[thirdparty/systemd.git] / src / resolve / test-dnssec-complex.c

/* SPDX-License-Identifier: LGPL-2.1+ */

#include <netinet/ip.h>

#include "sd-bus.h"

#include "af-list.h"
#include "alloc-util.h"
#include "bus-common-errors.h"
#include "dns-type.h"
#include "random-util.h"
#include "resolved-def.h"
#include "string-util.h"
#include "time-util.h"

static void prefix_random(const char *name, char **ret) {
        uint64_t i, u;
        char *m = NULL;

        u = 1 + (random_u64() & 3);

        for (i = 0; i < u; i++) {
                _cleanup_free_ char *b = NULL;
                char *x;

                assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
                x = strjoin(b, ".", name);
                assert_se(x);

                free(m);
                m = x;
        }

        *ret = m;
 }

static void test_rr_lookup(sd_bus *bus, const char *name, uint16_t type, const char *result) {
        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_free_ char *m = NULL;
        int r;

        /* If the name starts with a dot, we prefix one to three random labels */
        if (startswith(name, ".")) {
                prefix_random(name + 1, &m);
                name = m;
        }

        assert_se(sd_bus_message_new_method_call(
                                  bus,
                                  &req,
                                  "org.freedesktop.resolve1",
                                  "/org/freedesktop/resolve1",
                                  "org.freedesktop.resolve1.Manager",
                                  "ResolveRecord") >= 0);

        assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);

        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);

        if (r < 0) {
                assert_se(result);
                assert_se(sd_bus_error_has_name(&error, result));
                log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name);
        } else {
                assert_se(!result);
                log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type));
        }
}

static void test_hostname_lookup(sd_bus *bus, const char *name, int family, const char *result) {
        _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
        _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
        _cleanup_free_ char *m = NULL;
        const char *af;
        int r;

        af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);

        /* If the name starts with a dot, we prefix one to three random labels */
        if (startswith(name, ".")) {
                prefix_random(name + 1, &m);
                name = m;
        }

        assert_se(sd_bus_message_new_method_call(
                                  bus,
                                  &req,
                                  "org.freedesktop.resolve1",
                                  "/org/freedesktop/resolve1",
                                  "org.freedesktop.resolve1.Manager",
                                  "ResolveHostname") >= 0);

        assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);

        r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);

        if (r < 0) {
                assert_se(result);
                assert_se(sd_bus_error_has_name(&error, result));
                log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
        } else {
                assert_se(!result);
                log_info("[OK] %s/%s succeeded.", name, af);
        }

}

int main(int argc, char* argv[]) {
        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;

        /* Note that this is a manual test as it requires:
         *
         *    Full network access
         *    A DNSSEC capable DNS server
         *    That zones contacted are still set up as they were when I wrote this.
         */

        assert_se(sd_bus_open_system(&bus) >= 0);

        /* Normally signed */
        test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
        test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);

        test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
        test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);

        /* Normally signed, NODATA */
        test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
        test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);

        /* Invalid signature */
        test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
        test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);

        /* Invalid signature, RSA, wildcard */
        test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
        test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);

        /* Invalid signature, ECDSA, wildcard */
        test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
        test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);

        /* Missing DS for DNSKEY */
        test_rr_lookup(bus, "www.dnssec-bogus.sg", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
        test_hostname_lookup(bus, "www.dnssec-bogus.sg", AF_INET, BUS_ERROR_DNSSEC_FAILED);

        /* NXDOMAIN in NSEC domain */
        test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
        test_rr_lookup(bus, "_pgpkey-https._tcp.hkps.pool.sks-keyservers.net", DNS_TYPE_SRV, _BUS_ERROR_DNS "NXDOMAIN");

        /* wildcard, NSEC zone */
        test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
        test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);

        /* wildcard, NSEC zone, NODATA */
        test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);

        /* wildcard, NSEC3 zone */
        test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
        test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);

        /* wildcard, NSEC3 zone, NODATA */
        test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);

        /* wildcard, NSEC zone, CNAME */
        test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
        test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
        test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);

        /* wildcard, NSEC zone, NODATA, CNAME */
        test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);

        /* wildcard, NSEC3 zone, CNAME */
        test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
        test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
        test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);

        /* wildcard, NSEC3 zone, NODATA, CNAME */
        test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);

        /* NODATA due to empty non-terminal in NSEC domain */
        test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
        test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
        test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
        test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);

        /* NXDOMAIN in NSEC root zone: */
        test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");

        /* NXDOMAIN in NSEC3 .com zone: */
        test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");

        /* Unsigned A */
        test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
        test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
        test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
        test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
        test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);

#if HAVE_LIBIDN2 || HAVE_LIBIDN
        /* Unsigned A with IDNA conversion necessary */
        test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
        test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
        test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
#endif

        /* DNAME, pointing to NXDOMAIN */
        test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
        test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
        test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");

        return 0;
}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
412577e3	2
12634bb4 LP	3	#include <netinet/ip.h>
12634bb4 LP	4
412577e3 LP	5	#include "sd-bus.h"
412577e3 LP	6
12634bb4	7	#include "af-list.h"
412577e3 LP	8	#include "alloc-util.h"
	9	#include "bus-common-errors.h"
	10	#include "dns-type.h"
	11	#include "random-util.h"
4cbfd62b	12	#include "resolved-def.h"
412577e3 LP	13	#include "string-util.h"
	14	#include "time-util.h"
	15
12634bb4 LP	16	static void prefix_random(const char name, char *ret) {
	17	uint64_t i, u;
	18	char *m = NULL;
	19
	20	u = 1 + (random_u64() & 3);
	21
	22	for (i = 0; i < u; i++) {
	23	_cleanup_free_ char *b = NULL;
	24	char *x;
	25
	26	assert_se(asprintf(&b, "x%" PRIu64 "x", random_u64()));
605405c6	27	x = strjoin(b, ".", name);
12634bb4 LP	28	assert_se(x);
	29
	30	free(m);
	31	m = x;
	32	}
	33
	34	*ret = m;
	35	}
	36
	37	static void test_rr_lookup(sd_bus bus, const char name, uint16_t type, const char *result) {
412577e3 LP	38	_cleanup_(sd_bus_message_unrefp) sd_bus_message req = NULL, reply = NULL;
	39	_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
	40	_cleanup_free_ char *m = NULL;
	41	int r;
	42
	43	/* If the name starts with a dot, we prefix one to three random labels */
	44	if (startswith(name, ".")) {
12634bb4 LP	45	prefix_random(name + 1, &m);
12634bb4 LP	46	name = m;
412577e3 LP	47	}
	48
	49	assert_se(sd_bus_message_new_method_call(
	50	bus,
	51	&req,
	52	"org.freedesktop.resolve1",
	53	"/org/freedesktop/resolve1",
	54	"org.freedesktop.resolve1.Manager",
	55	"ResolveRecord") >= 0);
	56
	57	assert_se(sd_bus_message_append(req, "isqqt", 0, name, DNS_CLASS_IN, type, UINT64_C(0)) >= 0);
	58
4cbfd62b	59	r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
412577e3 LP	60
	61	if (r < 0) {
	62	assert_se(result);
	63	assert_se(sd_bus_error_has_name(&error, result));
	64	log_info("[OK] %s/%s resulted in <%s>.", name, dns_type_to_string(type), error.name);
	65	} else {
	66	assert_se(!result);
	67	log_info("[OK] %s/%s succeeded.", name, dns_type_to_string(type));
	68	}
	69	}
	70
12634bb4 LP	71	static void test_hostname_lookup(sd_bus bus, const char name, int family, const char *result) {
	72	_cleanup_(sd_bus_message_unrefp) sd_bus_message req = NULL, reply = NULL;
	73	_cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
	74	_cleanup_free_ char *m = NULL;
	75	const char *af;
	76	int r;
	77
	78	af = family == AF_UNSPEC ? "AF_UNSPEC" : af_to_name(family);
	79
	80	/* If the name starts with a dot, we prefix one to three random labels */
	81	if (startswith(name, ".")) {
	82	prefix_random(name + 1, &m);
	83	name = m;
	84	}
	85
	86	assert_se(sd_bus_message_new_method_call(
	87	bus,
	88	&req,
	89	"org.freedesktop.resolve1",
	90	"/org/freedesktop/resolve1",
	91	"org.freedesktop.resolve1.Manager",
	92	"ResolveHostname") >= 0);
	93
	94	assert_se(sd_bus_message_append(req, "isit", 0, name, family, UINT64_C(0)) >= 0);
	95
4cbfd62b	96	r = sd_bus_call(bus, req, SD_RESOLVED_QUERY_TIMEOUT_USEC, &error, &reply);
12634bb4 LP	97
	98	if (r < 0) {
	99	assert_se(result);
	100	assert_se(sd_bus_error_has_name(&error, result));
	101	log_info("[OK] %s/%s resulted in <%s>.", name, af, error.name);
	102	} else {
	103	assert_se(!result);
	104	log_info("[OK] %s/%s succeeded.", name, af);
	105	}
	106
	107	}
	108
412577e3 LP	109	int main(int argc, char* argv[]) {
	110	_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
	111
	112	/* Note that this is a manual test as it requires:
	113	*
	114	* Full network access
	115	* A DNSSEC capable DNS server
	116	* That zones contacted are still set up as they were when I wrote this.
	117	*/
	118
	119	assert_se(sd_bus_open_system(&bus) >= 0);
	120
	121	/* Normally signed */
12634bb4 LP	122	test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_A, NULL);
	123	test_hostname_lookup(bus, "www.eurid.eu", AF_UNSPEC, NULL);
	124
	125	test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_A, NULL);
	126	test_hostname_lookup(bus, "sigok.verteiltesysteme.net", AF_UNSPEC, NULL);
412577e3 LP	127
412577e3 LP	128	/* Normally signed, NODATA */
12634bb4 LP	129	test_rr_lookup(bus, "www.eurid.eu", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
12634bb4 LP	130	test_rr_lookup(bus, "sigok.verteiltesysteme.net", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3 LP	131
412577e3 LP	132	/* Invalid signature */
12634bb4 LP	133	test_rr_lookup(bus, "sigfail.verteiltesysteme.net", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
12634bb4 LP	134	test_hostname_lookup(bus, "sigfail.verteiltesysteme.net", AF_INET, BUS_ERROR_DNSSEC_FAILED);
412577e3 LP	135
412577e3 LP	136	/* Invalid signature, RSA, wildcard */
12634bb4 LP	137	test_rr_lookup(bus, ".wilda.rhybar.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
12634bb4 LP	138	test_hostname_lookup(bus, ".wilda.rhybar.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
412577e3 LP	139
412577e3 LP	140	/* Invalid signature, ECDSA, wildcard */
12634bb4 LP	141	test_rr_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
12634bb4 LP	142	test_hostname_lookup(bus, ".wilda.rhybar.ecdsa.0skar.cz", AF_INET, BUS_ERROR_DNSSEC_FAILED);
412577e3	143
6d67385f LP	144	/* Missing DS for DNSKEY */
	145	test_rr_lookup(bus, "www.dnssec-bogus.sg", DNS_TYPE_A, BUS_ERROR_DNSSEC_FAILED);
	146	test_hostname_lookup(bus, "www.dnssec-bogus.sg", AF_INET, BUS_ERROR_DNSSEC_FAILED);
	147
412577e3	148	/* NXDOMAIN in NSEC domain */
12634bb4 LP	149	test_rr_lookup(bus, "hhh.nasa.gov", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
12634bb4 LP	150	test_hostname_lookup(bus, "hhh.nasa.gov", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
0b491556	151	test_rr_lookup(bus, "_pgpkey-https._tcp.hkps.pool.sks-keyservers.net", DNS_TYPE_SRV, _BUS_ERROR_DNS "NXDOMAIN");
412577e3 LP	152
412577e3 LP	153	/* wildcard, NSEC zone */
12634bb4 LP	154	test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_A, NULL);
12634bb4 LP	155	test_hostname_lookup(bus, ".wilda.nsec.0skar.cz", AF_INET, NULL);
412577e3 LP	156
412577e3 LP	157	/* wildcard, NSEC zone, NODATA */
12634bb4	158	test_rr_lookup(bus, ".wilda.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3 LP	159
412577e3 LP	160	/* wildcard, NSEC3 zone */
12634bb4 LP	161	test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_A, NULL);
12634bb4 LP	162	test_hostname_lookup(bus, ".wilda.0skar.cz", AF_INET, NULL);
412577e3 LP	163
412577e3 LP	164	/* wildcard, NSEC3 zone, NODATA */
12634bb4	165	test_rr_lookup(bus, ".wilda.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3 LP	166
412577e3 LP	167	/* wildcard, NSEC zone, CNAME */
12634bb4 LP	168	test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_A, NULL);
	169	test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_UNSPEC, NULL);
	170	test_hostname_lookup(bus, ".wild.nsec.0skar.cz", AF_INET, NULL);
412577e3 LP	171
412577e3 LP	172	/* wildcard, NSEC zone, NODATA, CNAME */
12634bb4	173	test_rr_lookup(bus, ".wild.nsec.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3 LP	174
412577e3 LP	175	/* wildcard, NSEC3 zone, CNAME */
12634bb4 LP	176	test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_A, NULL);
	177	test_hostname_lookup(bus, ".wild.0skar.cz", AF_UNSPEC, NULL);
	178	test_hostname_lookup(bus, ".wild.0skar.cz", AF_INET, NULL);
412577e3 LP	179
412577e3 LP	180	/* wildcard, NSEC3 zone, NODATA, CNAME */
12634bb4	181	test_rr_lookup(bus, ".wild.0skar.cz", DNS_TYPE_RP, BUS_ERROR_NO_SUCH_RR);
412577e3 LP	182
412577e3 LP	183	/* NODATA due to empty non-terminal in NSEC domain */
12634bb4 LP	184	test_rr_lookup(bus, "herndon.nasa.gov", DNS_TYPE_A, BUS_ERROR_NO_SUCH_RR);
	185	test_hostname_lookup(bus, "herndon.nasa.gov", AF_UNSPEC, BUS_ERROR_NO_SUCH_RR);
	186	test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET, BUS_ERROR_NO_SUCH_RR);
	187	test_hostname_lookup(bus, "herndon.nasa.gov", AF_INET6, BUS_ERROR_NO_SUCH_RR);
412577e3 LP	188
412577e3 LP	189	/* NXDOMAIN in NSEC root zone: */
12634bb4 LP	190	test_rr_lookup(bus, "jasdhjas.kjkfgjhfjg", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
	191	test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
	192	test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
	193	test_hostname_lookup(bus, "jasdhjas.kjkfgjhfjg", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
412577e3 LP	194
412577e3 LP	195	/* NXDOMAIN in NSEC3 .com zone: */
12634bb4 LP	196	test_rr_lookup(bus, "kjkfgjhfjgsdfdsfd.com", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
	197	test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
	198	test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
	199	test_hostname_lookup(bus, "kjkfgjhfjgsdfdsfd.com", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
	200
	201	/* Unsigned A */
	202	test_rr_lookup(bus, "poettering.de", DNS_TYPE_A, NULL);
	203	test_rr_lookup(bus, "poettering.de", DNS_TYPE_AAAA, NULL);
	204	test_hostname_lookup(bus, "poettering.de", AF_UNSPEC, NULL);
	205	test_hostname_lookup(bus, "poettering.de", AF_INET, NULL);
	206	test_hostname_lookup(bus, "poettering.de", AF_INET6, NULL);
	207
349cc4a5	208	#if HAVE_LIBIDN2 \|\| HAVE_LIBIDN
12634bb4 LP	209	/* Unsigned A with IDNA conversion necessary */
	210	test_hostname_lookup(bus, "pöttering.de", AF_UNSPEC, NULL);
	211	test_hostname_lookup(bus, "pöttering.de", AF_INET, NULL);
	212	test_hostname_lookup(bus, "pöttering.de", AF_INET6, NULL);
	213	#endif
412577e3	214
8f4560c7 LP	215	/* DNAME, pointing to NXDOMAIN */
	216	test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_A, _BUS_ERROR_DNS "NXDOMAIN");
	217	test_rr_lookup(bus, ".ireallyhpoethisdoesnexist.xn--kprw13d.", DNS_TYPE_RP, _BUS_ERROR_DNS "NXDOMAIN");
	218	test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_UNSPEC, _BUS_ERROR_DNS "NXDOMAIN");
	219	test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET, _BUS_ERROR_DNS "NXDOMAIN");
	220	test_hostname_lookup(bus, ".ireallyhpoethisdoesntexist.xn--kprw13d.", AF_INET6, _BUS_ERROR_DNS "NXDOMAIN");
	221
412577e3 LP	222	return 0;
412577e3 LP	223	}