From: Otto Moerbeek Date: Fri, 6 Dec 2019 16:02:54 +0000 (+0100) Subject: Rebased; test files were reformatted X-Git-Tag: auth-4.3.0-alpha1~3^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=da2636b67efa6e367be7bcc8a296642a609b94f2;p=thirdparty%2Fpdns.git Rebased; test files were reformatted --- diff --git a/pdns/recursordist/test-syncres_cc.hh b/pdns/recursordist/test-syncres_cc.hh index 40ccd0f4e7..0976c1389d 100644 --- a/pdns/recursordist/test-syncres_cc.hh +++ b/pdns/recursordist/test-syncres_cc.hh @@ -49,11 +49,9 @@ void addRecordToLW(LWResult* res, const std::string& name, uint16_t type, const bool isRootServer(const ComboAddress& ip); -void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL, uint32_t sigValidity, RRSIGRecordContent& rrc, vector>& toSign, boost::optional algo = boost::none, boost::optional inception = boost::none, boost::optional now = boost::none); +void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL, uint32_t sigValidity, RRSIGRecordContent& rrc, const sortedRecords_t& toSign, boost::optional algo = boost::none, boost::optional inception = boost::none, boost::optional now = boost::none); -void computeRRSIG(const DNSSECPrivateKey& dpk, const DNSName& signer, const DNSName& signQName, uint16_t signQType, uint32_t signTTL, uint32_t sigValidity, RRSIGRecordContent& rrc, const sortedRecords_t& toSign, boost::optional algo=boost::none, boost::optional inception=boost::none, boost::optional now=boost::none); - -typedef std::unordered_map > testkeysset_t; +typedef std::unordered_map> testkeysset_t; bool addRRSIG(const testkeysset_t& keys, std::vector& records, const DNSName& signer, uint32_t sigValidity, bool broken = false, boost::optional algo = boost::none, boost::optional wildcard = boost::none, boost::optional now = boost::none); diff --git a/pdns/recursordist/test-syncres_cc5.cc b/pdns/recursordist/test-syncres_cc5.cc index 8889b0d7a5..b51a1dfd02 100644 --- a/pdns/recursordist/test-syncres_cc5.cc +++ b/pdns/recursordist/test-syncres_cc5.cc @@ -988,7 +988,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard) BOOST_CHECK_EQUAL(queriesCount, 6U); } -BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_nsec3) { +BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_nsec3) +{ std::unique_ptr sr; initSR(sr, true); @@ -1007,62 +1008,62 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n size_t queriesCount = 0; - sr->setAsyncCallback([target,&queriesCount,keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional& srcmask, boost::optional context, LWResult* res, bool* chained) { - queriesCount++; + sr->setAsyncCallback([target, &queriesCount, keys](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional& srcmask, boost::optional context, LWResult* res, bool* chained) { + queriesCount++; - if (type == QType::DS || type == QType::DNSKEY) { - if (type == QType::DS && domain == target) { - DNSName auth("com."); - setLWResult(res, 0, true, false, true); + if (type == QType::DS || type == QType::DNSKEY) { + if (type == QType::DS && domain == target) { + DNSName auth("com."); + setLWResult(res, 0, true, false, true); - addRecordToLW(res, auth, QType::SOA, "foo. bar. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); - addRRSIG(keys, res->d_records, auth, 300); - /* add a NSEC3 denying the DS AND the existence of a cut (no NS) */ - /* first the closest encloser */ - addNSEC3UnhashedRecordToLW(DNSName("com."), auth, "whatever", { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, res->d_records); - addRRSIG(keys, res->d_records, auth, 300); - /* then the next closer */ - addNSEC3NarrowRecordToLW(domain, DNSName("com."), { QType::RRSIG, QType::NSEC }, 600, res->d_records); - addRRSIG(keys, res->d_records, auth, 300); - /* a wildcard matches but has no record for this type */ - addNSEC3UnhashedRecordToLW(DNSName("*.com."), DNSName("com."), "whatever", { QType::AAAA, QType::NSEC, QType::RRSIG }, 600, res->d_records); - addRRSIG(keys, res->d_records, DNSName("com"), 300, false, boost::none, DNSName("*.com")); - return 1; - } - return genericDSAndDNSKEYHandler(res, domain, domain, type, keys); + addRecordToLW(res, auth, QType::SOA, "foo. bar. 2017032800 1800 900 604800 86400", DNSResourceRecord::AUTHORITY, 86400); + addRRSIG(keys, res->d_records, auth, 300); + /* add a NSEC3 denying the DS AND the existence of a cut (no NS) */ + /* first the closest encloser */ + addNSEC3UnhashedRecordToLW(DNSName("com."), auth, "whatever", {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, res->d_records); + addRRSIG(keys, res->d_records, auth, 300); + /* then the next closer */ + addNSEC3NarrowRecordToLW(domain, DNSName("com."), {QType::RRSIG, QType::NSEC}, 600, res->d_records); + addRRSIG(keys, res->d_records, auth, 300); + /* a wildcard matches but has no record for this type */ + addNSEC3UnhashedRecordToLW(DNSName("*.com."), DNSName("com."), "whatever", {QType::AAAA, QType::NSEC, QType::RRSIG}, 600, res->d_records); + addRRSIG(keys, res->d_records, DNSName("com"), 300, false, boost::none, DNSName("*.com")); + return 1; } - else { - if (isRootServer(ip)) { - setLWResult(res, 0, false, false, true); - addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); - addDS(DNSName("com."), 300, res->d_records, keys); - addRRSIG(keys, res->d_records, DNSName("."), 300); - addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); - return 1; - } - else if (ip == ComboAddress("192.0.2.1:53")) { - setLWResult(res, 0, true, false, true); - /* no data */ - addRecordToLW(res, DNSName("com."), QType::SOA, "com. com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); - addRRSIG(keys, res->d_records, DNSName("com."), 300); - /* no record for this name */ - /* first the closest encloser */ - addNSEC3UnhashedRecordToLW(DNSName("com."), DNSName("com."), "whatever", { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, res->d_records); - addRRSIG(keys, res->d_records, DNSName("com."), 300); - /* !! we duplicate the NSEC3 on purpose, to check deduplication. The RRSIG will have been computed for a RRSET containing only one NSEC3 and should not be valid. */ - addNSEC3UnhashedRecordToLW(DNSName("com."), DNSName("com."), "whatever", { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, res->d_records); - /* then the next closer */ - addNSEC3NarrowRecordToLW(domain, DNSName("com."), { QType::RRSIG, QType::NSEC }, 600, res->d_records); - addRRSIG(keys, res->d_records, DNSName("com."), 300); - /* a wildcard matches but has no record for this type */ - addNSEC3UnhashedRecordToLW(DNSName("*.com."), DNSName("com."), "whatever", { QType::AAAA, QType::NSEC, QType::RRSIG }, 600, res->d_records); - addRRSIG(keys, res->d_records, DNSName("com"), 300, false, boost::none, DNSName("*.com")); - return 1; - } + return genericDSAndDNSKEYHandler(res, domain, domain, type, keys); + } + else { + if (isRootServer(ip)) { + setLWResult(res, 0, false, false, true); + addRecordToLW(res, "com.", QType::NS, "a.gtld-servers.com.", DNSResourceRecord::AUTHORITY, 3600); + addDS(DNSName("com."), 300, res->d_records, keys); + addRRSIG(keys, res->d_records, DNSName("."), 300); + addRecordToLW(res, "a.gtld-servers.com.", QType::A, "192.0.2.1", DNSResourceRecord::ADDITIONAL, 3600); + return 1; } + else if (ip == ComboAddress("192.0.2.1:53")) { + setLWResult(res, 0, true, false, true); + /* no data */ + addRecordToLW(res, DNSName("com."), QType::SOA, "com. com. 2017032301 10800 3600 604800 3600", DNSResourceRecord::AUTHORITY, 3600); + addRRSIG(keys, res->d_records, DNSName("com."), 300); + /* no record for this name */ + /* first the closest encloser */ + addNSEC3UnhashedRecordToLW(DNSName("com."), DNSName("com."), "whatever", {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, res->d_records); + addRRSIG(keys, res->d_records, DNSName("com."), 300); + /* !! we duplicate the NSEC3 on purpose, to check deduplication. The RRSIG will have been computed for a RRSET containing only one NSEC3 and should not be valid. */ + addNSEC3UnhashedRecordToLW(DNSName("com."), DNSName("com."), "whatever", {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, res->d_records); + /* then the next closer */ + addNSEC3NarrowRecordToLW(domain, DNSName("com."), {QType::RRSIG, QType::NSEC}, 600, res->d_records); + addRRSIG(keys, res->d_records, DNSName("com."), 300); + /* a wildcard matches but has no record for this type */ + addNSEC3UnhashedRecordToLW(DNSName("*.com."), DNSName("com."), "whatever", {QType::AAAA, QType::NSEC, QType::RRSIG}, 600, res->d_records); + addRRSIG(keys, res->d_records, DNSName("com"), 300, false, boost::none, DNSName("*.com")); + return 1; + } + } - return 0; - }); + return 0; + }); vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); @@ -1082,7 +1083,8 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n BOOST_CHECK_EQUAL(queriesCount, 6U); } -BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_too_many_iterations) { +BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_too_many_iterations) +{ std::unique_ptr sr; initSR(sr, true); diff --git a/pdns/recursordist/test-syncres_cc8.cc b/pdns/recursordist/test-syncres_cc8.cc index 147a3e01fa..a1f0b85e8e 100644 --- a/pdns/recursordist/test-syncres_cc8.cc +++ b/pdns/recursordist/test-syncres_cc8.cc @@ -21,7 +21,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_nowrap) No wrap test case: a.example.org. -> d.example.org. denies the existence of b.example.org. */ - addNSECRecordToLW(DNSName("a.example.org."), DNSName("d.example.org"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("a.example.org."), DNSName("d.example.org"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("example.org."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -36,7 +36,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_nowrap) /* add wildcard denial */ recordContents.clear(); signatureContents.clear(); - addNSECRecordToLW(DNSName("example.org."), DNSName("+.example.org"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("example.org."), DNSName("+.example.org"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("example.org."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -70,7 +70,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_1) Wrap case 1 test case: z.example.org. -> b.example.org. denies the existence of a.example.org. */ - addNSECRecordToLW(DNSName("z.example.org."), DNSName("b.example.org"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("z.example.org."), DNSName("b.example.org"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("example.org."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -106,7 +106,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_2) Wrap case 2 test case: y.example.org. -> a.example.org. denies the existence of z.example.org. */ - addNSECRecordToLW(DNSName("y.example.org."), DNSName("a.example.org"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("y.example.org."), DNSName("a.example.org"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("example.org."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -142,7 +142,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_only_one_nsec) Only one NSEC in the whole zone test case: a.example.org. -> a.example.org. denies the existence of b.example.org. */ - addNSECRecordToLW(DNSName("a.example.org."), DNSName("a.example.org"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("a.example.org."), DNSName("a.example.org"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("example.org."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -178,7 +178,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_root_nxd_denial) The RRSIG from "." denies the existence of anything between a. and c., including b. */ - addNSECRecordToLW(DNSName("a."), DNSName("c."), { QType::NS }, 600, records); + addNSECRecordToLW(DNSName("a."), DNSName("c."), {QType::NS}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -193,7 +193,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_root_nxd_denial) /* add wildcard denial */ recordContents.clear(); signatureContents.clear(); - addNSECRecordToLW(DNSName("."), DNSName("+"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("."), DNSName("+"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -225,7 +225,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_ancestor_nxqtype_denial) signer field that is shorter than the owner name of the NSEC RR) it can't be used to deny anything except the whole name or a DS. */ - addNSECRecordToLW(DNSName("a."), DNSName("b."), { QType::NS }, 600, records); + addNSECRecordToLW(DNSName("a."), DNSName("b."), {QType::NS}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -281,7 +281,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_insecure_delegation_denial) NS should be set if it was proving an insecure delegation, let's check that we correctly detect that it's not. */ - addNSECRecordToLW(DNSName("a."), DNSName("b."), { }, 600, records); + addNSECRecordToLW(DNSName("a."), DNSName("b."), {}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -311,7 +311,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_nxqtype_cname) sortedRecords_t recordContents; vector> signatureContents; - addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("a.c.powerdns.com."), { QType::CNAME }, 600, records); + addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("a.c.powerdns.com."), {QType::CNAME}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -340,7 +340,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxqtype_cname) sortedRecords_t recordContents; vector> signatureContents; - addNSEC3UnhashedRecordToLW(DNSName("a.powerdns.com."), DNSName("powerdns.com."), "whatever", { QType::CNAME }, 600, records); + addNSEC3UnhashedRecordToLW(DNSName("a.powerdns.com."), DNSName("powerdns.com."), "whatever", {QType::CNAME}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -369,7 +369,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_nxdomain_denial_missing_wildcard) sortedRecords_t recordContents; vector> signatureContents; - addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("d.powerdns.com"), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("d.powerdns.com"), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -397,7 +397,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxdomain_denial_missing_wildcard) sortedRecords_t recordContents; vector> signatureContents; - addNSEC3NarrowRecordToLW(DNSName("a.powerdns.com."), DNSName("powerdns.com."), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSEC3NarrowRecordToLW(DNSName("a.powerdns.com."), DNSName("powerdns.com."), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -412,7 +412,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxdomain_denial_missing_wildcard) recordContents.clear(); signatureContents.clear(); records.clear(); - addNSEC3UnhashedRecordToLW(DNSName("powerdns.com."), DNSName("powerdns.com."), "whatever", { QType::A, QType::TXT, QType::RRSIG, QType::NSEC }, 600, records); + addNSEC3UnhashedRecordToLW(DNSName("powerdns.com."), DNSName("powerdns.com."), "whatever", {QType::A, QType::TXT, QType::RRSIG, QType::NSEC}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -437,7 +437,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_ent_denial) sortedRecords_t recordContents; vector> signatureContents; - addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("a.c.powerdns.com."), { QType::A }, 600, records); + addNSECRecordToLW(DNSName("a.powerdns.com."), DNSName("a.c.powerdns.com."), {QType::A}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -466,7 +466,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_ent_denial) /* if we add the wildcard denial proof, we should get a NXDOMAIN proof for b.powerdns.com */ recordContents.clear(); signatureContents.clear(); - addNSECRecordToLW(DNSName(").powerdns.com."), DNSName("+.powerdns.com."), { }, 600, records); + addNSECRecordToLW(DNSName(").powerdns.com."), DNSName("+.powerdns.com."), {}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("powerdns.com."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -497,7 +497,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) signer field that is shorter than the owner name of the NSEC RR) it can't be used to deny anything except the whole name or a DS. */ - addNSEC3UnhashedRecordToLW(DNSName("a."), DNSName("."), "whatever", { QType::NS }, 600, records); + addNSEC3UnhashedRecordToLW(DNSName("a."), DNSName("."), "whatever", {QType::NS}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -529,7 +529,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) recordContents.clear(); signatureContents.clear(); records.clear(); - addNSEC3NarrowRecordToLW(DNSName("sub.a."), DNSName("."), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC3 }, 600, records); + addNSEC3NarrowRecordToLW(DNSName("sub.a."), DNSName("."), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC3}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -542,7 +542,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) recordContents.clear(); signatureContents.clear(); records.clear(); - addNSEC3NarrowRecordToLW(DNSName("*.a."), DNSName("."), { QType::A, QType::TXT, QType::RRSIG, QType::NSEC3 }, 600, records); + addNSEC3NarrowRecordToLW(DNSName("*.a."), DNSName("."), {QType::A, QType::TXT, QType::RRSIG, QType::NSEC3}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -568,7 +568,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_denial_too_many_iterations) vector> signatureContents; /* adding a NSEC3 with more iterations that we support */ - addNSEC3UnhashedRecordToLW(DNSName("a."), DNSName("."), "whatever", { QType::AAAA }, 600, records, g_maxNSEC3Iterations + 100); + addNSEC3UnhashedRecordToLW(DNSName("a."), DNSName("."), "whatever", {QType::AAAA}, 600, records, g_maxNSEC3Iterations + 100); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1))); @@ -609,7 +609,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_insecure_delegation_denial) NS should be set if it was proving an insecure delegation, let's check that we correctly detect that it's not. */ - addNSEC3UnhashedRecordToLW(DNSName("a."), DNSName("."), "whatever", { }, 600, records); + addNSEC3UnhashedRecordToLW(DNSName("a."), DNSName("."), "whatever", {}, 600, records); recordContents.insert(records.at(0).d_content); addRRSIG(keys, records, DNSName("."), 300); signatureContents.push_back(getRR(records.at(1)));