From: Matthijs Mekking Date: Thu, 20 Feb 2014 09:48:08 +0000 (+0000) Subject: add test for being lenient with NSEC empty non-terminal Name Error responses with... X-Git-Tag: release-1.4.22rc1~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f54f748dd09d74253e884aafdb6320ce5627f05d;p=thirdparty%2Funbound.git add test for being lenient with NSEC empty non-terminal Name Error responses with rcode=NXDOMAIN while it should be rcode=NOERROR git-svn-id: file:///svn/unbound/trunk@3090 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/testdata/Kexample.com.+008+29332.ds b/testdata/Kexample.com.+008+29332.ds new file mode 100644 index 000000000..24d9ba443 --- /dev/null +++ b/testdata/Kexample.com.+008+29332.ds @@ -0,0 +1 @@ +example.com. IN DS 29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262 diff --git a/testdata/Kexample.com.+008+29332.key b/testdata/Kexample.com.+008+29332.key new file mode 100644 index 000000000..c6c998fe2 --- /dev/null +++ b/testdata/Kexample.com.+008+29332.key @@ -0,0 +1 @@ +example.com. IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} diff --git a/testdata/Kexample.com.+008+29332.private b/testdata/Kexample.com.+008+29332.private new file mode 100644 index 000000000..c93ebb5c2 --- /dev/null +++ b/testdata/Kexample.com.+008+29332.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: vhYw5MEtMW+YGtrmbpIrhV9WI7Oa/JQBTSq/zrVlBd4QW/CWd2o1T2vBGwzGtJYBizmccSsoOfj26wL8fLHFbXjvuIYUeF+AviaM2t4mb3N+3ZAUHVUttFsQ9h0MwsKfhyjSqcbv8obxbaLw/KbUvt/5pETBsuj7/vXoBLY9tooyF9YsouKrnCcFxQKVAw3MKLCGrEMmnWh4+p+RV15SBc62CLR1hEgrJAWEnlVYnbaemiL8aJ/RcsIAMCUDBEspzyj/ImQLGyTOCkenDkKSLWVyWDRqriyw649FD6d7ogdgLP0PabDO6VuWEsVqYp2rtofM23g2XLGGkA1UWIosPw== +PublicExponent: AQAB +PrivateExponent: J6G4z/j20zfRHshFAwi2yjf2Xbs0tTSmkNA47YAkb/S8tG6U8JDUTJrKyDkBtOURrVV1qKK24F9oG9ejjNwDra9pS6+o1PAUh5DCDWAD43jRGqDPkM4RmWjjQG0OHA039ZYtVfiETqyT6afvVr3x3VoVUoqDWCn7YE0k8taMR2JsvDLTF+yoM4s73ccHcaRoIOcjgZGjBOSE5B3ENBWr0fkZZGk9NAbNUWR2iS/mxxU74w7ctzXDhGdM84gFY3nNSB94v2YBlS758pqHlsXUOhHp43uWMOQxUPkbzWq8eKVEmP9enMd2YHZDP2Lk/NcLxO6qRtA7yIcZz0QH9jUJAQ== +Prime1: 5neg9VsNRQ6ypiqPs1BdH2CLb7xrKHlzbgowVG20Xr7T8q+1MirbZtaw9bf/0Op1dozYLR7PZN3fSeEmod+MyJ7EeuyqziIxVce1v/n/vsC2/sg0EIJYFM1nYMJbTBmm1bqMnqo9IGSLQHKkxay2+/4z4jaVCzfA7DqaNoU5VKs= +Prime2: 0yVP6Ipi40BZtJFmyw2Yz3SGIZC4uyucIPXH0BAmDhzrj9WmgI2CUyMHq2votztsRF/TgdXCIllUTEnN8za+qku7bqXb/hyc2o26Lhlnym7266rgshGObFu2V0otbJ8gcUyYKqzAqZL3PAohKTZGcz4gq+Pw6LteRfr1+o+f/r0= +Exponent1: H1YexZ22xTAFbICW/2uq7cxDyVKWQ2+YGVs7TQ+JmeRaj0IC4ipfoLEKaK63EuH+TLtD3Ya17mIYrUP268Wor9KeppQteU++44n/FXZZpscvWp9ALQp8DYAMUWS74zINtDvkSOKe4xuor3+nFdWxH7xls5l2VIslKTmipE0jCXc= +Exponent2: LppgrcHFm8T7R7iECLNClB9y73ui2mUAu+GjrY+y5pCJiaCtdFhHeJQVwEc8AR1Tgy/nXhPRGoW+7mun0lO1955piz1+dfLYyABaJIyk9PBS/ackmwj294GymEeeCQiCP5+ZQmoIyCTQ/uZ5dUAugocm7OmNpcCdSTLgEeKbfL0= +Coefficient: JAejyx84aLRhzkSMi01pAHxCx/8VNTlDm3Dp5eFANfffbOLnWGpHs9LgDugrJwJqBKgpkTR0SflKC2eZIa79yyPQSU1gG6Pa8gxQ5/+EPvPrVjkiG3gOweAcfzcfTdQ0KorfrdMulmHraFyWasV2P8/eImFTzjtrYUmJjDxEc84= diff --git a/testdata/Kexample.com.+008+55566.ds b/testdata/Kexample.com.+008+55566.ds new file mode 100644 index 000000000..5bd56d283 --- /dev/null +++ b/testdata/Kexample.com.+008+55566.ds @@ -0,0 +1 @@ +example.com. IN DS 55566 8 2 9c148338951ce1c3b5cd3da532f3d90dfcf92595148022f2c2fd98e5deee90af diff --git a/testdata/Kexample.com.+008+55566.key b/testdata/Kexample.com.+008+55566.key new file mode 100644 index 000000000..c6ab95b00 --- /dev/null +++ b/testdata/Kexample.com.+008+55566.key @@ -0,0 +1 @@ +example.com. IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} diff --git a/testdata/Kexample.com.+008+55566.private b/testdata/Kexample.com.+008+55566.private new file mode 100644 index 000000000..7be69ff8e --- /dev/null +++ b/testdata/Kexample.com.+008+55566.private @@ -0,0 +1,10 @@ +Private-key-format: v1.2 +Algorithm: 8 (RSASHA256) +Modulus: 26D8vvf2LSaA3ae4r9uHG7fAWflR32crb5dSZlCU9QRlQLlhm+bWt8yYRZMYGfzt8XES7+SMVkcnnkkvOqxtulUctuYoJNPaBhHYVXZYMpE4Yq5htWQkhd0oCMnQ424rnTs2Kdi+VZcijEefbYoBY533AqBJM0cGWYaRf62zeGE= +PublicExponent: AQAB +PrivateExponent: cWzk2uNIWe0GpHKYKQog7qmpR05BgDTR8+GchoabRyar/A9BX7iJr4aUJWpgChvb7tNMymOoLm61AUQehhjC2YFPAGefSKfMIBq+1IlYOXVS8D1febSKbGLME8ZxjPhl3hn3KI7ohaPJFHObpYTsWGrMKN8fBvx1bTU1ez29WVk= +Prime1: 9HItw7KjTC0YwzcizZwm4QrnWhqQ/2wWZ1CR+tCYotMCnmHmFc9mhwPZyd0nvTe2D3f/1v0detIOheh4RZHdnw== +Prime2: 5gKEulMicktumAz8UgTVFPfX77qGfn8Yg6ZAImscWpDAvBpcX4X9x5BRIGCGwKBew8kPzSAMc+7gSh0JgA7p/w== +Exponent1: eZgyW56IzGPCZZkPnueGD3u1CYUdi3Dg1BOoCfOpeZUtQEvCgCbjAVZRB7ETC3SjA57VjMPr3iSPRN0WtsSQUQ== +Exponent2: CZPnRP77Ozkq5Mf9pcivuszLQB9LRG80bR76IrTFHHxUmkCawhuJQssepbN/SPwklhCESO1ht14mFs/4uk1krw== +Coefficient: 8Mq70OxnmtJ4jqyNuNQV7UmpLU7Ts5aMuDEofNka9kHjE5br4q6lH+6TmFshEThJk/YKHGUU4T5Fx0hsnlqA+g== diff --git a/testdata/val_nodata_entnx.rpl b/testdata/val_nodata_entnx.rpl new file mode 100644 index 000000000..935cf7ce7 --- /dev/null +++ b/testdata/val_nodata_entnx.rpl @@ -0,0 +1,148 @@ +; config options +; The island of trust is at example.com +server: + trust-anchor: "example.com. IN DS 29332 8 2 751f8b755718a7b4ef8920a4b42407520889c3d2142a64f6ffad9e12fa9fc262" + val-override-date: "20140301134226" + target-fetch-policy: "0 0 0 0 0" + +stub-zone: + name: "." + stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET. +CONFIG_END + +SCENARIO_BEGIN Test validator with nodata on empty nonterminal response with rcode NXDOMAIN + +; K.ROOT-SERVERS.NET. +RANGE_BEGIN 0 100 + ADDRESS 193.0.14.129 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +. IN NS +SECTION ANSWER +. IN NS K.ROOT-SERVERS.NET. +SECTION ADDITIONAL +K.ROOT-SERVERS.NET. IN A 193.0.14.129 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.example.com. IN A +SECTION AUTHORITY +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END +RANGE_END + +; a.gtld-servers.net. +RANGE_BEGIN 0 100 + ADDRESS 192.5.6.30 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +com. IN NS +SECTION ANSWER +com. IN NS a.gtld-servers.net. +SECTION ADDITIONAL +a.gtld-servers.net. IN A 192.5.6.30 +ENTRY_END + +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +0.example.com. IN A +SECTION AUTHORITY +example.com. IN NS ns.example.com. +SECTION ADDITIONAL +ns.example.com. IN A 1.2.3.4 +ENTRY_END +RANGE_END + +; ns.example.com. +RANGE_BEGIN 0 100 + ADDRESS 1.2.3.4 +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN NS +SECTION ANSWER +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM= +ENTRY_END + +; response to DNSKEY priming query +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NOERROR +SECTION QUESTION +example.com. IN DNSKEY +SECTION ANSWER +example.com. 3600 IN DNSKEY 256 3 8 AwEAAdug/L739i0mgN2nuK/bhxu3wFn5Ud9nK2+XUmZQlPUEZUC5YZvm1rfMmEWTGBn87fFxEu/kjFZHJ55JLzqsbbpVHLbmKCTT2gYR2FV2WDKROGKuYbVkJIXdKAjJ0ONuK507NinYvlWXIoxHn22KAWOd9wKgSTNHBlmGkX+ts3hh ;{id = 55566 (zsk), size = 1024b} +example.com. 3600 IN DNSKEY 257 3 8 AwEAAb4WMOTBLTFvmBra5m6SK4VfViOzmvyUAU0qv861ZQXeEFvwlndqNU9rwRsMxrSWAYs5nHErKDn49usC/HyxxW1477iGFHhfgL4mjNreJm9zft2QFB1VLbRbEPYdDMLCn4co0qnG7/KG8W2i8Pym1L7f+aREwbLo+/716AS2PbaKMhfWLKLiq5wnBcUClQMNzCiwhqxDJp1oePqfkVdeUgXOtgi0dYRIKyQFhJ5VWJ22npoi/Gif0XLCADAlAwRLKc8o/yJkCxskzgpHpw5Cki1lclg0aq4ssOuPRQ+ne6IHYCz9D2mwzulblhLFamKdq7aHzNt4NlyxhpANVFiKLD8= ;{id = 29332 (ksk), size = 2048b} +example.com. 3600 IN RRSIG DNSKEY 8 2 3600 20140320093645 20140220093645 29332 example.com. Vjcu4FD2hbHO4jgRXBeWwhUU29DOyUhdcQuRBhcNNZPYS4/MNKrKzhqZ/5jGRx//UffVvZMrVjb2xbJXf0UALrBktbG/yRK0lETXu4JHVtUyCY8jiKlmSl4LabsYC5GvvoLCzXilYFtp1zzagorONmJtmBc9DiP3fp/ju0gZ45/pTn6cLY8cm2/ja5U5SQ4KQ4SVQsiNduvpLAm3CM2qkqOdspWtNEjjG92EXqgBg5lQ0pt5U2wKk3igecACGUiKzrc9qlSBoErS+rDYAZ3TKqUdW489o4hd0vOowvwgb7Z+lqleplyptlCAwpw/djNqA4dX+FTK/oB6lokX5bxnjQ== +SECTION AUTHORITY +example.com. 3600 IN NS ns.example.com. +example.com. 3600 IN RRSIG NS 8 2 3600 20140320093645 20140220093645 55566 example.com. Z+gwYHWVcSXkIYX35nm3bHzlARf1AsI51gH7lGUSwKoD+ZEePXgkqnVS3jrzl/VjeNrmGutpl1rP1tZvTLD5Hs7Q04BlmhS5X22jiGpfwfdaKbbBUNDuCLN31+W8A4B6PBA+jNO3m3+vYNctWfemWX2YTIxKIyOppFOZP2+ll4A= +SECTION ADDITIONAL +ns.example.com. 3600 IN A 1.2.3.4 +ns.example.com. 3600 IN RRSIG A 8 3 3600 20140320093645 20140220093645 55566 example.com. Fgdfl8Jp4xFHxHyjkjaso7pt0AdrRifUEP2fer8pNnW4KIH83uA4OjfYcMwdP4HqSBJFPb04wQLFoDrLDdFp3zSjHwQQm+4OIBffBMXQ42RSWFgjCygOzQ/vdBUsBDV9tf6y/ggQg+CVfI7l2oPrUwMQCrr69KdzzrRRlsivotM= +ENTRY_END + +; response to query of interest +ENTRY_BEGIN +MATCH opcode qtype qname +ADJUST copy_id +REPLY QR NXDOMAIN +SECTION QUESTION +0.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U= +; Denies A and wildcard +example.com. 3600 IN NSEC 0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg= +SECTION ADDITIONAL +ENTRY_END +RANGE_END + +STEP 1 QUERY +ENTRY_BEGIN +REPLY RD DO +SECTION QUESTION +0.example.com. IN A +ENTRY_END + +; recursion happens here. +STEP 10 CHECK_ANSWER +ENTRY_BEGIN +MATCH all +REPLY QR RD RA AD DO NOERROR +SECTION QUESTION +0.example.com. IN A +SECTION ANSWER +SECTION AUTHORITY +example.com. 3600 IN SOA ns.example.com. postmaster.example.com. 1337 1200 180 1209600 3600 +example.com. 3600 IN RRSIG SOA 8 2 3600 20140320093645 20140220093645 55566 example.com. dcglYOgcxQS6G0PIGitAvMsOUdChGmGAKKb9PYewds2CnoBZq9Tn5F27A4agfJJrUcMC1g3m/O9+kbIYSRs3L9qYwpV/hOu7WLAS/fw+8S3ASSWP2RE+uu0IC1qo0YdHtH5y/cNjqEUcH8uhD1CAYfgKdn3hWEwqXKpWAFrUE7U= +example.com. 3600 IN NSEC 0.0.0.0.example.com. NS SOA MX TXT RRSIG NSEC DNSKEY +example.com. 3600 IN RRSIG NSEC 8 2 3600 20140320093645 20140220093645 55566 example.com. dL8lR8Wsvow+dCR24E7BTG3NxzxVCJb0wxQ+k8gLVbQMMsMkQEh4gw2zOXkfX21764ULm6RxEww0ibuKnidXLGUEkCc6g+WL2hsnE2DUpwIGZXn/O3VamrB9+GJ+dbCj4NFl+IXNlrfQFsYOiw055jjQjZTxrsCzodnfxqDgwUg= +SECTION ADDITIONAL +ENTRY_END + +SCENARIO_END