From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 12 Jul 2016 14:33:15 +0000 (+0200)
Subject: Add test for #4158
X-Git-Tag: auth-4.0.1~39^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=694ef440cd37f95b2acd16ddad33731200187fe2;p=thirdparty%2Fpdns.git

Add test for #4158
---

diff --git a/regression-tests.recursor-dnssec/recursortests.py b/regression-tests.recursor-dnssec/recursortests.py
index 1d2db69404..31a3b547de 100644
--- a/regression-tests.recursor-dnssec/recursortests.py
+++ b/regression-tests.recursor-dnssec/recursortests.py
@@ -105,6 +105,10 @@ cname-to-bogus.secure.example.    3600 IN CNAME ted.bogus.example.
 
 host1.sub.secure.example. 3600 IN A    192.0.2.11
 
+;; See #4158
+sub2.secure.example. 3600 IN CNAME doesnotmatter.insecure.example.
+insecure.sub2.secure.example. 3600 IN NS ns1.insecure.example.
+
 *.wildcard.secure.example.    3600 IN A    192.0.2.10
 
 *.cnamewildcard.secure.example. 3600 IN CNAME host1.secure.example.
@@ -119,6 +123,12 @@ bogus.example.           3600 IN NS   ns1.bogus.example.
 ns1.bogus.example.       3600 IN A    {prefix}.12
 ted.bogus.example.       3600 IN A    192.0.2.1
 bill.bogus.example.      3600 IN AAAA 2001:db8:12::3
+        """,
+        'insecure.sub2.secure.example': """
+insecure.sub2.secure.example.        3600 IN SOA  {soa}
+insecure.sub2.secure.example.        3600 IN NS   ns1.insecure.example.
+
+node1.insecure.sub2.secure.example.  3600 IN A    192.0.2.18
         """,
         'insecure.example': """
 insecure.example.        3600 IN SOA  {soa}
@@ -206,7 +216,7 @@ PrivateKey: xcNUxt1Knj14A00lKQFDboluiJyM2f7FxpgsQaQ3AQ4=
         '10': ['example'],
         '11': ['example'],
         '12': ['bogus.example'],
-        '13': ['insecure.example'],
+        '13': ['insecure.example', 'insecure.sub2.secure.example'],
         '14': ['optout.example'],
         '15': ['insecure.optout.example', 'secure.optout.example']
     }
diff --git a/regression-tests.recursor-dnssec/test_Interop.py b/regression-tests.recursor-dnssec/test_Interop.py
index 49239e7cb5..358e6031c7 100644
--- a/regression-tests.recursor-dnssec/test_Interop.py
+++ b/regression-tests.recursor-dnssec/test_Interop.py
@@ -24,6 +24,20 @@ class testInterop(RecursorTest):
         self.assertRcodeEqual(res, dns.rcode.NOERROR)
         self.assertRRsetInAnswer(res, expected)
 
+    def testCNAMEWithLowerEntries(self):
+        """
+        #4158, When chasing down for DS/DNSKEY and we find a CNAME, skip a level
+        """
+        expected = dns.rrset.from_text('node1.insecure.sub2.secure.example.', 0, dns.rdataclass.IN, 'A', '192.0.2.18')
+
+        query = dns.message.make_query('node1.insecure.sub2.secure.example.', 'A')
+        query.flags |= dns.flags.AD
+        res = self.sendUDPQuery(query)
+
+        self.assertRcodeEqual(res, dns.rcode.NOERROR)
+        self.assertMessageHasFlags(res, ['QR', 'RA', 'RD'], ['DO'])
+        self.assertRRsetInAnswer(res, expected)
+
     @classmethod
     def startResponders(cls):
         print("Launching responders..")