add mesh bogus test, possible locations for more EDE and remove superfluous todo...

diff --git a/services/localzone.c b/services/localzone.c
index 7e9df6d101c26c509c919a993cd871181e77e070..ce1d654fc57cd6a77c0920feaeaa2678a279e98c 100644 (file)
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -1274,7 +1274,6 @@ local_encode(struct query_info* qinfo, struct module_env* env,
                repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep,
                *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
                buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
-               /* @TODO: Do we need EDE here? Which one? */
                error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
                        *(uint16_t*)sldns_buffer_begin(buf),
                        sldns_buffer_read_u16_at(buf, 2), edns);
@@ -1316,7 +1315,6 @@ local_encode_ede(struct query_info* qinfo, struct module_env* env,
                if(!reply_info_answer_encode(qinfo, &rep,
                        *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2),
                        buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) {
-                       /* @TODO: Do we need EDE here? Which one? */
                        error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
                                *(uint16_t*)sldns_buffer_begin(buf),
                                sldns_buffer_read_u16_at(buf, 2), edns);

diff --git a/services/mesh.c b/services/mesh.c
index b6fba07e697201bd0de941dcde82171d6257c30d..991dcce7d961353ed2844769671da34586d66e07 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -1311,6 +1311,7 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
                        if(!inplace_cb_reply_servfail_call(m->s.env, &m->s.qinfo, &m->s,
                        rep, LDNS_RCODE_SERVFAIL, &r->edns, &r->query_reply, m->s.region, &r->start_time))
                                r->edns.opt_list = NULL;
+                       // @TODO EDE?
                        error_encode(r_buffer, LDNS_RCODE_SERVFAIL,
                                &m->s.qinfo, r->qid, r->qflags, &r->edns);
                }

diff --git a/services/rpz.c b/services/rpz.c
index f7ed0cfc04b917c08ba7d99738d536c697770e76..3a1ec00d7d3853668150e173fbc6b111fc379d91 100644 (file)
--- a/services/rpz.c
+++ b/services/rpz.c
@@ -1050,8 +1050,6 @@ rpz_apply_qname_trigger(struct auth_zones* az, struct module_env* env,
                return !qinfo->local_alias;
        }
 
-       // @TODO: Find out if it's local answer or blocked; if blocked then EDE: blocked
-       // -> we do that in this function
        ret = local_zones_zone_answer(z, env, qinfo, edns, repinfo, buf, temp,
                0 /* no local data used */, lzt);
        if(r->log)

diff --git a/testdata/ede.tdir/ede.test b/testdata/ede.tdir/ede.test
index c81d7f89fa61784c558f19a1bac067e3dd5529c0..aeec9b20a38876bb4c31559999c6f037f6508d83 100644 (file)
--- a/testdata/ede.tdir/ede.test
+++ b/testdata/ede.tdir/ede.test
@@ -80,8 +80,17 @@ then
        exit 1
 fi
 
+# @TODO what does this trigger?
 dig @localhost hopsa.kidee. A
 
+# @TODO trigger mesh DNSSEC bogus
+dig @127.0.0.1 -p $UNBOUND_PORT servfail.nl > servfail.txt
+
+if ! grep -q "OPT=15: 00 06" servfail.txt
+then
+       echo "query to servfail.nl should return EDE DNSSEC bogus"
+       exit 1
+fi
 
 # teardown
 kill_pid $UNBOUND_PID
\ No newline at end of file