Check synthesis of wildcard NODATA with 1 NSEC

diff --git a/bin/tests/system/synthfromdnssec/clean.sh b/bin/tests/system/synthfromdnssec/clean.sh
index 6fb8784a0687d25ca5bd916906f3209b78f625b4..e446e7e2a447aaff4e36f7f51b8eb2388afd429b 100644 (file)
--- a/bin/tests/system/synthfromdnssec/clean.sh
+++ b/bin/tests/system/synthfromdnssec/clean.sh
@@ -37,6 +37,7 @@ rm -f ./nodata.out ./insecure.nodata.out
 rm -f ./nxdomain.out ./insecure.nxdomain.out
 rm -f ./wild.out ./insecure.wild.out
 rm -f ./wildcname.out ./insecure.wildcname.out
+rm -f ./wildnodata1nsec.out ./insecure.wildnodata1nsec.out
 rm -f ./minimal.nxdomain.out
 rm -f ./black.out
 rm -f ./xml.out*

diff --git a/bin/tests/system/synthfromdnssec/ns1/example.db.in b/bin/tests/system/synthfromdnssec/ns1/example.db.in
index 5300256590b21e5c103498f8b9699ea51e094a06..4cb7f57d15fba7b23b452240de41628e3a46365b 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns1/example.db.in
+++ b/bin/tests/system/synthfromdnssec/ns1/example.db.in
@@ -14,4 +14,5 @@ ns1           A       10.53.0.1
 nodata         TXT     nodata
 *.wild-a       A       1.2.3.4
 *.wild-cname   CNAME   ns1
+*.wild-1-nsec  A       1.2.3.4
 dnamed         DNAME   dnamed.

diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh
index 5a6140929495b3e3653507ed71a642feb9c96d66..41d73554da81ae29ee61a2200b8d8df1af9c531d 100644 (file)
--- a/bin/tests/system/synthfromdnssec/tests.sh
+++ b/bin/tests/system/synthfromdnssec/tests.sh
@@ -93,6 +93,11 @@ check_nosynth_cname() (
     return 0
 )
 
+check_auth_count() {
+    grep "AUTHORITY: ${1}," ${2} > /dev/null || return 1
+    return 0
+}
+
 for ns in 2 4 5 6
 do
     case $ns in
@@ -146,6 +151,18 @@ do
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
 
+    echo_i "prime wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    dig_with_opts a.wild-1-nsec.example. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1
+    check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+    check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+    check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1
+    check_auth_count 4 dig.out.ns${ns}.test$n || ret=1
+    [ $ns -eq 2 ] && sed 's/^a\./b./' dig.out.ns${ns}.test$n > wildnodata1nsec.out
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
     echo_i "prime insecure negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
     ret=0
     dig_with_opts a.insecure.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
@@ -190,6 +207,18 @@ do
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
 
+    echo_i "prime insecure wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    dig_with_opts a.wild-1-nsec.insecure.example. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1
+    check_ad_flag no dig.out.ns${ns}.test$n || ret=1
+    check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+    check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1
+    check_auth_count 4 dig.out.ns${ns}.test$n || ret=1
+    [ $ns -eq 2 ] && cp dig.out.ns${ns}.test$n insecure.wildnodata1nsec.out
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
     echo_i "prime minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
     ret=0
     dig_with_opts nxdomain.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
@@ -327,6 +356,25 @@ do
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
 
+    echo_i "check synthesized wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    nextpart ns1/named.run > /dev/null
+    dig_with_opts b.wild-1-nsec.example. @10.53.0.${ns} AAAA > dig.out.ns${ns}.test$n || ret=1
+    check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+    check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+    if [ ${synth} = yes ]
+    then
+       check_synth_soa example. dig.out.ns${ns}.test$n || ret=1
+       nextpart ns1/named.run | grep b.wild-1-nsec.example/AAAA > /dev/null && ret=1
+    else
+       check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1
+       nextpart ns1/named.run | grep b.wild-1-nsec.example/AAAA > /dev/null || ret=1
+    fi
+    digcomp wildnodata1nsec.out dig.out.ns${ns}.test$n || ret=1
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
     echo_i "check insecure NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
     ret=0
     nextpart ns1/named.run > /dev/null
@@ -380,6 +428,18 @@ do
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
 
+    echo_i "check insecure wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    nextpart ns1/named.run > /dev/null
+    dig_with_opts b.wild-1-nsec.insecure.example. @10.53.0.${ns} AAAA > dig.out.ns${ns}.test$n || ret=1
+    check_ad_flag no dig.out.ns${ns}.test$n || ret=1
+    check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+    check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1
+    digcomp insecure.wildnodata1nsec.out dig.out.ns${ns}.test$n || ret=1
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
     echo_i "check minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
     ret=0
     nextpart ns1/named.run > /dev/null
@@ -470,7 +530,7 @@ do
     do
        case $synthesized in
        NXDOMAIN) count=1;;
-       no-data) count=2;;
+       no-data) count=3;;
        wildcard) count=2;;
        esac
        echo_i "check 'rndc stats' output for 'synthesized a ${synthesized} response' (synth-from-dnssec ${description};) ($n)"
@@ -531,7 +591,7 @@ do
        do
            case $synthesized in
            SynthNXDOMAIN) count=1;;
-           SynthNODATA) count=2;;
+           SynthNODATA) count=3;;
            SynthWILDCARD) count=2;;
            esac
 
@@ -594,7 +654,7 @@ do
        do
            case $synthesized in
            SynthNXDOMAIN) count=1;;
-           SynthNODATA) count=2;;
+           SynthNODATA) count=3;;
            SynthWILDCARD) count=2;;
            esac