+ static const std::vector<std::string> dStates = {"no denial", "nxdomain", "nxqtype", "empty non-terminal", "insecure", "opt-out"};
+ os<<dStates.at(static_cast<size_t>(d));
return os;
}
extern uint16_t g_maxNSEC3Iterations;
// 4033 5
-enum vState : uint8_t { Indeterminate, Bogus, Insecure, Secure, NTA, TA };
-extern const char *vStates[];
+enum class vState : uint8_t { Indeterminate, Bogus, Insecure, Secure, NTA, TA };
+const std::string& vStateToString(vState state);
// NSEC(3) results
-enum dState : uint8_t { NODATA, NXDOMAIN, NXQTYPE, ENT, INSECURE, OPTOUT};
-extern const char *dStates[];
+enum class dState : uint8_t { NODENIAL, NXDOMAIN, NXQTYPE, ENT, INSECURE, OPTOUT};
std::ostream& operator<<(std::ostream &os, const vState d);
std::ostream& operator<<(std::ostream &os, const dState d);
projects / thirdparty / pdns.git / commitdiff
