From: Remi Gacogne Date: Thu, 9 Jul 2020 11:52:11 +0000 (+0200) Subject: rec: Stop cluttering the global namespace with validation states X-Git-Tag: rec-4.4.0-alpha2~7^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F9312%2Fhead;p=thirdparty%2Fpdns.git rec: Stop cluttering the global namespace with validation states Also rename the NODATA state to NODENIAL, as the existing name could easily be confused with NXQTYPE. --- diff --git a/pdns/lua-recursor4.cc b/pdns/lua-recursor4.cc index 445092448e..0890cbb4ac 100644 --- a/pdns/lua-recursor4.cc +++ b/pdns/lua-recursor4.cc @@ -335,10 +335,10 @@ void RecursorLua4::postPrepareContext() d_pd.push_back({n.first, n.second}); d_pd.push_back({"validationstates", in_t{ - {"Indeterminate", Indeterminate }, - {"Bogus", Bogus }, - {"Insecure", Insecure }, - {"Secure", Secure }, + {"Indeterminate", static_cast(vState::Indeterminate) }, + {"Bogus", static_cast(vState::Bogus) }, + {"Insecure", static_cast(vState::Insecure) }, + {"Secure", static_cast(vState::Secure) }, }}); d_pd.push_back({"now", &g_now}); diff --git a/pdns/lua-recursor4.hh b/pdns/lua-recursor4.hh index 570d3fd3e4..08bfefe0f6 100644 --- a/pdns/lua-recursor4.hh +++ b/pdns/lua-recursor4.hh @@ -81,7 +81,7 @@ public: std::string requestorId; std::string deviceId; std::string deviceName; - vState validationState{Indeterminate}; + vState validationState{vState::Indeterminate}; bool& variable; bool& wantsRPZ; bool& logResponse; diff --git a/pdns/pdns_recursor.cc b/pdns/pdns_recursor.cc index 45a13651f5..6829ab1521 100644 --- a/pdns/pdns_recursor.cc +++ b/pdns/pdns_recursor.cc @@ -1537,7 +1537,7 @@ static void startDoResolve(void *p) } } - if (t_pdl || (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != Bogus)) { + if (t_pdl || (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != vState::Bogus)) { if (res == RCode::NoError) { auto i = ret.cbegin(); for(; i!= ret.cend(); ++i) { @@ -1551,7 +1551,7 @@ static void startDoResolve(void *p) if (t_pdl && t_pdl->nodata(dq, res)) { shouldNotValidate = true; } - else if (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != Bogus) { + else if (g_dns64Prefix && dq.qtype == QType::AAAA && dq.validationState != vState::Bogus) { res = getFakeAAAARecords(dq.qname, *g_dns64Prefix, ret); shouldNotValidate = true; } @@ -1613,7 +1613,7 @@ static void startDoResolve(void *p) auto state = sr.getValidationState(); - if(state == Secure) { + if(state == vState::Secure) { if(sr.doLog()) { g_log<d_mdp.d_qname<<"|"<d_mdp.d_qtype).getName()<<" for "<getRemote()<<" validates correctly"<d_mdp.d_header.ad || DNSSECOK) pw.getHeader()->ad=1; } - else if(state == Insecure) { + else if(state == vState::Insecure) { if(sr.doLog()) { g_log<d_mdp.d_qname<<"|"<d_mdp.d_qtype).getName()<<" for "<getRemote()<<" validates as Insecure"<ad=0; } - else if(state == Bogus) { + else if(state == vState::Bogus) { if(t_bogusremotes) t_bogusremotes->push_back(dc->d_source); if(t_bogusqueryring) @@ -2592,7 +2592,7 @@ static string* doProcessUDPQuestion(const std::string& question, const ComboAddr } if (cacheHit) { - if(valState == Bogus) { + if(valState == vState::Bogus) { if(t_bogusremotes) t_bogusremotes->push_back(source); if(t_bogusqueryring) diff --git a/pdns/rec_channel_rec.cc b/pdns/rec_channel_rec.cc index 489e81083f..5552148f56 100644 --- a/pdns/rec_channel_rec.cc +++ b/pdns/rec_channel_rec.cc @@ -1157,11 +1157,11 @@ void registerAllStats() #endif addGetStat("dnssec-validations", &g_stats.dnssecValidations); - addGetStat("dnssec-result-insecure", &g_stats.dnssecResults[Insecure]); - addGetStat("dnssec-result-secure", &g_stats.dnssecResults[Secure]); - addGetStat("dnssec-result-bogus", &g_stats.dnssecResults[Bogus]); - addGetStat("dnssec-result-indeterminate", &g_stats.dnssecResults[Indeterminate]); - addGetStat("dnssec-result-nta", &g_stats.dnssecResults[NTA]); + addGetStat("dnssec-result-insecure", &g_stats.dnssecResults[vState::Insecure]); + addGetStat("dnssec-result-secure", &g_stats.dnssecResults[vState::Secure]); + addGetStat("dnssec-result-bogus", &g_stats.dnssecResults[vState::Bogus]); + addGetStat("dnssec-result-indeterminate", &g_stats.dnssecResults[vState::Indeterminate]); + addGetStat("dnssec-result-nta", &g_stats.dnssecResults[vState::NTA]); addGetStat("policy-result-noaction", &g_stats.policyResults[DNSFilterEngine::PolicyKind::NoAction]); addGetStat("policy-result-drop", &g_stats.policyResults[DNSFilterEngine::PolicyKind::Drop]); diff --git a/pdns/recursor_cache.cc b/pdns/recursor_cache.cc index 28735b97b1..953562123f 100644 --- a/pdns/recursor_cache.cc +++ b/pdns/recursor_cache.cc @@ -554,7 +554,7 @@ uint64_t MemRecursorCache::doDump(int fd) for (const auto& j : i.d_records) { count++; try { - fprintf(fp.get(), "%s %" PRId64 " IN %s %s ; (%s) auth=%i %s %s\n", i.d_qname.toString().c_str(), static_cast(i.d_ttd - now), DNSRecordContent::NumberToType(i.d_qtype).c_str(), j->getZoneRepresentation().c_str(), vStates[i.d_state], i.d_auth, i.d_netmask.empty() ? "" : i.d_netmask.toString().c_str(), !i.d_rtag ? "" : i.d_rtag.get().c_str()); + fprintf(fp.get(), "%s %" PRId64 " IN %s %s ; (%s) auth=%i %s %s\n", i.d_qname.toString().c_str(), static_cast(i.d_ttd - now), DNSRecordContent::NumberToType(i.d_qtype).c_str(), j->getZoneRepresentation().c_str(), vStateToString(i.d_state).c_str(), i.d_auth, i.d_netmask.empty() ? "" : i.d_netmask.toString().c_str(), !i.d_rtag ? "" : i.d_rtag.get().c_str()); } catch(...) { fprintf(fp.get(), "; error printing '%s'\n", i.d_qname.empty() ? "EMPTY" : i.d_qname.toString().c_str()); diff --git a/pdns/recursor_cache.hh b/pdns/recursor_cache.hh index 2adae2f802..d2f66cef58 100644 --- a/pdns/recursor_cache.hh +++ b/pdns/recursor_cache.hh @@ -59,7 +59,7 @@ public: int32_t get(time_t, const DNSName &qname, const QType& qt, bool requireAuth, vector* res, const ComboAddress& who, const OptTag& routingTag = boost::none, vector>* signatures=nullptr, std::vector>* authorityRecs=nullptr, bool* variable=nullptr, vState* state=nullptr, bool* wasAuth=nullptr); - void replace(time_t, const DNSName &qname, const QType& qt, const vector& content, const vector>& signatures, const std::vector>& authorityRecs, bool auth, boost::optional ednsmask=boost::none, const OptTag& routingTag = boost::none, vState state=Indeterminate); + void replace(time_t, const DNSName &qname, const QType& qt, const vector& content, const vector>& signatures, const std::vector>& authorityRecs, bool auth, boost::optional ednsmask=boost::none, const OptTag& routingTag = boost::none, vState state=vState::Indeterminate); void doPrune(size_t keep); uint64_t doDump(int fd); @@ -75,7 +75,7 @@ private: struct CacheEntry { CacheEntry(const boost::tuple& key, bool auth): - d_qname(key.get<0>()), d_netmask(key.get<3>().getNormalized()), d_rtag(key.get<2>()), d_state(Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth) + d_qname(key.get<0>()), d_netmask(key.get<3>().getNormalized()), d_rtag(key.get<2>()), d_state(vState::Indeterminate), d_ttd(0), d_qtype(key.get<1>()), d_auth(auth) { } diff --git a/pdns/recursordist/negcache.cc b/pdns/recursordist/negcache.cc index 86f2b5e77a..e512579dca 100644 --- a/pdns/recursordist/negcache.cc +++ b/pdns/recursordist/negcache.cc @@ -202,15 +202,15 @@ uint64_t NegCache::dumpToFile(FILE* fp) negcache_sequence_t& sidx = d_negcache.get(); for (const NegCacheEntry& ne : sidx) { ret++; - fprintf(fp, "%s %" PRId64 " IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStates[ne.d_validationState]); + fprintf(fp, "%s %" PRId64 " IN %s VIA %s ; (%s)\n", ne.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), ne.d_qtype.getName().c_str(), ne.d_auth.toString().c_str(), vStateToString(ne.d_validationState).c_str()); for (const auto& rec : ne.authoritySOA.records) { - fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStates[ne.d_validationState]); + fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str()); } for (const auto& sig : ne.authoritySOA.signatures) { fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str()); } for (const auto& rec : ne.DNSSECRecords.records) { - fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStates[ne.d_validationState]); + fprintf(fp, "%s %" PRId64 " IN %s %s ; (%s)\n", rec.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), DNSRecordContent::NumberToType(rec.d_type).c_str(), rec.d_content->getZoneRepresentation().c_str(), vStateToString(ne.d_validationState).c_str()); } for (const auto& sig : ne.DNSSECRecords.signatures) { fprintf(fp, "%s %" PRId64 " IN RRSIG %s ;\n", sig.d_name.toString().c_str(), static_cast(ne.d_ttd - now.tv_sec), sig.d_content->getZoneRepresentation().c_str()); diff --git a/pdns/recursordist/negcache.hh b/pdns/recursordist/negcache.hh index 0b0acb5d28..adb0202008 100644 --- a/pdns/recursordist/negcache.hh +++ b/pdns/recursordist/negcache.hh @@ -55,7 +55,7 @@ public: mutable uint32_t d_ttd; // Timestamp when this entry should die recordsAndSignatures authoritySOA; // The upstream SOA record and RRSIGs recordsAndSignatures DNSSECRecords; // The upstream NSEC(3) and RRSIGs - mutable vState d_validationState{Indeterminate}; + mutable vState d_validationState{vState::Indeterminate}; uint32_t getTTD() const { return d_ttd; diff --git a/pdns/recursordist/test-syncres_cc1.cc b/pdns/recursordist/test-syncres_cc1.cc index 2640c279c0..49672a6bce 100644 --- a/pdns/recursordist/test-syncres_cc1.cc +++ b/pdns/recursordist/test-syncres_cc1.cc @@ -25,7 +25,7 @@ BOOST_AUTO_TEST_CASE(test_root_primed) ret.clear(); res = sr->beginResolve(target, QType(QType::AAAA), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::AAAA); BOOST_CHECK_EQUAL(ret[0].d_name, target); @@ -1532,7 +1532,7 @@ BOOST_AUTO_TEST_CASE(test_dname_dnssec_secure) int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 5U); /* DNAME + RRSIG(DNAME) + CNAME + A + RRSIG(A) */ BOOST_CHECK_EQUAL(queries, 11U); @@ -1558,7 +1558,7 @@ BOOST_AUTO_TEST_CASE(test_dname_dnssec_secure) res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 5U); /* DNAME + RRSIG(DNAME) + CNAME + A + RRSIG(A) */ BOOST_CHECK_EQUAL(queries, 11U); @@ -1679,7 +1679,7 @@ BOOST_AUTO_TEST_CASE(test_dname_dnssec_insecure) int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); /* DNAME + RRSIG(DNAME) + CNAME + A */ BOOST_CHECK_EQUAL(queries, 9U); @@ -1702,7 +1702,7 @@ BOOST_AUTO_TEST_CASE(test_dname_dnssec_insecure) res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); /* DNAME + RRSIG(DNAME) + CNAME + A */ BOOST_CHECK_EQUAL(queries, 9U); diff --git a/pdns/recursordist/test-syncres_cc2.cc b/pdns/recursordist/test-syncres_cc2.cc index 54228dc1fe..28f43c21b2 100644 --- a/pdns/recursordist/test-syncres_cc2.cc +++ b/pdns/recursordist/test-syncres_cc2.cc @@ -655,7 +655,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) vector ret; int res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); @@ -663,7 +663,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); @@ -671,7 +671,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); @@ -679,7 +679,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); @@ -691,7 +691,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target1, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 1U); @@ -700,7 +700,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target2, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 11U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 2U); @@ -708,7 +708,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target3, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 13U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 3U); @@ -716,7 +716,7 @@ BOOST_AUTO_TEST_CASE(test_rfc8020_nothing_underneath_dnssec) ret.clear(); res = sr->beginResolve(target4, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 15U); BOOST_CHECK_EQUAL(SyncRes::getNegCacheSize(), 4U); diff --git a/pdns/recursordist/test-syncres_cc3.cc b/pdns/recursordist/test-syncres_cc3.cc index 2fc7e325bf..abf4680ac2 100644 --- a/pdns/recursordist/test-syncres_cc3.cc +++ b/pdns/recursordist/test-syncres_cc3.cc @@ -869,7 +869,7 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 5U); @@ -877,7 +877,7 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 5U); } @@ -940,7 +940,7 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_bogus) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 5U); @@ -948,7 +948,7 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_bogus) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 5U); } @@ -1003,7 +1003,7 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_nodata_bogus) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 0U); /* com|NS, powerdns.com|NS, powerdns.com|A */ BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -1012,7 +1012,7 @@ BOOST_AUTO_TEST_CASE(test_forward_zone_recurse_rd_dnssec_nodata_bogus) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 0U); /* we don't store empty results */ BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -1054,7 +1054,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_oob) BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 0U); BOOST_CHECK(sr->wasOutOfBand()); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); /* a second time, to check that the OOB flag is set when the query cache is used */ ret.clear(); @@ -1064,7 +1064,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_oob) BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 0U); BOOST_CHECK(sr->wasOutOfBand()); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); /* a third time, to check that the validation is disabled when the OOB flag is set */ ret.clear(); @@ -1075,7 +1075,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_oob) BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 0U); BOOST_CHECK(sr->wasOutOfBand()); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); } BOOST_AUTO_TEST_CASE(test_auth_zone_oob_cname) @@ -1123,7 +1123,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_oob_cname) BOOST_CHECK(ret[1].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 0U); BOOST_CHECK(sr->wasOutOfBand()); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); /* a second time, to check that the OOB flag is set when the query cache is used */ ret.clear(); @@ -1134,7 +1134,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_oob_cname) BOOST_CHECK(ret[1].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 0U); BOOST_CHECK(sr->wasOutOfBand()); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); /* a third time, to check that the validation is disabled when the OOB flag is set */ ret.clear(); @@ -1146,7 +1146,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_oob_cname) BOOST_CHECK(ret[1].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 0U); BOOST_CHECK(sr->wasOutOfBand()); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); } BOOST_AUTO_TEST_CASE(test_auth_zone) diff --git a/pdns/recursordist/test-syncres_cc4.cc b/pdns/recursordist/test-syncres_cc4.cc index 7c72748fdd..a7d6a057b2 100644 --- a/pdns/recursordist/test-syncres_cc4.cc +++ b/pdns/recursordist/test-syncres_cc4.cc @@ -165,7 +165,7 @@ BOOST_AUTO_TEST_CASE(test_auth_zone_delegation) BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 4U); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); } BOOST_AUTO_TEST_CASE(test_auth_zone_delegation_point) @@ -516,7 +516,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_csk) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -525,7 +525,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_csk) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); } @@ -604,7 +604,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_ksk_zsk) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -613,7 +613,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_root_validation_ksk_zsk) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); } @@ -670,7 +670,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_dnskey) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -679,7 +679,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_dnskey) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); } @@ -759,7 +759,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -768,7 +768,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -782,7 +782,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -791,7 +791,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::DNSKEY), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); /* 1 SOA + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -801,7 +801,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_dnskey_doesnt_match_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 4U); } @@ -869,7 +869,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_rrsig_signed_with_unknown_dnskey) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -878,7 +878,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_rrsig_signed_with_unknown_dnskey) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); } @@ -939,7 +939,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_rrsig) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* 13 NS + 0 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 13U); /* no RRSIG so no query for DNSKEYs */ @@ -949,7 +949,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_no_rrsig) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 13U); /* check that we capped the TTL to max-cache-bogus-ttl */ for (const auto& record : ret) { @@ -1026,7 +1026,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_algorithm) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); /* no supported DS so no query for DNSKEYs */ @@ -1036,7 +1036,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_algorithm) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 1U); } @@ -1107,7 +1107,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_digest) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); /* no supported DS so no query for DNSKEYs */ @@ -1117,7 +1117,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_unknown_ds_digest) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 1U); } @@ -1176,7 +1176,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_sig) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -1185,7 +1185,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_sig) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); } @@ -1245,7 +1245,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_algo) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); @@ -1254,7 +1254,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_bad_algo) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 2U); } @@ -1320,7 +1320,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_unsigned_ds) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -1328,7 +1328,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_unsigned_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -1336,7 +1336,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_unsigned_ds) ret.clear(); res = sr->beginResolve(DNSName("com."), QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 3U); } @@ -1394,7 +1394,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_unsigned_ds_direct) vector ret; int res = sr->beginResolve(DNSName("com."), QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 1U); } diff --git a/pdns/recursordist/test-syncres_cc5.cc b/pdns/recursordist/test-syncres_cc5.cc index 71e6a8f2b3..29f94e23c2 100644 --- a/pdns/recursordist/test-syncres_cc5.cc +++ b/pdns/recursordist/test-syncres_cc5.cc @@ -94,7 +94,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_various_algos) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -102,7 +102,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_various_algos) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); } @@ -189,7 +189,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_a_then_ns) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -197,7 +197,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_a_then_ns) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -206,7 +206,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_a_then_ns) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 9U); } @@ -290,7 +290,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_a_then_ns) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 7U); @@ -298,7 +298,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_a_then_ns) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 7U); @@ -307,7 +307,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_a_then_ns) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 8U); } @@ -399,7 +399,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_with_nta) int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); /* Should be insecure because of the NTA */ - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 5U); @@ -408,7 +408,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_with_nta) res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); /* Should be insecure because of the NTA */ - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 5U); } @@ -488,7 +488,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_with_nta) int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); /* Should be insecure because of the NTA */ - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -496,7 +496,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_with_nta) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 4U); } @@ -579,7 +579,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -587,7 +587,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 8U); } @@ -695,7 +695,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nxdomain_nsec) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); @@ -703,7 +703,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nxdomain_nsec) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); } @@ -804,7 +804,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 9U); @@ -812,7 +812,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 9U); } @@ -884,7 +884,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_nodata_nowildcard) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -892,7 +892,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_nodata_nowildcard) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 6U); } @@ -975,7 +975,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 8U); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -983,7 +983,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 8U); BOOST_CHECK_EQUAL(queriesCount, 6U); } @@ -1068,7 +1068,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* because we pass along the duplicated NSEC3 */ BOOST_REQUIRE_EQUAL(ret.size(), 9U); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -1077,7 +1077,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_duplicated_n ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* because we pass along the duplicated NSEC3 */ BOOST_REQUIRE_EQUAL(ret.size(), 9U); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -1162,7 +1162,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_too_many_ite vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 8U); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -1170,7 +1170,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_nodata_nowildcard_too_many_ite ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 8U); BOOST_CHECK_EQUAL(queriesCount, 6U); } @@ -1280,7 +1280,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 10U); @@ -1288,7 +1288,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 10U); } @@ -1395,7 +1395,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard_too_many_iterations) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); @@ -1403,7 +1403,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec3_wildcard_too_many_iterations) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK_EQUAL(queriesCount, 9U); } @@ -1501,7 +1501,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard_missing) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 9U); @@ -1509,7 +1509,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_nsec_wildcard_missing) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 9U); } @@ -1564,7 +1564,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_wildcard_expanded_onto_itself) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* A + RRSIG, NSEC + RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 4U); } @@ -1626,7 +1626,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_wildcard_like_expanded_from_wildcard vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* A + RRSIG, NSEC + RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 4U); } @@ -1746,14 +1746,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_incomplete_cache_zonecut_qm) vector ret; int res = sr->beginResolve(DNSName("herokuapp.com."), QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 12U); ret.clear(); res = sr->beginResolve(DNSName("dns1.p03.nsone.net."), QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 16U); } diff --git a/pdns/recursordist/test-syncres_cc6.cc b/pdns/recursordist/test-syncres_cc6.cc index 96c71e67c9..7c93429b8d 100644 --- a/pdns/recursordist/test-syncres_cc6.cc +++ b/pdns/recursordist/test-syncres_cc6.cc @@ -108,7 +108,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_secure) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(dsQueriesCount, 3U); @@ -117,7 +117,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_secure) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 9U); BOOST_CHECK_EQUAL(dsQueriesCount, 3U); @@ -225,7 +225,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_sign_loop) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -233,7 +233,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_sign_loop) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); } @@ -275,7 +275,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_root) vector ret; int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 1U); @@ -283,7 +283,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_ds_root) ret.clear(); res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 1U); } @@ -385,7 +385,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_dnskey_signed_child) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 10U); @@ -393,7 +393,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_dnskey_signed_child) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 10U); } @@ -493,7 +493,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_insecure) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 7U); BOOST_CHECK_EQUAL(dsQueriesCount, 2U); @@ -502,7 +502,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ds_on_referral_insecure) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 7U); BOOST_CHECK_EQUAL(dsQueriesCount, 2U); @@ -583,7 +583,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_unsigned_nsec) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_CHECK_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -591,7 +591,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_unsigned_nsec) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 8U); } @@ -671,7 +671,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_no_nsec) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_CHECK_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); @@ -679,7 +679,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_bogus_no_nsec) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 8U); } @@ -778,7 +778,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); /* 4 NS: com at ., com at com, powerdns.com at com, powerdns.com at powerdns.com @@ -790,7 +790,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 7U); @@ -898,7 +898,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_optout) vector ret; int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK(ret[0].d_type == QType::SOA); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -907,7 +907,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_optout) ret.clear(); res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK(ret[0].d_type == QType::SOA); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -1004,7 +1004,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nxd_optout) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK(ret[0].d_type == QType::SOA); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -1013,7 +1013,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nxd_optout) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 6U); BOOST_CHECK(ret[0].d_type == QType::SOA); BOOST_CHECK_EQUAL(queriesCount, 6U); @@ -1067,7 +1067,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_direct_ds) vector ret; int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::DS || record.d_type == QType::RRSIG); @@ -1078,7 +1078,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_direct_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::DS || record.d_type == QType::RRSIG); @@ -1133,7 +1133,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_direct_ds) vector ret; int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::SOA || record.d_type == QType::NSEC || record.d_type == QType::RRSIG); @@ -1144,7 +1144,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_direct_ds) ret.clear(); res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::SOA || record.d_type == QType::NSEC || record.d_type == QType::RRSIG); @@ -1260,7 +1260,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_skipped_cut) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 9U); @@ -1269,7 +1269,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_skipped_cut) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 9U); diff --git a/pdns/recursordist/test-syncres_cc7.cc b/pdns/recursordist/test-syncres_cc7.cc index d1ef7a7a0c..6fbcc2725e 100644 --- a/pdns/recursordist/test-syncres_cc7.cc +++ b/pdns/recursordist/test-syncres_cc7.cc @@ -118,7 +118,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_ta_skipped_cut) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 7U); @@ -127,7 +127,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_ta_skipped_cut) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 7U); @@ -228,7 +228,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nodata) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); /* 4 NS (com from root, com from com, powerdns.com from com, powerdns.com from powerdns.com) @@ -241,7 +241,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_nodata) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 7U); } @@ -362,7 +362,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); @@ -370,7 +370,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); } @@ -485,7 +485,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname_glue) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 11U); @@ -493,7 +493,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_insecure_cname_glue) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 11U); } @@ -611,7 +611,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_secure_cname) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); @@ -619,7 +619,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_to_secure_cname) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); } @@ -707,7 +707,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_secure_cname) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); @@ -715,7 +715,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_secure_cname) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); } @@ -803,7 +803,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_bogus_cname) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); @@ -811,7 +811,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_bogus_cname) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 11U); } @@ -899,7 +899,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_cname) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 12U); @@ -907,7 +907,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_secure_to_secure_cname) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 12U); } @@ -1020,7 +1020,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_insecure_cname) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* no RRSIG to show */ BOOST_CHECK_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 10U); @@ -1029,7 +1029,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_to_insecure_cname) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_CHECK_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 10U); } @@ -1114,7 +1114,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta) int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); /* should be insecure but we have a TA for powerdns.com. */ - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); /* We got a RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK(ret[0].d_type == QType::A); @@ -1124,7 +1124,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 5U); @@ -1210,7 +1210,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta_norrsig) int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); /* should be insecure but we have a TA for powerdns.com., but no RRSIG so Bogus */ - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* No RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); @@ -1220,7 +1220,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_insecure_ta_norrsig) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK(ret[0].d_type == QType::A); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -1280,7 +1280,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_nta) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); /* 13 NS + 1 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 1U); @@ -1289,7 +1289,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_nta) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 14U); BOOST_CHECK_EQUAL(queriesCount, 1U); } @@ -1336,7 +1336,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ta) vector ret; int res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); /* 13 NS + 0 RRSIG */ BOOST_REQUIRE_EQUAL(ret.size(), 13U); BOOST_CHECK_EQUAL(queriesCount, 1U); @@ -1345,7 +1345,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_no_ta) ret.clear(); res = sr->beginResolve(target, QType(QType::NS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 13U); BOOST_CHECK_EQUAL(queriesCount, 1U); } @@ -1388,7 +1388,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nodata) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 0U); /* com|NS, powerdns.com|NS, powerdns.com|A */ BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -1397,7 +1397,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nodata) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 0U); /* we don't store empty results */ BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -1441,7 +1441,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nxdomain) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 0U); /* com|NS, powerdns.com|NS, powerdns.com|A */ BOOST_CHECK_EQUAL(queriesCount, 3U); @@ -1450,7 +1450,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_bogus_nxdomain) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NXDomain); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 0U); /* we don't store empty results */ BOOST_CHECK_EQUAL(queriesCount, 4U); diff --git a/pdns/recursordist/test-syncres_cc8.cc b/pdns/recursordist/test-syncres_cc8.cc index 6f42503705..ccddd4cf01 100644 --- a/pdns/recursordist/test-syncres_cc8.cc +++ b/pdns/recursordist/test-syncres_cc8.cc @@ -47,11 +47,11 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_nowrap) denialMap[std::make_pair(DNSName("example.org."), QType::NSEC)] = pair; dState denialState = getDenial(denialMap, DNSName("b.example.org."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NXDOMAIN); + BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN); denialState = getDenial(denialMap, DNSName("d.example.org."), QType::A, false, false); /* let's check that d.example.org. is not denied by this proof */ - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_1) @@ -83,11 +83,11 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_1) denialMap[std::make_pair(DNSName("z.example.org."), QType::NSEC)] = pair; dState denialState = getDenial(denialMap, DNSName("a.example.org."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NXDOMAIN); + BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN); denialState = getDenial(denialMap, DNSName("d.example.org."), QType::A, false, false); /* let's check that d.example.org. is not denied by this proof */ - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_2) @@ -119,11 +119,11 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_wrap_case_2) denialMap[std::make_pair(DNSName("y.example.org."), QType::NSEC)] = pair; dState denialState = getDenial(denialMap, DNSName("z.example.org."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NXDOMAIN); + BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN); denialState = getDenial(denialMap, DNSName("d.example.org."), QType::A, false, false); /* let's check that d.example.org. is not denied by this proof */ - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_denial_only_one_nsec) @@ -155,11 +155,11 @@ BOOST_AUTO_TEST_CASE(test_nsec_denial_only_one_nsec) denialMap[std::make_pair(DNSName("a.example.org."), QType::NSEC)] = pair; dState denialState = getDenial(denialMap, DNSName("b.example.org."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NXDOMAIN); + BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN); denialState = getDenial(denialMap, DNSName("a.example.org."), QType::A, false, false); /* let's check that d.example.org. is not denied by this proof */ - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_root_nxd_denial) @@ -204,7 +204,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_root_nxd_denial) denialMap[std::make_pair(DNSName("."), QType::NSEC)] = pair; dState denialState = getDenial(denialMap, DNSName("b."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NXDOMAIN); + BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN); } BOOST_AUTO_TEST_CASE(test_nsec_ancestor_nxqtype_denial) @@ -247,14 +247,14 @@ BOOST_AUTO_TEST_CASE(test_nsec_ancestor_nxqtype_denial) dState denialState = getDenial(denialMap, DNSName("a."), QType::A, false, false); /* no data means the qname/qtype is not denied, because an ancestor delegation NSEC can only deny the DS */ - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); /* it can not be used to deny any RRs below that owner name either */ denialState = getDenial(denialMap, DNSName("sub.a."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true); - BOOST_CHECK_EQUAL(denialState, NXQTYPE); + BOOST_CHECK_EQUAL(denialState, dState::NXQTYPE); } BOOST_AUTO_TEST_CASE(test_nsec_insecure_delegation_denial) @@ -296,7 +296,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_insecure_delegation_denial) /* Insecure because the NS is not set, so while it does denies the DS, it can't prove an insecure delegation */ dState denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_nxqtype_cname) @@ -325,7 +325,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_nxqtype_cname) /* this NSEC is not valid to deny a.powerdns.com|A since it states that a CNAME exists */ dState denialState = getDenial(denialMap, DNSName("a.powerdns.com."), QType::A, true, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec3_nxqtype_cname) @@ -354,7 +354,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxqtype_cname) /* this NSEC3 is not valid to deny a.powerdns.com|A since it states that a CNAME exists */ dState denialState = getDenial(denialMap, DNSName("a.powerdns.com."), QType::A, false, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_nxdomain_denial_missing_wildcard) @@ -382,7 +382,7 @@ BOOST_AUTO_TEST_CASE(test_nsec_nxdomain_denial_missing_wildcard) denialMap[std::make_pair(DNSName("a.powerdns.com."), QType::NSEC)] = pair; dState denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec3_nxdomain_denial_missing_wildcard) @@ -422,7 +422,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_nxdomain_denial_missing_wildcard) denialMap[std::make_pair(records.at(0).d_name, records.at(0).d_type)] = pair; dState denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::A, false, false); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec_ent_denial) @@ -452,16 +452,16 @@ BOOST_AUTO_TEST_CASE(test_nsec_ent_denial) /* this NSEC is valid to prove a NXQTYPE at c.powerdns.com because it proves that it is an ENT */ dState denialState = getDenial(denialMap, DNSName("c.powerdns.com."), QType::AAAA, true, true); - BOOST_CHECK_EQUAL(denialState, NXQTYPE); + BOOST_CHECK_EQUAL(denialState, dState::NXQTYPE); /* this NSEC is not valid to prove a NXQTYPE at b.powerdns.com, it could prove a NXDOMAIN if it had an additional wildcard denial */ denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::AAAA, true, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); /* this NSEC is not valid to prove a NXQTYPE for QType::A at a.c.powerdns.com either */ denialState = getDenial(denialMap, DNSName("a.c.powerdns.com."), QType::A, true, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); /* if we add the wildcard denial proof, we should get a NXDOMAIN proof for b.powerdns.com */ recordContents.clear(); @@ -476,12 +476,12 @@ BOOST_AUTO_TEST_CASE(test_nsec_ent_denial) denialMap[std::make_pair(DNSName(").powerdns.com."), QType::NSEC)] = pair; denialState = getDenial(denialMap, DNSName("b.powerdns.com."), QType::A, true, false); - BOOST_CHECK_EQUAL(denialState, NXDOMAIN); + BOOST_CHECK_EQUAL(denialState, dState::NXDOMAIN); /* this NSEC is NOT valid to prove a NXDOMAIN at c.powerdns.com because it proves that it exists and is an ENT */ denialState = getDenial(denialMap, DNSName("c.powerdns.com."), QType::AAAA, true, false); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) @@ -524,10 +524,10 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) dState denialState = getDenial(denialMap, DNSName("a."), QType::A, false, true); /* no data means the qname/qtype is not denied, because an ancestor delegation NSEC3 can only deny the DS */ - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true); - BOOST_CHECK_EQUAL(denialState, NXQTYPE); + BOOST_CHECK_EQUAL(denialState, dState::NXQTYPE); /* it can not be used to deny any RRs below that owner name either */ /* Add NSEC3 for the next closer */ @@ -557,7 +557,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_ancestor_nxqtype_denial) denialMap[std::make_pair(records.at(0).d_name, records.at(0).d_type)] = pair; denialState = getDenial(denialMap, DNSName("sub.a."), QType::A, false, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_nsec3_denial_too_many_iterations) @@ -587,7 +587,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_denial_too_many_iterations) dState denialState = getDenial(denialMap, DNSName("a."), QType::A, false, true); /* since we refuse to compute more than g_maxNSEC3Iterations iterations, it should be Insecure */ - BOOST_CHECK_EQUAL(denialState, INSECURE); + BOOST_CHECK_EQUAL(denialState, dState::INSECURE); } BOOST_AUTO_TEST_CASE(test_nsec3_insecure_delegation_denial) @@ -629,7 +629,7 @@ BOOST_AUTO_TEST_CASE(test_nsec3_insecure_delegation_denial) /* Insecure because the NS is not set, so while it does denies the DS, it can't prove an insecure delegation */ dState denialState = getDenial(denialMap, DNSName("a."), QType::DS, true, true); - BOOST_CHECK_EQUAL(denialState, NODATA); + BOOST_CHECK_EQUAL(denialState, dState::NODENIAL); } BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) @@ -676,7 +676,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -685,7 +685,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_ttd, fixedNow + 1); - BOOST_CHECK_EQUAL(ne.d_validationState, Secure); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Secure); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U); @@ -695,7 +695,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_validity) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 4U); } @@ -747,7 +747,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_bogus_validity) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -756,7 +756,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_bogus_validity) BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); BOOST_CHECK_EQUAL(ne.d_ttd, fixedNow + SyncRes::s_maxbogusttl); - BOOST_CHECK_EQUAL(ne.d_validationState, Bogus); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U); @@ -766,7 +766,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_negcache_bogus_validity) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 3U); BOOST_CHECK_EQUAL(queriesCount, 4U); } @@ -814,7 +814,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_cache_validity) vector ret; int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 4U); @@ -831,7 +831,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_rrsig_cache_validity) ret.clear(); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); BOOST_CHECK_EQUAL(queriesCount, 4U); } @@ -883,7 +883,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_secure) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::A || record.d_type == QType::RRSIG); @@ -895,7 +895,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_secure) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::A || record.d_type == QType::RRSIG); @@ -948,7 +948,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_insecure) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 1U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::A); @@ -960,7 +960,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_insecure) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::A); @@ -1017,7 +1017,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_bogus) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 1U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::A); @@ -1030,7 +1030,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_bogus) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); /* check that we correctly capped the TTD for a Bogus record after just-in-time validation */ BOOST_REQUIRE_EQUAL(ret.size(), 1U); @@ -1046,7 +1046,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cache_bogus) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 1U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::A); diff --git a/pdns/recursordist/test-syncres_cc9.cc b/pdns/recursordist/test-syncres_cc9.cc index d8030f6c8a..6339951e27 100644 --- a/pdns/recursordist/test-syncres_cc9.cc +++ b/pdns/recursordist/test-syncres_cc9.cc @@ -61,7 +61,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_secure) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 4U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A || record.d_type == QType::RRSIG); @@ -73,7 +73,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_secure) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A || record.d_type == QType::RRSIG); @@ -133,7 +133,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_insecure) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A); @@ -145,7 +145,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_insecure) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A); @@ -211,7 +211,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_bogus) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A); @@ -224,7 +224,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_bogus) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); /* check that we correctly capped the TTD for a Bogus record after just-in-time validation */ @@ -240,7 +240,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_cname_cache_bogus) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::CNAME || record.d_type == QType::A); @@ -310,7 +310,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_additional_without_rrsig) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_CHECK_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::RRSIG || record.d_type == QType::A); @@ -323,7 +323,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_additional_without_rrsig) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(addTarget, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_CHECK_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK(record.d_type == QType::RRSIG || record.d_type == QType::A); @@ -383,14 +383,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 1U); /* check that the entry has been negatively cached */ NegCache::NegCacheEntry ne; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U); @@ -401,12 +401,12 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 4U); BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Secure); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Secure); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 1U); @@ -461,7 +461,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure_ds) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 1U); @@ -470,7 +470,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_secure_ds) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::DS), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Secure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure); BOOST_REQUIRE_EQUAL(ret.size(), 4U); BOOST_CHECK_EQUAL(queriesCount, 4U); } @@ -521,14 +521,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_insecure) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 1U); /* check that the entry has not been negatively cached */ NegCache::NegCacheEntry ne; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0U); BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0U); @@ -539,11 +539,11 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_insecure) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Insecure); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Insecure); BOOST_REQUIRE_EQUAL(ret.size(), 1U); BOOST_CHECK_EQUAL(queriesCount, 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Insecure); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Insecure); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 0U); BOOST_CHECK_EQUAL(ne.DNSSECRecords.records.size(), 0U); @@ -604,7 +604,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) sr->setDNSSECValidationRequested(false); int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Indeterminate); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Indeterminate); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { if (record.d_type == QType::SOA) { @@ -615,7 +615,7 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) NegCache::NegCacheEntry ne; BOOST_CHECK_EQUAL(SyncRes::t_sstorage.negcache.size(), 1U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Indeterminate); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Indeterminate); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.d_ttd, now + SyncRes::s_maxnegttl); @@ -627,14 +627,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) sr->setDNSSECValidationRequested(true); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK_EQUAL(record.d_ttl, SyncRes::s_maxbogusttl); } BOOST_CHECK_EQUAL(queriesCount, 4U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Bogus); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.d_ttd, now + SyncRes::s_maxbogusttl); @@ -647,14 +647,14 @@ BOOST_AUTO_TEST_CASE(test_dnssec_validation_from_negcache_bogus) sr->setDNSSECValidationRequested(false); res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret); BOOST_CHECK_EQUAL(res, RCode::NoError); - BOOST_CHECK_EQUAL(sr->getValidationState(), Bogus); + BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Bogus); BOOST_REQUIRE_EQUAL(ret.size(), 2U); for (const auto& record : ret) { BOOST_CHECK_EQUAL(record.d_ttl, SyncRes::s_maxbogusttl); } BOOST_CHECK_EQUAL(queriesCount, 4U); BOOST_REQUIRE_EQUAL(SyncRes::t_sstorage.negcache.get(target, QType(QType::A), sr->getNow(), ne), true); - BOOST_CHECK_EQUAL(ne.d_validationState, Bogus); + BOOST_CHECK_EQUAL(ne.d_validationState, vState::Bogus); BOOST_CHECK_EQUAL(ne.authoritySOA.records.size(), 1U); BOOST_CHECK_EQUAL(ne.authoritySOA.signatures.size(), 1U); BOOST_CHECK_EQUAL(ne.d_ttd, now + SyncRes::s_maxbogusttl); @@ -765,7 +765,7 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo) dsmap_t ds; auto state = sr->getDSRecords(target, ds, false, 0, false); - BOOST_CHECK_EQUAL(state, Secure); + BOOST_CHECK_EQUAL(state, vState::Secure); BOOST_REQUIRE_EQUAL(ds.size(), 1U); for (const auto& i : ds) { BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA256); @@ -818,7 +818,7 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_all_sha) dsmap_t ds; auto state = sr->getDSRecords(target, ds, false, 0, false); - BOOST_CHECK_EQUAL(state, Secure); + BOOST_CHECK_EQUAL(state, vState::Secure); BOOST_REQUIRE_EQUAL(ds.size(), 1U); for (const auto& i : ds) { BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA384); @@ -871,7 +871,7 @@ BOOST_AUTO_TEST_CASE(test_getDSRecords_multialgo_two_highest) dsmap_t ds; auto state = sr->getDSRecords(target, ds, false, 0, false); - BOOST_CHECK_EQUAL(state, Secure); + BOOST_CHECK_EQUAL(state, vState::Secure); BOOST_REQUIRE_EQUAL(ds.size(), 2U); for (const auto& i : ds) { BOOST_CHECK_EQUAL(i.d_digesttype, DNSSECKeeper::DIGEST_SHA256); diff --git a/pdns/reczones.cc b/pdns/reczones.cc index 28716ac317..b0a99480f2 100644 --- a/pdns/reczones.cc +++ b/pdns/reczones.cc @@ -45,7 +45,7 @@ static void insertIntoRootNSZones(const DNSName &name) { void primeHints(void) { // prime root cache - const vState validationState = Insecure; + const vState validationState = vState::Insecure; vector nsset; t_rootNSZones.clear(); diff --git a/pdns/secpoll-recursor.cc b/pdns/secpoll-recursor.cc index dbb4aa7842..eacaef0928 100644 --- a/pdns/secpoll-recursor.cc +++ b/pdns/secpoll-recursor.cc @@ -47,7 +47,7 @@ void doSecPoll(time_t* last_secpoll) boost::replace_all(qstring, "+", "_"); boost::replace_all(qstring, "~", "_"); - vState state = Indeterminate; + vState state = vState::Indeterminate; DNSName query(qstring); int res = sr.beginResolve(query, QType(QType::TXT), 1, ret); @@ -55,7 +55,7 @@ void doSecPoll(time_t* last_secpoll) state = sr.getValidationState(); } - if(state == Bogus) { + if(state == vState::Bogus) { g_log<&ret, unsigned int depth) { - vState state = Indeterminate; + vState state = vState::Indeterminate; s_queries++; d_wasVariable=false; d_wasOutOfBand=false; if (doSpecialNamesResolve(qname, qtype, qclass, ret)) { - d_queryValidationState = Insecure; // this could fool our stats into thinking a validation took place + d_queryValidationState = vState::Insecure; // this could fool our stats into thinking a validation took place return 0; // so do check before updating counters (we do now) } @@ -159,7 +159,7 @@ int SyncRes::beginResolve(const DNSName &qname, const QType &qtype, uint16_t qcl d_queryValidationState = state; if (shouldValidate()) { - if (d_queryValidationState != Indeterminate) { + if (d_queryValidationState != vState::Indeterminate) { g_stats.dnssecValidations++; } increaseDNSSECStateCounter(d_queryValidationState); @@ -781,7 +781,7 @@ int SyncRes::doResolveNoQNameMinimization(const DNSName &qname, const QType &qty LOG(prefix< s_maxdepth) { string msg = "More than " + std::to_string(s_maxdepth) + " (max-recursion-depth) levels of recursion needed while resolving " + qname.toLogString(); @@ -931,7 +931,7 @@ vector SyncRes::getAddrs(const DNSName &qname, unsigned int depth, d_DNSSECValidationRequested = false; try { - vState newState = Indeterminate; + vState newState = vState::Indeterminate; res_t resv4; // If IPv4 ever becomes second class, we should revisit this if (doResolve(qname, QType::A, resv4, depth+1, beenthere, newState) == 0) { // this consults cache, OR goes out @@ -946,7 +946,7 @@ vector SyncRes::getAddrs(const DNSName &qname, unsigned int depth, if (s_doIPv6) { if (ret.empty()) { // We did not find IPv4 addresses, try to get IPv6 ones - newState = Indeterminate; + newState = vState::Indeterminate; res_t resv6; if (doResolve(qname, QType::AAAA, resv6, depth+1, beenthere, newState) == 0) { // this consults cache, OR goes out for (const auto &i : resv6) { @@ -1164,7 +1164,7 @@ DNSName SyncRes::getBestNSNamesFromCache(const DNSName &qname, const QType& qtyp void SyncRes::updateValidationStatusInCache(const DNSName &qname, const QType& qt, bool aa, vState newState) const { - if (newState == Bogus) { + if (newState == vState::Bogus) { s_RC->updateValidationStatus(d_now.tv_sec, qname, qt, d_cacheRemote, d_routingTag, aa, newState, s_maxbogusttl + d_now.tv_sec); } else { @@ -1245,7 +1245,7 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector if(record.d_ttl > (unsigned int) d_now.tv_sec) { - if (!wasAuthZone && shouldValidate() && (wasAuth || wasForwardRecurse) && state == Indeterminate && d_requireAuthData) { + if (!wasAuthZone && shouldValidate() && (wasAuth || wasForwardRecurse) && state == vState::Indeterminate && d_requireAuthData) { /* This means we couldn't figure out the state when this entry was cached, most likely because we hadn't computed the zone cuts yet. */ /* make sure they are computed before validating */ @@ -1257,12 +1257,12 @@ bool SyncRes::doCNAMECacheCheck(const DNSName &qname, const QType &qtype, vector computeZoneCuts(subdomain, g_rootdnsname, depth); vState recordState = getValidationStatus(foundName, false); - if (recordState == Secure) { - LOG(prefix<beenthere; - vState cnameState = Indeterminate; + vState cnameState = vState::Indeterminate; res = doResolve(newTarget, qtype, ret, depth+1, beenthere, cnameState); LOG(prefix< capTTD = boost::none; - if (state == Bogus) { + if (state == vState::Bogus) { capTTD = d_now.tv_sec + s_maxbogusttl; } t_sstorage.negcache.updateValidationStatus(ne.d_name, ne.d_qtype, state, capTTD); @@ -1526,13 +1526,13 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w labels.pop_back(); while(!labels.empty()) { if (t_sstorage.negcache.get(negCacheName, QType(0), d_now, ne, true)) { - if (ne.d_validationState == Indeterminate && validationEnabled()) { - // LOG(prefix << negCacheName << " negatively cached and Indeterminate, trying to validate NXDOMAIN" << endl); + if (ne.d_validationState == vState::Indeterminate && validationEnabled()) { + // LOG(prefix << negCacheName << " negatively cached and vState::Indeterminate, trying to validate NXDOMAIN" << endl); // ... // And get the updated ne struct //t_sstorage.negcache.get(negCacheName, QType(0), d_now, ne, true); } - if ((s_hardenNXD == HardenNXD::Yes && ne.d_validationState != Bogus) || ne.d_validationState == Secure) { + if ((s_hardenNXD == HardenNXD::Yes && ne.d_validationState != vState::Bogus) || ne.d_validationState == vState::Secure) { res = RCode::NXDomain; sttl = ne.d_ttd - d_now.tv_sec; giveNegative = true; @@ -1550,11 +1550,11 @@ bool SyncRes::doCacheCheck(const DNSName &qname, const DNSName& authname, bool w state = cachedState; - if (!wasAuthZone && shouldValidate() && state == Indeterminate) { - LOG(prefix<dsAnchors.empty()) { LOG(d_prefix<<": No trust anchors configured, everything is Insecure"<negAnchors, zone, reason)) { LOG(d_prefix<<": got NTA for '"<dsAnchors, zone, ds)) { LOG(d_prefix<<": got TA for '"<dsAnchors.size()< beenthere; std::vector dsrecords; - vState state = Indeterminate; + vState state = vState::Indeterminate; const bool oldCacheOnly = setCacheOnly(false); int rcode = doResolve(zone, QType(QType::DS), dsrecords, depth + 1, beenthere, state); setCacheOnly(oldCacheOnly); @@ -2135,7 +2135,7 @@ vState SyncRes::getDSRecords(const DNSName& zone, dsmap_t& ds, bool taOnly, unsi - a signed zone (Secure) to an unsigned one (Insecure) - an unsigned zone to another unsigned one (Insecure stays Insecure, Bogus stays Bogus) */ - return state == Secure ? Insecure : state; + return state == vState::Secure ? vState::Insecure : state; } else { /* we have a DS */ if (foundCut) { @@ -2148,7 +2148,7 @@ vState SyncRes::getDSRecords(const DNSName& zone, dsmap_t& ds, bool taOnly, unsi } LOG(d_prefix<<": returning Bogus state from "<<__func__<<"("<second != Indeterminate) { + if (allowIndeterminate || it->second != vState::Indeterminate) { LOG(d_prefix<<": got status "<second<<" for name "<second; } @@ -2189,9 +2189,9 @@ bool SyncRes::lookForCut(const DNSName& qname, unsigned int depth, const vState { bool foundCut = false; dsmap_t ds; - vState dsState = getDSRecords(qname, ds, newState == Bogus || existingState == Insecure || existingState == Bogus, depth, false, &foundCut); + vState dsState = getDSRecords(qname, ds, newState == vState::Bogus || existingState == vState::Insecure || existingState == vState::Bogus, depth, false, &foundCut); - if (dsState != Indeterminate) { + if (dsState != vState::Indeterminate) { newState = dsState; } @@ -2234,7 +2234,7 @@ void SyncRes::computeZoneCuts(const DNSName& begin, const DNSName& end, unsigned const auto cutIt = d_cutStates.find(qname); if (cutIt != d_cutStates.cend()) { - if (cutIt->second != Indeterminate) { + if (cutIt->second != vState::Indeterminate) { LOG(d_prefix<<": - Cut already known at "<second; continue; @@ -2244,10 +2244,10 @@ void SyncRes::computeZoneCuts(const DNSName& begin, const DNSName& end, unsigned /* no need to look for NS and DS if we are already insecure or bogus, just look for (N)TA */ - if (cutState == Insecure || cutState == Bogus) { + if (cutState == vState::Insecure || cutState == vState::Bogus) { dsmap_t cutDS; vState newState = getDSRecords(qname, cutDS, true, depth); - if (newState == Indeterminate) { + if (newState == vState::Indeterminate) { continue; } @@ -2259,14 +2259,14 @@ void SyncRes::computeZoneCuts(const DNSName& begin, const DNSName& end, unsigned continue; } - vState newState = Indeterminate; - /* temporarily mark as Indeterminate, so that we won't enter an endless loop + vState newState = vState::Indeterminate; + /* temporarily mark as vState::Indeterminate, so that we won't enter an endless loop trying to determine that zone cut again. */ d_cutStates[qname] = newState; bool foundCut = lookForCut(qname, depth, cutState, newState); if (foundCut) { LOG(d_prefix<<": - Found cut at "< beenthere; LOG(d_prefix<<"Retrieving DNSKeys for "<(key); @@ -2365,7 +2365,7 @@ vState SyncRes::getDNSKeys(const DNSName& signer, skeyset_t& keys, unsigned int } LOG(d_prefix<<"Returning Bogus state from "<<__func__<<"("<& records, const std::vector >& signatures) @@ -2381,18 +2381,18 @@ vState SyncRes::validateRecordsWithSigs(unsigned int depth, const DNSName& qname DS (or a denial of a DS) signed by the DS itself, since we should be requesting it from the parent zone. Something is very wrong */ LOG(d_prefix<<"The DS for "<& allowedAdditionals, const DNSRecord& rec) @@ -2789,7 +2789,7 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr vState recordState = getValidationStatus(i->first.name, false); LOG(d_prefix<<": got initial zone status "<first.name<<"|"<first.type)<first.name<first.name, i->second.records, i->second.signatures); /* we might have missed a cut (zone cut within the same auth servers), causing the NS query for an Insecure zone to seem Bogus during zone cut determination */ - if (qtype == QType::NS && i->second.signatures.empty() && recordState == Bogus && haveExactValidationStatus(i->first.name) && getValidationStatus(i->first.name) == Indeterminate) { - recordState = Indeterminate; + if (qtype == QType::NS && i->second.signatures.empty() && recordState == vState::Bogus && haveExactValidationStatus(i->first.name) && getValidationStatus(i->first.name) == vState::Indeterminate) { + recordState = vState::Indeterminate; } } } } } else { - recordState = Indeterminate; + recordState = vState::Indeterminate; /* in a non authoritative answer, we only care about the DS record (or lack of) */ if ((i->first.type == QType::DS || i->first.type == QType::NSEC || i->first.type == QType::NSEC3) && i->first.place == DNSResourceRecord::AUTHORITY) { @@ -2836,7 +2836,7 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr } } - if (initialState == Secure && state != recordState && expectSignature) { + if (initialState == vState::Secure && state != recordState && expectSignature) { updateValidationState(state, recordState); } } @@ -2846,7 +2846,7 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr } } - if (recordState == Bogus) { + if (recordState == vState::Bogus) { /* this is a TTD by now, be careful */ for(auto& record : i->second.records) { record.d_ttl = std::min(record.d_ttl, static_cast(s_maxbogusttl + d_now.tv_sec)); @@ -2900,10 +2900,10 @@ RCode::rcodes_ SyncRes::updateCacheFromRecords(unsigned int depth, LWResult& lwr void SyncRes::updateDenialValidationState(vState& neValidationState, const DNSName& neName, vState& state, const dState denialState, const dState expectedState, bool allowOptOut) { if (denialState == expectedState) { - neValidationState = Secure; + neValidationState = vState::Secure; } else { - if (denialState == OPTOUT && allowOptOut) { + if (denialState == dState::OPTOUT && allowOptOut) { LOG(d_prefix<<"OPT-out denial found for "< beenthere2; - vState cnameState = Indeterminate; + vState cnameState = vState::Indeterminate; *rcode = doResolve(newtarget, qtype, ret, depth + 1, beenthere2, cnameState); LOG(prefix<d_signer<<"/"<d_tag<d_signer, keys); - cerr<<"! state = "< > getByTag(const skeyset_t& keys, uint16_t tag, uint8_t algorithm) { vector> ret; @@ -334,7 +331,7 @@ static bool provesNSEC3NoWildCard(DNSName wildcard, uint16_t const qtype, const /* This function checks whether the existence of qname|qtype is denied by the NSEC and NSEC3 in validrrsets. - - If `referralToUnsigned` is true and qtype is QType::DS, this functions returns NODATA + - If `referralToUnsigned` is true and qtype is QType::DS, this functions returns NODENIAL if a NSEC or NSEC3 proves that the name exists but no NS type exists, as specified in RFC 5155 section 8.9. - If `wantsNoDataProof` is set but a NSEC proves that the whole name does not exist, the function will return NXQTYPE is the name is proven to be ENT and NXDOMAIN otherwise. @@ -374,14 +371,14 @@ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16 LOG("type is "<isSet(QType::NS))<<", SOA is "<isSet(QType::SOA))<<", signer is "<isSet(qtype)) { LOG("Does _not_ deny existence of type "<isSet(QType::CNAME)) { LOG("However a CNAME exists"<isSet(QType::NS)) { LOG("However, no NS record exists at this level!"<isSet(qtype)<<", next: "<d_next<isSet(QType::NS))<<", SOA is "<isSet(QType::SOA))<<", signer is "<isSet(qtype)) { LOG("Does _not_ deny existence of type "<isSet(QType::CNAME)) { LOG("However a CNAME exists"<isSet(QType::NS)) { LOG("However, no NS record exists at this level!"<dsAnchors; if (anchors.empty()) // Nothing to do here - return Insecure; + return vState::Insecure; // Determine the lowest (i.e. with the most labels) Trust Anchor for zone DNSName lowestTA("."); @@ -961,7 +958,7 @@ vState getKeysFor(DNSRecordOracle& dro, const DNSName& zone, skeyset_t& keyset) */ if(lowestTA.countLabels() <= lowestNTA.countLabels()) { LOG("marking answer Insecure"< >& signa return DNSName(); } +const std::string& vStateToString(vState state) +{ + static const std::vector vStates = {"Indeterminate", "Bogus", "Insecure", "Secure", "NTA", "TA"}; + return vStates.at(static_cast(state)); +} + std::ostream& operator<<(std::ostream &os, const vState d) { - os< dStates = {"no denial", "nxdomain", "nxqtype", "empty non-terminal", "insecure", "opt-out"}; + os<(d)); return os; } diff --git a/pdns/validate.hh b/pdns/validate.hh index 35588897a4..60054aa130 100644 --- a/pdns/validate.hh +++ b/pdns/validate.hh @@ -33,12 +33,11 @@ extern time_t g_signatureInceptionSkew; extern uint16_t g_maxNSEC3Iterations; // 4033 5 -enum vState : uint8_t { Indeterminate, Bogus, Insecure, Secure, NTA, TA }; -extern const char *vStates[]; +enum class vState : uint8_t { Indeterminate, Bogus, Insecure, Secure, NTA, TA }; +const std::string& vStateToString(vState state); // NSEC(3) results -enum dState : uint8_t { NODATA, NXDOMAIN, NXQTYPE, ENT, INSECURE, OPTOUT}; -extern const char *dStates[]; +enum class dState : uint8_t { NODENIAL, NXDOMAIN, NXQTYPE, ENT, INSECURE, OPTOUT}; std::ostream& operator<<(std::ostream &os, const vState d); std::ostream& operator<<(std::ostream &os, const dState d);