Add presigned tests. Improve DNSKEY and NSEC3PARAM query handling, including

for ANY queries (this fixes some presigned BOGUS validations). Fix TTLs on
NSEC, NSEC3, SOA, RRSIG SOA and inside RRSIG SOA. Add bufsize support to sdig.
Update all relevant testcases.

git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2709 d19b8d6e-7fed-0310-83ef-9ca221ded41b

diff --git a/modules/tinydnsbackend/data b/modules/tinydnsbackend/data
index c6465897fc38b7ae666d575ff27f3d202aad1876..0be23c24d42269c3cae79176016fac2e22ff09dc 100644 (file)
--- a/modules/tinydnsbackend/data
+++ b/modules/tinydnsbackend/data
@@ -1,10 +1,9 @@
 #2000081501 auto axfr-get
-Zexample.com:ns1.example.com.:ahu.example.com.:2000081501:28800:7200:604800:86400:120
+Zexample.com:ns1.example.com.:ahu.example.com.:2000081501:28800:7200:604800:86400:100000
 &example.com::ns1.example.com.:120
 &example.com::ns2.example.com.:120
 @example.com::smtp-servers.example.com.:10:120
 @example.com::smtp-servers.test.com.:15:120
-:example.com:48:\001\000\003\005\003\001\000\001\252\323\210xO\202\360\366\361\140\215\361\100WpG\037\361\377\216\027\347\177lJ\015\3534\356\036\137\350V\266\271\376\247\350\236\026\012\375\030\310\357\204s\035\315\260\226\057S\245s\226\311\304\025\335\204\237\244V\175\317\341\201\375\266\354\274\032\047\325s25\376J\136\343\260E\321\331\134\206a\325\311.\334\007\010\310\332\350\017n\214\076F\305\054v4\373\024H\373\273\273\072\304\072\235\207\017\006\232\203\210\231\301\330\023\041:120
 :escapedtext.example.com:16:\005begin\022the\040\042middle\042\040p\134art\007the\040end:120
 Cexternal.example.com:somewhere.else.net.:120
 @external-mail.example.com::server1.test.com.:25:120
@@ -20130,7 +20129,7 @@ Ztest.com:ns1.test.com.:ahu.example.com.:2005092501:28800:7200:604800:86400:3600
 &test.com::ns2.test.com.:3600
 @test.com::smtp-servers.example.com.:10:3600
 @test.com::smtp-servers.test.com.:15:3600
-+blah.test.com:9.9.9.9:3600
++blah.test.com:192.168.6.1:3600
 &blah.test.com::blah.test.com.:3600
 +counter.test.com:1.1.1.5:3600
 :_double._tcp.dc.test.com:33:\000\000\000d\001\205\007server1\004test\003com\000:3600

diff --git a/modules/tinydnsbackend/data.cdb b/modules/tinydnsbackend/data.cdb
index 9cdfa96c9c4f48aea9bbdec8164e78bba2a604a1..f1a6a1d4a8aeb38d3c3ed93119be84fd028d4aed 100644 (file)
Binary files a/modules/tinydnsbackend/data.cdb and b/modules/tinydnsbackend/data.cdb differ

diff --git a/pdns/dbdnsseckeeper.cc b/pdns/dbdnsseckeeper.cc
index 31dcfb6a75f551acd24661fe5c9ec7cc14971f0c..d774a53eb5a41a8ab651b6a7ac58abe52fbe0942 100644 (file)
--- a/pdns/dbdnsseckeeper.cc
+++ b/pdns/dbdnsseckeeper.cc
@@ -353,18 +353,21 @@ bool DNSSECKeeper::secureZone(const std::string& name, int algorithm)
 
 bool DNSSECKeeper::getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, 
        const std::string& wildcardname, const QType& qtype, 
-       DNSPacketWriter::Place signPlace, vector<DNSResourceRecord>& rrsigs)
+       DNSPacketWriter::Place signPlace, vector<DNSResourceRecord>& rrsigs, uint32_t signTTL)
 {
   // cerr<<"Doing DB lookup for precomputed RRSIGs for '"<<(wildcardname.empty() ? qname : wildcardname)<<"'"<<endl;
        db.lookup(QType(QType::RRSIG), wildcardname.empty() ? qname : wildcardname);
        DNSResourceRecord rr;
        while(db.get(rr)) { 
                // cerr<<"Considering for '"<<qtype.getName()<<"' RRSIG '"<<rr.content<<"'\n";
-               if(boost::starts_with(rr.content, qtype.getName()+" ")) {
+               vector<string> parts;
+               stringtok(parts, rr.content);
+               if(parts[0] == qtype.getName() && pdns_iequals(parts[7], signer+".")) {
                        // cerr<<"Got it"<<endl;
                        if (!wildcardname.empty())
                                rr.qname = qname;
                        rr.d_place = (DNSResourceRecord::Place)signPlace;
+      rr.ttl = signTTL;
                        rrsigs.push_back(rr);
                }
                else ; // cerr<<"Skipping!"<<endl;

diff --git a/pdns/dns.hh b/pdns/dns.hh
index 142c33fb895320ba9e418b9036eaba78afe00c3a..fa926b479ea2801acf3a49f5d871192845f951f0 100644 (file)
--- a/pdns/dns.hh
+++ b/pdns/dns.hh
@@ -68,7 +68,7 @@ public:
 class DNSResourceRecord
 {
 public:
-  DNSResourceRecord() : qclass(1), priority(0), last_modified(0), d_place(ANSWER), auth(1), scopeMask(0) {};
+  DNSResourceRecord() : qclass(1), priority(0), signttl(0), last_modified(0), d_place(ANSWER), auth(1), scopeMask(0) {};
   ~DNSResourceRecord(){};
 
   // data
@@ -80,6 +80,7 @@ public:
   string content; //!< what this record points to. Example: 10.1.2.3
   uint16_t priority; //!< For qtypes that support a priority or preference (MX, SRV)
   uint32_t ttl; //!< Time To Live of this record
+  uint32_t signttl; //!< If non-zero, use this TTL as original TTL in the RRSIG
   int domain_id; //!< If a backend implements this, the domain_id of the zone this record is in
   time_t last_modified; //!< For autocalculating SOA serial numbers - the backend needs to fill this in
   enum Place {QUESTION=0, ANSWER=1, AUTHORITY=2, ADDITIONAL=3}; //!< Type describing the positioning of a DNSResourceRecord within, say, a DNSPacket

diff --git a/pdns/dnssecinfra.hh b/pdns/dnssecinfra.hh
index 0d9042da5760821fb07077c7ad45c6b3a341eaa5..9de60fbbcc16b0f1d1e2240bc18126fc299c8a25 100644 (file)
--- a/pdns/dnssecinfra.hh
+++ b/pdns/dnssecinfra.hh
@@ -119,7 +119,7 @@ struct DNSSECPrivateKey;
 void fillOutRRSIG(DNSSECPrivateKey& dpk, const std::string& signQName, RRSIGRecordContent& rrc, vector<shared_ptr<DNSRecordContent> >& toSign);
 uint32_t getCurrentInception();
 void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string signQName, const std::string& wildcardname, uint16_t signQType, uint32_t signTTL, DNSPacketWriter::Place signPlace, 
-  vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSResourceRecord>& outsigned);
+  vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSResourceRecord>& outsigned, uint32_t origTTL);
 int getRRSIGsForRRSET(DNSSECKeeper& dk, const std::string& signer, const std::string signQName, uint16_t signQType, uint32_t signTTL, 
                     vector<shared_ptr<DNSRecordContent> >& toSign, vector<RRSIGRecordContent> &rrc, bool ksk);
 

diff --git a/pdns/dnsseckeeper.hh b/pdns/dnsseckeeper.hh
index 08b02c3df8c98804d81678e0b171aaf5050197bf..b84fea7df5c8a20ebb4113de03c25acd3cf0f2b5 100644 (file)
--- a/pdns/dnsseckeeper.hh
+++ b/pdns/dnsseckeeper.hh
@@ -82,7 +82,7 @@ public:
   void unsetNSEC3PARAM(const std::string& zname);
   void clearAllCaches();
   void clearCaches(const std::string& name);
-  bool getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const std::string& wildcardname, const QType& qtype, DNSPacketWriter::Place, vector<DNSResourceRecord>& rrsigs);
+  bool getPreRRSIGs(DNSBackend& db, const std::string& signer, const std::string& qname, const std::string& wildcardname, const QType& qtype, DNSPacketWriter::Place, vector<DNSResourceRecord>& rrsigs, uint32_t signTTL);
   bool isPresigned(const std::string& zname);
   void setPresigned(const std::string& zname);
   void unsetPresigned(const std::string& zname);

diff --git a/pdns/dnssecsigner.cc b/pdns/dnssecsigner.cc
index f41bbb7c0628f33de63570b3f1f9075e75487b76..a77693e5fd1d2627364cddf0bd6469a0373c9cb1 100644 (file)
--- a/pdns/dnssecsigner.cc
+++ b/pdns/dnssecsigner.cc
@@ -76,7 +76,7 @@ int getRRSIGsForRRSET(DNSSECKeeper& dk, const std::string& signer, const std::st
 // this is the entrypoint from DNSPacket
 void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, const std::string signQName, const std::string& wildcardname, uint16_t signQType, 
   uint32_t signTTL, DNSPacketWriter::Place signPlace, 
-  vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSResourceRecord>& outsigned)
+  vector<shared_ptr<DNSRecordContent> >& toSign, vector<DNSResourceRecord>& outsigned, uint32_t origTTL)
 {
   //cerr<<"Asked to sign '"<<signQName<<"'|"<<DNSRecordContent::NumberToType(signQType)<<", "<<toSign.size()<<" records\n";
   if(toSign.empty())
@@ -84,7 +84,7 @@ void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, c
   vector<RRSIGRecordContent> rrcs;
   if(dk.isPresigned(signer)) {
     //cerr<<"Doing presignatures"<<endl;
-    dk.getPreRRSIGs(db, signer, signQName, wildcardname, QType(signQType), signPlace, outsigned); // does it all
+    dk.getPreRRSIGs(db, signer, signQName, wildcardname, QType(signQType), signPlace, outsigned, origTTL); // does it all
   }
   else {
     if(getRRSIGsForRRSET(dk, signer, wildcardname.empty() ? signQName : wildcardname, signQType, signTTL, toSign, rrcs, signQType == QType::DNSKEY) < 0)  {
@@ -95,7 +95,10 @@ void addSignature(DNSSECKeeper& dk, DNSBackend& db, const std::string& signer, c
     DNSResourceRecord rr;
     rr.qname=signQName;
     rr.qtype=QType::RRSIG;
-    rr.ttl=signTTL;
+    if(origTTL)
+      rr.ttl=origTTL;
+    else
+      rr.ttl=signTTL;
     rr.auth=false;
     rr.d_place = (DNSResourceRecord::Place) signPlace;
     BOOST_FOREACH(RRSIGRecordContent& rrc, rrcs) {
@@ -171,6 +174,7 @@ void addRRSigs(DNSSECKeeper& dk, DNSBackend& db, const set<string, CIStringCompa
   string signQName, wildcardQName;
   uint16_t signQType=0;
   uint32_t signTTL=0;
+  uint32_t origTTL=0;
   
   DNSPacketWriter::Place signPlace=DNSPacketWriter::ANSWER;
   vector<shared_ptr<DNSRecordContent> > toSign;
@@ -181,13 +185,17 @@ void addRRSigs(DNSSECKeeper& dk, DNSBackend& db, const set<string, CIStringCompa
   for(vector<DNSResourceRecord>::const_iterator pos = rrs.begin(); pos != rrs.end(); ++pos) {
     if(pos != rrs.begin() && (signQType != pos->qtype.getCode()  || signQName != pos->qname)) {
       if(getBestAuthFromSet(authSet, signQName, signer))
-        addSignature(dk, db, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords);
+        addSignature(dk, db, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords, origTTL);
     }
     signedRecords.push_back(*pos);
     signQName= pos->qname;
     wildcardQName = pos->wildcardname;
     signQType = pos ->qtype.getCode();
-    signTTL = pos->ttl;
+    if(pos->signttl)
+      signTTL = pos->signttl;
+    else
+      signTTL = pos->ttl;
+    origTTL = pos->ttl;
     signPlace = (DNSPacketWriter::Place) pos->d_place;
     if(pos->auth || pos->qtype.getCode() == QType::DS) {
       string content = pos->content;
@@ -205,6 +213,6 @@ void addRRSigs(DNSSECKeeper& dk, DNSBackend& db, const set<string, CIStringCompa
     }
   }
   if(getBestAuthFromSet(authSet, signQName, signer))
-    addSignature(dk, db, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords);
+    addSignature(dk, db, signer, signQName, wildcardQName, signQType, signTTL, signPlace, toSign, signedRecords, origTTL);
   rrs.swap(signedRecords);
 }

diff --git a/pdns/packethandler.cc b/pdns/packethandler.cc
index 9b2bd79545daffe3c6cf3041e60c5379eb1f46e5..87434d01e430ed1ef7dfd69f529b282e3ea1e84b 100644 (file)
--- a/pdns/packethandler.cc
+++ b/pdns/packethandler.cc
@@ -204,12 +204,9 @@ int PacketHandler::doFancyRecords(DNSPacket *p, DNSPacket *r, string &target)
   return 0;
 }
 
-/** This catches DNSKEY requests. Returns 1 if it was handled, 0 if it wasn't */
-int PacketHandler::doDNSKEYRequest(DNSPacket *p, DNSPacket *r, const SOAData& sd)
+/** This adds DNSKEY records. Returns true if one was added */
+bool PacketHandler::addDNSKEY(DNSPacket *p, DNSPacket *r, const SOAData& sd)
 {
-  if(p->qtype.getCode()!=QType::DNSKEY) 
-    return false;
-    
   DNSResourceRecord rr;
   bool haveOne=false;
   DNSSECPrivateKey dpk;
@@ -228,12 +225,9 @@ int PacketHandler::doDNSKEYRequest(DNSPacket *p, DNSPacket *r, const SOAData& sd
 }
 
 
-/** This catches DNSKEY requests. Returns 1 if it was handled, 0 if it wasn't */
-int PacketHandler::doNSEC3PARAMRequest(DNSPacket *p, DNSPacket *r, const SOAData& sd)
+/** This adds NSEC3PARAM records. Returns true if one was added */
+bool PacketHandler::addNSEC3PARAM(DNSPacket *p, DNSPacket *r, const SOAData& sd)
 {
-  if(p->qtype.getCode()!=QType::NSEC3PARAM) 
-    return false;
-
   DNSResourceRecord rr;
 
   NSEC3PARAMRecordContent ns3prc;
@@ -331,7 +325,7 @@ bool PacketHandler::getBestWildcard(DNSPacket *p, SOAData& sd, const string &tar
   while ( chopOff( subdomain ) && !haveSomething ) {
     B.lookup(QType(QType::ANY), "*."+subdomain, p, sd.domain_id);
     while(B.get(rr)) {
-      if(rr.qtype == p->qtype ||rr.qtype.getCode() == QType::CNAME || p->qtype.getCode() == QType::ANY)
+      if(rr.qtype == p->qtype ||rr.qtype.getCode() == QType::CNAME || (p->qtype.getCode() == QType::ANY && rr.qtype.getCode() != QType::RRSIG))
         ret->push_back(rr);
       wildcard="*."+subdomain;
       haveSomething=true;
@@ -382,12 +376,14 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
         //     i->d_place=DNSResourceRecord::AUTHORITY; // XXX FIXME
       }
 
+      string content = stripDot(i->content);
+
       QType qtypes[2];
       qtypes[0]="A"; qtypes[1]="AAAA";
       for(int n=0 ; n < d_doIPv6AdditionalProcessing + 1; ++n) {
         if (i->qtype.getCode()==QType::SRV) {
           vector<string>parts;
-          stringtok(parts,i->content);
+          stringtok(parts, content);
           if (parts.size() >= 3) {
             B.lookup(qtypes[n],parts[2],p);
           }
@@ -395,7 +391,7 @@ int PacketHandler::doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, c
             continue;
         }
         else {
-          B.lookup(qtypes[n],i->content,p);
+          B.lookup(qtypes[n], content, p);
         }
         bool foundOne=false;
         while(B.get(rr)) {
@@ -426,15 +422,16 @@ void PacketHandler::emitNSEC(const std::string& begin, const std::string& end, c
     nrc.d_set.insert(QType::DNSKEY);
 
   DNSResourceRecord rr;
-  rr.ttl = sd.default_ttl;
   B.lookup(QType(QType::ANY), begin);
   while(B.get(rr)) {
-    if(rr.domain_id == sd.domain_id) 
+    if(rr.domain_id == sd.domain_id && (rr.qtype.getCode() == QType::NS || rr.auth)) 
       nrc.d_set.insert(rr.qtype.getCode());    
   }
   
   nrc.d_next=end;
 
+  rr.ttl = sd.default_ttl;
+
   rr.qname=begin;
   // we can leave ttl untouched, either it is the default, or it is what we retrieved above
   rr.qtype=QType::NSEC;
@@ -455,8 +452,7 @@ void emitNSEC3(DNSBackend& B, const NSEC3PARAMRecordContent& ns3prc, const SOADa
   n3rc.d_iterations = ns3prc.d_iterations;
   n3rc.d_algorithm = 1; // SHA1, fixed in PowerDNS for now
 
-  DNSResourceRecord rr;
-  rr.ttl = sd.default_ttl;
+  DNSResourceRecord nsec3rr, rr;
   B.lookup(QType(QType::ANY), unhashed);
   while(B.get(rr)) {
     n3rc.d_set.insert(rr.qtype.getCode());    
@@ -469,6 +465,7 @@ void emitNSEC3(DNSBackend& B, const NSEC3PARAMRecordContent& ns3prc, const SOADa
   
   n3rc.d_nexthash=end;
 
+  rr.ttl = sd.default_ttl;
   rr.qname=dotConcat(toLower(toBase32Hex(begin)), sd.qname);
   
   rr.qtype=QType::NSEC3;
@@ -686,42 +683,6 @@ void PacketHandler::addNSEC(DNSPacket *p, DNSPacket *r, const string& target, co
   return;
 }
 
-bool PacketHandler::doDNSSECProcessing(DNSPacket *p, DNSPacket *r)
-{
-  if(!p->d_dnssecOk)
-    return false;
-
-  vector<DNSResourceRecord *> arrs=r->getAnswerRecords();
-  if(arrs.empty()) 
-    return false;
-  
-  DLOG(L<<"Have arrs "<<arrs.size()<<" records to sign"<<endl);
-  vector<DNSResourceRecord> crrs;
-  
-  for(vector<DNSResourceRecord *>::const_iterator i=arrs.begin();
-      i!=arrs.end();   ++i) 
-    crrs.push_back(**i);
-  
-  // we now have a copy, push_back on packet might reallocate!
-  
-  for(vector<DNSResourceRecord>::const_iterator i=crrs.begin();
-      i!=crrs.end();
-      ++i) {
-    if(i->d_place!=DNSResourceRecord::ANSWER) 
-      continue;
-    
-    B.lookup(QType(QType::RRSIG),i->qname,p);  
-    DNSResourceRecord rr;
-    while(B.get(rr)) {
-      rr.d_place=DNSResourceRecord::ANSWER;
-      if(splitField(rr.content, ' ').first==i->qtype.getName())
-        r->addRecord(rr);
-    }
-  }
-  
-  return false;
-}
-
 /* Semantics:
    
 - only one backend owns the SOA of a zone
@@ -951,7 +912,8 @@ void PacketHandler::makeNXDomain(DNSPacket* p, DNSPacket* r, const std::string&
   rr.qname=sd.qname;
   rr.qtype=QType::SOA;
   rr.content=serializeSOAData(sd);
-  rr.ttl=sd.ttl;
+  rr.ttl=min(sd.ttl, sd.default_ttl);
+  rr.signttl=sd.ttl;
   rr.domain_id=sd.domain_id;
   rr.d_place=DNSResourceRecord::AUTHORITY;
   rr.auth = 1;
@@ -972,6 +934,8 @@ void PacketHandler::makeNOError(DNSPacket* p, DNSPacket* r, const std::string& t
   rr.qtype=QType::SOA;
   rr.content=serializeSOAData(sd);
   rr.ttl=sd.ttl;
+  rr.ttl=min(sd.ttl, sd.default_ttl);
+  rr.signttl=sd.ttl;
   rr.domain_id=sd.domain_id;
   rr.d_place=DNSResourceRecord::AUTHORITY;
   rr.auth = 1;
@@ -1030,16 +994,8 @@ void PacketHandler::completeANYRecords(DNSPacket *p, DNSPacket*r, SOAData& sd, c
     
   addNSECX(p, r, target, target, sd.qname, 5); 
   if(pdns_iequals(sd.qname, p->qdomain)) {
-    DNSSECKeeper::keyset_t zskset = d_dk.getKeys(p->qdomain);
-    DNSResourceRecord rr;
-    BOOST_FOREACH(DNSSECKeeper::keyset_t::value_type value, zskset) {
-      rr.qtype=QType::DNSKEY;
-      rr.ttl=sd.default_ttl;
-      rr.qname=p->qdomain;
-      rr.content=value.first.getDNSKEY().getZoneRepresentation();
-      rr.auth = true;
-      r->addRecord(rr);
-    }
+    addDNSKEY(p, r, sd);
+    addNSEC3PARAM(p, r, sd);
   }
 }
 
@@ -1208,11 +1164,16 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     authSet.insert(sd.qname); 
 
     if(pdns_iequals(sd.qname, p->qdomain)) {
-      if(doDNSKEYRequest(p,r, sd))  
-        goto sendit;
-  
-      if(doNSEC3PARAMRequest(p,r, sd)) 
-        goto sendit;
+      if(p->qtype.getCode() == QType::DNSKEY)
+      {
+        if(addDNSKEY(p, r, sd))
+          goto sendit;
+      }
+      else if(p->qtype.getCode() == QType::NSEC3PARAM)
+      {
+        if(addNSEC3PARAM(p,r, sd))
+          goto sendit;
+      }
     }
 
     if(p->qtype.getCode() == QType::SOA && pdns_iequals(sd.qname, p->qdomain)) {
@@ -1251,6 +1212,9 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
     weDone = weRedirected = weHaveUnauth = 0;
     
     while(B.get(rr)) {
+      if (p->qtype.getCode() == QType::ANY && rr.qtype.getCode() == QType::RRSIG) // RRSIGS are added later any way.
+        continue; //TODO: this actually means addRRSig should check if the RRSig is already there.
+
       if(rr.qtype.getCode() == QType::DS)
         rr.auth = 1;
       // cerr<<"Auth: "<<rr.auth<<", "<<(rr.qtype == p->qtype)<<", "<<rr.qtype.getName()<<endl;
@@ -1353,7 +1317,6 @@ DNSPacket *PacketHandler::questionOrRecurse(DNSPacket *p, bool *shouldRecurse)
       return 0;
     }
 
-    //    doDNSSECProcessing(p, r);
     editSOA(d_dk, sd.qname, r);
     
     if(p->d_dnssecOk)

diff --git a/pdns/packethandler.hh b/pdns/packethandler.hh
index c9d5f2b0e614fc5e8041e8b773505d2232b67924..51b2c0966e3483df1fcf303374ec2af44eef7ce1 100644 (file)
--- a/pdns/packethandler.hh
+++ b/pdns/packethandler.hh
@@ -92,8 +92,8 @@ private:
   int findUrl(DNSPacket *p, DNSPacket *r, string &target);
   int doFancyRecords(DNSPacket *p, DNSPacket *r, string &target);
   int doVersionRequest(DNSPacket *p, DNSPacket *r, string &target);
-  int doDNSKEYRequest(DNSPacket *p, DNSPacket *r, const SOAData& sd);
-  int doNSEC3PARAMRequest(DNSPacket *p, DNSPacket *r, const SOAData& sd);
+  bool addDNSKEY(DNSPacket *p, DNSPacket *r, const SOAData& sd);
+  bool addNSEC3PARAM(DNSPacket *p, DNSPacket *r, const SOAData& sd);
   bool getAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId);
   bool getTLDAuth(DNSPacket *p, SOAData *sd, const string &target, int *zoneId);
   int doAdditionalProcessingAndDropAA(DNSPacket *p, DNSPacket *r, const SOAData& sd);

diff --git a/pdns/sdig.cc b/pdns/sdig.cc
index f758656f68a2b4320fa7cdcfd3bb404ea8095050..34a7c1f246cbda02771b38386b8eeba76a50a500 100644 (file)
--- a/pdns/sdig.cc
+++ b/pdns/sdig.cc
@@ -34,9 +34,16 @@ try
   
   DNSPacketWriter pw(packet, argv[3], DNSRecordContent::TypeToNumber(argv[4]));
 
-  if(dnssec)
+  if(dnssec || getenv("SDIGBUFSIZE"))
   {
-    pw.addOpt(2800, 0, EDNSOpts::DNSSECOK);
+    char *sbuf=getenv("SDIGBUFSIZE");
+    int bufsize;
+    if(sbuf)
+      bufsize=atoi(sbuf);
+    else
+      bufsize=2800;
+
+    pw.addOpt(2800, 0, dnssec ? EDNSOpts::DNSSECOK : 0);
     pw.commit();
   }
 
@@ -79,7 +86,25 @@ try
 
   for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {          
     cout<<i->first.d_place-1<<"\t"<<i->first.d_label<<"\tIN\t"<<DNSRecordContent::NumberToType(i->first.d_type);
-    cout<<"\t"<<i->first.d_ttl<<"\t"<< i->first.d_content->getZoneRepresentation()<<"\n";
+    if(i->first.d_type == QType::RRSIG) 
+    {
+      string zoneRep = i->first.d_content->getZoneRepresentation();
+      vector<string> parts;
+      stringtok(parts, zoneRep);
+      cout<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" "<<parts[1]<<" "<<parts[2]<<" "<<parts[3]<<" [expiry] [inception] [keytag] "<<parts[7]<<" ...\n";
+    }
+    else if(i->first.d_type == QType::DNSKEY)
+    {
+      string zoneRep = i->first.d_content->getZoneRepresentation();
+      vector<string> parts;
+      stringtok(parts, zoneRep);
+      cout<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" "<<parts[1]<<" "<<parts[2]<<" ...\n";
+    }
+    else
+    {
+      cout<<"\t"<<i->first.d_ttl<<"\t"<< i->first.d_content->getZoneRepresentation()<<"\n";
+    }
+
   }
 
   EDNSOpts edo;

diff --git a/pdns/tcpreceiver.cc b/pdns/tcpreceiver.cc
index 140e4b2430fb2010ddac90d31c9be5d907df9bde..b3d20723fad9e236efc7a5e6d93d3cdfe5ddcde4 100644 (file)
--- a/pdns/tcpreceiver.cc
+++ b/pdns/tcpreceiver.cc
@@ -593,17 +593,18 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
   
   DNSResourceRecord rr;
   
+  rr.qname = target;
+  rr.ttl = sd.default_ttl;
+  rr.auth = 1; // please sign!
+
   BOOST_FOREACH(const DNSSECKeeper::keyset_t::value_type& value, keys) {
-    rr.qname = target;
     rr.qtype = QType(QType::DNSKEY);
-    rr.ttl = sd.default_ttl;
-    rr.auth = 1; // please sign! 
     rr.content = value.first.getDNSKEY().getZoneRepresentation();
     string keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname);
     NSECXEntry& ne = nsecxrepo[keyname];
     
     ne.d_set.insert(rr.qtype.getCode());
-    ne.d_ttl = rr.ttl;
+    ne.d_ttl = sd.default_ttl;
     csp.submit(rr);
   }
   
@@ -634,12 +635,14 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
   dt.set();
   int records=0;
   while(sd.db->get(rr)) {
+    if (rr.qtype.getCode() == QType::RRSIG)
+      continue;
     records++;
     if(securedZone && (rr.auth || (!NSEC3Zone && rr.qtype.getCode() == QType::NS) || rr.qtype.getCode() == QType::DS)) { // this is probably NSEC specific, NSEC3 is different
       keyname = NSEC3Zone ? hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, rr.qname) : labelReverse(rr.qname);
       NSECXEntry& ne = nsecxrepo[keyname];
       ne.d_set.insert(rr.qtype.getCode());
-      ne.d_ttl = rr.ttl;
+      ne.d_ttl = sd.default_ttl;
     }
     if(rr.qtype.getCode() == QType::SOA)
       continue; // skip SOA - would indicate end of AXFR
@@ -722,7 +725,6 @@ int TCPNameserver::doAXFR(const string &target, shared_ptr<DNSPacket> q, int out
       rr.qtype = QType::NSEC;
       rr.d_place = DNSResourceRecord::ANSWER;
       rr.auth=true;
-      
       if(csp.submit(rr)) {
         for(;;) {
           outpacket->getRRS() = csp.getChunk();

diff --git a/regression-tests.nobackend/tinydns-data-check/expected_result b/regression-tests.nobackend/tinydns-data-check/expected_result
index 3dcd7874e59ecb38d9ecb570a8b4ee9e77f07678..84ca360b5f8c7a29b5b204daa35aae175f698c45 100644 (file)
--- a/regression-tests.nobackend/tinydns-data-check/expected_result
+++ b/regression-tests.nobackend/tinydns-data-check/expected_result
@@ -1,7 +1,7 @@
-9235756d96b6ad0af7936419248c3ed5  ../regression-tests/example.com
-33e43585aeed4eb9af10a83c72a04d14  ../regression-tests/test.com
+b6d1c64a890e3f3ce40970724a12eb0b  ../regression-tests/example.com
+6bddbc2cb32ff88988a75f0eba563e7c  ../regression-tests/test.com
 7d726bc367bf5e6ee5f1689994c6b6d4  ../regression-tests/wtest.com
 a0670eef8fba3e16908057af8de2c2f2  ../regression-tests/dnssec-parent.com
 42dd3a56c7d268e75836371878819ec4  ../regression-tests/delegated.dnssec-parent.com
 24514dc104b22206daeb973ff9303545  ../regression-tests/minimal.com
-c37c1e26294ecf705295aa0f0d866fd6  ../modules/tinydnsbackend/data.cdb
+a27444846fa36a04bf0da82303b80cb4  ../modules/tinydnsbackend/data.cdb

diff --git a/regression-tests/any-query/command b/regression-tests/any-query/command
index b251ef128501095f48174f5274503470a46d1c0e..8422193a86bf1679af0745e693754a024d1688cc 100755 (executable)
--- a/regression-tests/any-query/command
+++ b/regression-tests/any-query/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig example.com ANY
+SDIGBUFSIZE=32768 cleandig example.com ANY
 

diff --git a/regression-tests/any-query/expected_result b/regression-tests/any-query/expected_result
index 35494019fcb27bb24c87885ac2a58347ec0efec4..b7c8acd4cf41373107468069ce77871814cb36e6 100644 (file)
--- a/regression-tests/any-query/expected_result
+++ b/regression-tests/any-query/expected_result
@@ -1,9 +1,9 @@
-0      example.com.    IN      DNSKEY  120     256 3 5 AwEAAarTiHhPgvD28WCN8UBXcEcf8f+OF+d/bEoN6zTuHl/oVra5/qfonhYK/RjI74RzHc2wli9TpXOWycQV3YSfpFZ9z+GB/bbsvBon1XMyNf5KXuOwRdHZXIZh1cku3AcIyNroD26MPkbFLHY0+xRI+7u7OsQ6nYcPBpqDiJnB2BMh
 0      example.com.    IN      MX      120     10 smtp-servers.example.com.
 0      example.com.    IN      MX      120     15 smtp-servers.test.com.
 0      example.com.    IN      NS      120     ns1.example.com.
 0      example.com.    IN      NS      120     ns2.example.com.
-0      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+0      example.com.    IN      SOA     100000  ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     0       
 2      ns1.example.com.        IN      A       120     192.168.1.1
 2      ns2.example.com.        IN      A       120     192.168.1.2
 2      smtp-servers.example.com.       IN      A       120     192.168.0.2

diff --git a/regression-tests/any-query/expected_result.dnssec b/regression-tests/any-query/expected_result.dnssec
index a5088133f79668f79554229111a4d855692705c3..0294db1935ddda66f6d194e7eefb2f15e321142d 100644 (file)
--- a/regression-tests/any-query/expected_result.dnssec
+++ b/regression-tests/any-query/expected_result.dnssec
@@ -1,8 +1,16 @@
-0      example.com.    IN      DNSKEY  120     256 3 5 AwEAAarTiHhPgvD28WCN8UBXcEcf8f+OF+d/bEoN6zTuHl/oVra5/qfonhYK/RjI74RzHc2wli9TpXOWycQV3YSfpFZ9z+GB/bbsvBon1XMyNf5KXuOwRdHZXIZh1cku3AcIyNroD26MPkbFLHY0+xRI+7u7OsQ6nYcPBpqDiJnB2BMh
+0      example.com.    IN      DNSKEY  86400   256 3 8 ...
+0      example.com.    IN      DNSKEY  86400   256 3 8 ...
+0      example.com.    IN      DNSKEY  86400   257 3 8 ...
 0      example.com.    IN      MX      120     10 smtp-servers.example.com.
 0      example.com.    IN      MX      120     15 smtp-servers.test.com.
 0      example.com.    IN      NS      120     ns1.example.com.
 0      example.com.    IN      NS      120     ns2.example.com.
-0      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-Rcode: 0, RD: 0, QR: 1, TC: 1, AA: 1, opcode: 0
+0      example.com.    IN      SOA     100000  ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     0       
+2      ns1.example.com.        IN      A       120     192.168.1.1
+2      ns2.example.com.        IN      A       120     192.168.1.2
+2      smtp-servers.example.com.       IN      A       120     192.168.0.2
+2      smtp-servers.example.com.       IN      A       120     192.168.0.3
+2      smtp-servers.example.com.       IN      A       120     192.168.0.4
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='example.com.', qtype=ANY

diff --git a/regression-tests/any-query/expected_result.narrow b/regression-tests/any-query/expected_result.narrow
index 49e3c0d754f603c05c1f9e1938c6b0da9386d633..09d8a60b08787dbd2402cd7c43d8f4d0a6385f85 100644 (file)
--- a/regression-tests/any-query/expected_result.narrow
+++ b/regression-tests/any-query/expected_result.narrow
@@ -1,9 +1,18 @@
-0      example.com.    IN      DNSKEY  120     256 3 5 AwEAAarTiHhPgvD28WCN8UBXcEcf8f+OF+d/bEoN6zTuHl/oVra5/qfonhYK/RjI74RzHc2wli9TpXOWycQV3YSfpFZ9z+GB/bbsvBon1XMyNf5KXuOwRdHZXIZh1cku3AcIyNroD26MPkbFLHY0+xRI+7u7OsQ6nYcPBpqDiJnB2BMh
+0      example.com.    IN      DNSKEY  86400   256 3 8 ...
+0      example.com.    IN      DNSKEY  86400   256 3 8 ...
+0      example.com.    IN      DNSKEY  86400   257 3 8 ...
 0      example.com.    IN      MX      120     10 smtp-servers.example.com.
 0      example.com.    IN      MX      120     15 smtp-servers.test.com.
 0      example.com.    IN      NS      120     ns1.example.com.
 0      example.com.    IN      NS      120     ns2.example.com.
-0      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-0      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
-Rcode: 0, RD: 0, QR: 1, TC: 1, AA: 1, opcode: 0
+0      example.com.    IN      NSEC3PARAM      86400   1 0 1 abcd
+0      example.com.    IN      SOA     100000  ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+0      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+2      .       IN      OPT     0       
+2      ns1.example.com.        IN      A       120     192.168.1.1
+2      ns2.example.com.        IN      A       120     192.168.1.2
+2      smtp-servers.example.com.       IN      A       120     192.168.0.2
+2      smtp-servers.example.com.       IN      A       120     192.168.0.3
+2      smtp-servers.example.com.       IN      A       120     192.168.0.4
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='example.com.', qtype=ANY

diff --git a/regression-tests/any-query/expected_result.nsec3 b/regression-tests/any-query/expected_result.nsec3
index 300c3aaba2d476531009681b0f0f3387ecc63676..b75a964149da50ceeb8711a17ada9b2284fa1584 100644 (file)
--- a/regression-tests/any-query/expected_result.nsec3
+++ b/regression-tests/any-query/expected_result.nsec3
@@ -1,9 +1,18 @@
-0      example.com.    IN      DNSKEY  120     256 3 5 AwEAAarTiHhPgvD28WCN8UBXcEcf8f+OF+d/bEoN6zTuHl/oVra5/qfonhYK/RjI74RzHc2wli9TpXOWycQV3YSfpFZ9z+GB/bbsvBon1XMyNf5KXuOwRdHZXIZh1cku3AcIyNroD26MPkbFLHY0+xRI+7u7OsQ6nYcPBpqDiJnB2BMh
+0      example.com.    IN      DNSKEY  86400   256 3 8 ...
+0      example.com.    IN      DNSKEY  86400   256 3 8 ...
+0      example.com.    IN      DNSKEY  86400   257 3 8 ...
 0      example.com.    IN      MX      120     10 smtp-servers.example.com.
 0      example.com.    IN      MX      120     15 smtp-servers.test.com.
 0      example.com.    IN      NS      120     ns1.example.com.
 0      example.com.    IN      NS      120     ns2.example.com.
-0      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-0      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
-Rcode: 0, RD: 0, QR: 1, TC: 1, AA: 1, opcode: 0
+0      example.com.    IN      NSEC3PARAM      86400   1 0 1 abcd
+0      example.com.    IN      SOA     100000  ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+0      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+2      .       IN      OPT     0       
+2      ns1.example.com.        IN      A       120     192.168.1.1
+2      ns2.example.com.        IN      A       120     192.168.1.2
+2      smtp-servers.example.com.       IN      A       120     192.168.0.2
+2      smtp-servers.example.com.       IN      A       120     192.168.0.3
+2      smtp-servers.example.com.       IN      A       120     192.168.0.4
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='example.com.', qtype=ANY

diff --git a/regression-tests/any-wildcard-dnssec/command b/regression-tests/any-wildcard-dnssec/command
new file mode 100644 (file)
index 0000000..3106093
--- /dev/null
+++ b/regression-tests/any-wildcard-dnssec/command
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+cleandig www.something.wtest.com ANY dnssec
+

diff --git a/regression-tests/any-wildcard-dnssec/expected_result b/regression-tests/any-wildcard-dnssec/expected_result
new file mode 100644 (file)
index 0000000..3b01499
--- /dev/null
+++ b/regression-tests/any-wildcard-dnssec/expected_result
@@ -0,0 +1,7 @@
+0      www.something.wtest.com.        IN      A       3600    4.3.2.1
+0      www.something.wtest.com.        IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      a.something.wtest.com.  IN      NSEC    86400   wtest.com. A RRSIG NSEC
+1      a.something.wtest.com.  IN      RRSIG   86400   NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.something.wtest.com.', qtype=ANY

diff --git a/regression-tests/any-wildcard-dnssec/expected_result.narrow b/regression-tests/any-wildcard-dnssec/expected_result.narrow
new file mode 100644 (file)
index 0000000..ac42409
--- /dev/null
+++ b/regression-tests/any-wildcard-dnssec/expected_result.narrow
@@ -0,0 +1,7 @@
+0      www.something.wtest.com.        IN      A       3600    4.3.2.1
+0      www.something.wtest.com.        IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      7q60llva2bt9ucubvn553q9s2pf8ho38.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 7Q60LLVA2BT9UCUBVN553Q9S2PF8HO3A RRSIG
+1      7q60llva2bt9ucubvn553q9s2pf8ho38.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.something.wtest.com.', qtype=ANY

diff --git a/regression-tests/any-wildcard-dnssec/expected_result.nsec3 b/regression-tests/any-wildcard-dnssec/expected_result.nsec3
new file mode 100644 (file)
index 0000000..779c6ab
--- /dev/null
+++ b/regression-tests/any-wildcard-dnssec/expected_result.nsec3
@@ -0,0 +1,7 @@
+0      www.something.wtest.com.        IN      A       3600    4.3.2.1
+0      www.something.wtest.com.        IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      7k2dfhl64f0ndftst8u5rr5euminddvb.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 95QOQ246KN3VM7HL8KVG8O45JIHMNLNG A RRSIG
+1      7k2dfhl64f0ndftst8u5rr5euminddvb.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.something.wtest.com.', qtype=ANY

diff --git a/regression-tests/basic-soa-resolution/expected_result b/regression-tests/basic-soa-resolution/expected_result
index 54a0b23b89a8ec371515af2abf4031294a3ce62b..1c424403fe4a8a7bd200bf36aa42dd7f668a850e 100644 (file)
--- a/regression-tests/basic-soa-resolution/expected_result
+++ b/regression-tests/basic-soa-resolution/expected_result
@@ -1,3 +1,3 @@
-0      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+0      example.com.    IN      SOA     100000  ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='example.com.', qtype=SOA

diff --git a/regression-tests/cleandig b/regression-tests/cleandig
index bd6916631dc1253142d3c6c068d8de5de9c18d82..0789f1dd3bca5f641231959e556d9b77e56bb393 100755 (executable)
--- a/regression-tests/cleandig
+++ b/regression-tests/cleandig
@@ -12,3 +12,4 @@ then
        unbound-host -v -C unbound-host.conf -t $2 $1 > $testname/unbound-host.out 2>&1
        echo RETVAL: $? >> $testname/unbound-host.out
 fi
+grep -i bogus $testname/*.out

diff --git a/regression-tests/cname-but-no-correct-type/expected_result b/regression-tests/cname-but-no-correct-type/expected_result
index 85596ccece2c1bbc21daabe54dc549731d221bc9..39b513b8529d2f9c4f2c4f77385f66e5778c3977 100644 (file)
--- a/regression-tests/cname-but-no-correct-type/expected_result
+++ b/regression-tests/cname-but-no-correct-type/expected_result
@@ -1,4 +1,4 @@
 0      www.example.com.        IN      CNAME   120     outpost.example.com.
-1      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='www.example.com.', qtype=AAAA

diff --git a/regression-tests/ds-at-unsecure-delegation/command b/regression-tests/ds-at-unsecure-delegation/command
index cf92f42387b12ac97acfb3f01a5dcf2af215d137..8eee2898cbebab1faea458ae525c6024ae104c04 100755 (executable)
--- a/regression-tests/ds-at-unsecure-delegation/command
+++ b/regression-tests/ds-at-unsecure-delegation/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig usa.example.com DS dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig usa.example.com DS dnssec

diff --git a/regression-tests/ds-at-unsecure-delegation/expected_result b/regression-tests/ds-at-unsecure-delegation/expected_result
index 4efa69a4fce703998e7c0718cf471a2f442b93fa..13ff285d63531c6871094d85df0a64d4a44c9cbb 100644 (file)
--- a/regression-tests/ds-at-unsecure-delegation/expected_result
+++ b/regression-tests/ds-at-unsecure-delegation/expected_result
@@ -1 +1,7 @@
-1      usa.example.com.        IN      NSEC    120     www.example.com. NS RRSIG NSEC
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      usa.example.com.        IN      NSEC    86400   www.example.com. NS RRSIG NSEC
+1      usa.example.com.        IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usa.example.com.', qtype=DS

diff --git a/regression-tests/ds-at-unsecure-delegation/expected_result.narrow b/regression-tests/ds-at-unsecure-delegation/expected_result.narrow
index b298af0c502fa9e2963a61c5ec3f813dc8d7278e..addd099613ef305e8432df449293c50dd21312e2 100644 (file)
--- a/regression-tests/ds-at-unsecure-delegation/expected_result.narrow
+++ b/regression-tests/ds-at-unsecure-delegation/expected_result.narrow
@@ -1,2 +1,9 @@
-1      t67rqvqprigd7rtb5fah6c3o7g9th3iv.example.com.   IN      NSEC3   120     1 1 1 abcd T67RQVQPRIGD7RTB5FAH6C3O7G9TH3J1 NS RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      t67rqvqprigd7rtb5fah6c3o7g9th3iv.example.com.   IN      NSEC3   86400   1 1 1 abcd T67RQVQPRIGD7RTB5FAH6C3O7G9TH3J1 NS RRSIG
+1      t67rqvqprigd7rtb5fah6c3o7g9th3iv.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usa.example.com.', qtype=DS

diff --git a/regression-tests/ds-at-unsecure-delegation/expected_result.nsec3 b/regression-tests/ds-at-unsecure-delegation/expected_result.nsec3
index 9b0397ac9db81b4ecce1a7276d8cefd268c4d2cb..6805539d8d24a8a583810f61e78f23cc278714ca 100644 (file)
--- a/regression-tests/ds-at-unsecure-delegation/expected_result.nsec3
+++ b/regression-tests/ds-at-unsecure-delegation/expected_result.nsec3
@@ -1,2 +1,9 @@
-1      t66sektb7egvs7s57m1qged4h6809g8s.example.com.   IN      NSEC3   120     1 1 1 abcd T6A44A7N1B90T5RIS4IBQKT51MMDL0LO A RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      t66sektb7egvs7s57m1qged4h6809g8s.example.com.   IN      NSEC3   86400   1 1 1 abcd T6A44A7N1B90T5RIS4IBQKT51MMDL0LO A RRSIG
+1      t66sektb7egvs7s57m1qged4h6809g8s.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usa.example.com.', qtype=DS

diff --git a/regression-tests/ds-at-unsecure-zone-cut/command b/regression-tests/ds-at-unsecure-zone-cut/command
index 2523f9b50cf4be78735919634bc6815527d51094..41c2cbd44bd40b9e7d1a39ccc3bdeefb4b07b1e8 100755 (executable)
--- a/regression-tests/ds-at-unsecure-zone-cut/command
+++ b/regression-tests/ds-at-unsecure-zone-cut/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig delegated.dnssec-parent.com DS dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig delegated.dnssec-parent.com DS dnssec
 

diff --git a/regression-tests/ds-at-unsecure-zone-cut/expected_result b/regression-tests/ds-at-unsecure-zone-cut/expected_result
index c95077d876682d6fe58e474ca50159a56b8da709..42a8352647013a889158934d9cd186a306c089a8 100644 (file)
--- a/regression-tests/ds-at-unsecure-zone-cut/expected_result
+++ b/regression-tests/ds-at-unsecure-zone-cut/expected_result
@@ -1 +1,7 @@
-1      delegated.dnssec-parent.com.    IN      NSEC    3600    ns1.dnssec-parent.com. NS RRSIG NSEC
+1      delegated.dnssec-parent.com.    IN      NSEC    86400   ns1.dnssec-parent.com. NS RRSIG NSEC
+1      delegated.dnssec-parent.com.    IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1      dnssec-parent.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1      dnssec-parent.com.      IN      SOA     3600    ns1.dnssec-parent.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='delegated.dnssec-parent.com.', qtype=DS

diff --git a/regression-tests/ds-at-unsecure-zone-cut/expected_result.narrow b/regression-tests/ds-at-unsecure-zone-cut/expected_result.narrow
index ebef2be51c3310a0328f178e42cb281103e581df..f1f8edd9b6a294fd7e1f74f35a8600e4c2833230 100644 (file)
--- a/regression-tests/ds-at-unsecure-zone-cut/expected_result.narrow
+++ b/regression-tests/ds-at-unsecure-zone-cut/expected_result.narrow
@@ -1,2 +1,9 @@
-1      be6iqh4fjrtdhacqk7g3iq96qcvf2qoi.dnssec-parent.com.     IN      NSEC3   3600    1 1 1 abcd BE6IQH4FJRTDHACQK7G3IQ96QCVF2QOK A NS SOA RRSIG
-1      dvkuo8kja65gcsq600e6di9u719lsj8u.dnssec-parent.com.     IN      NSEC3   3600    1 1 1 abcd DVKUO8KJA65GCSQ600E6DI9U719LSJ8V A NS SOA RRSIG DNSKEY NSEC3PARAM
+1      be6iqh4fjrtdhacqk7g3iq96qcvf2qoi.dnssec-parent.com.     IN      NSEC3   86400   1 1 1 abcd BE6IQH4FJRTDHACQK7G3IQ96QCVF2QOK A NS SOA RRSIG
+1      be6iqh4fjrtdhacqk7g3iq96qcvf2qoi.dnssec-parent.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1      dnssec-parent.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1      dnssec-parent.com.      IN      SOA     3600    ns1.dnssec-parent.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+1      dvkuo8kja65gcsq600e6di9u719lsj8u.dnssec-parent.com.     IN      NSEC3   86400   1 1 1 abcd DVKUO8KJA65GCSQ600E6DI9U719LSJ8V A NS SOA RRSIG DNSKEY NSEC3PARAM
+1      dvkuo8kja65gcsq600e6di9u719lsj8u.dnssec-parent.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='delegated.dnssec-parent.com.', qtype=DS

diff --git a/regression-tests/ds-at-unsecure-zone-cut/expected_result.nsec3 b/regression-tests/ds-at-unsecure-zone-cut/expected_result.nsec3
index 1fe1947b9247463845268e176f32b4c5c6bbc922..78bf3123297fed52a5e8c5643d5451a83dd200e9 100644 (file)
--- a/regression-tests/ds-at-unsecure-zone-cut/expected_result.nsec3
+++ b/regression-tests/ds-at-unsecure-zone-cut/expected_result.nsec3
@@ -1,2 +1,9 @@
-1      29ceqcf4ekgl2gr9i0vjjtk62h5lqs40.dnssec-parent.com.     IN      NSEC3   3600    1 1 1 abcd DVKUO8KJA65GCSQ600E6DI9U719LSJ8U A RRSIG
-1      dvkuo8kja65gcsq600e6di9u719lsj8u.dnssec-parent.com.     IN      NSEC3   3600    1 1 1 abcd 1SCAQA30LQ0DO5EIRNE4KPJFBEBFGR54 A NS SOA RRSIG DNSKEY NSEC3PARAM
+1      29ceqcf4ekgl2gr9i0vjjtk62h5lqs40.dnssec-parent.com.     IN      NSEC3   86400   1 1 1 abcd DVKUO8KJA65GCSQ600E6DI9U719LSJ8U A RRSIG
+1      29ceqcf4ekgl2gr9i0vjjtk62h5lqs40.dnssec-parent.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1      dnssec-parent.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] dnssec-parent.com. ...
+1      dnssec-parent.com.      IN      SOA     3600    ns1.dnssec-parent.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+1      dvkuo8kja65gcsq600e6di9u719lsj8u.dnssec-parent.com.     IN      NSEC3   86400   1 1 1 abcd 1SCAQA30LQ0DO5EIRNE4KPJFBEBFGR54 A NS SOA RRSIG DNSKEY NSEC3PARAM
+1      dvkuo8kja65gcsq600e6di9u719lsj8u.dnssec-parent.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] dnssec-parent.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='delegated.dnssec-parent.com.', qtype=DS

diff --git a/regression-tests/ds-inside-delegation/expected_result.dnssec b/regression-tests/ds-inside-delegation/expected_result.dnssec
index ffe373a206f772314d20a0db109d30d8b95acd3d..5e39b33a1e6eaf5bac669341c8ac954342fb5c07 100644 (file)
--- a/regression-tests/ds-inside-delegation/expected_result.dnssec
+++ b/regression-tests/ds-inside-delegation/expected_result.dnssec
@@ -1,6 +1,6 @@
 1      usa.example.com.        IN      NS      120     usa-ns1.usa.example.com.
 1      usa.example.com.        IN      NS      120     usa-ns2.usa.example.com.
-1      usa.example.com.        IN      NSEC    120     www.example.com. NS RRSIG NSEC
+1      usa.example.com.        IN      NSEC    86400   www.example.com. NS RRSIG NSEC
 2      .       IN      OPT     32768   
 2      usa-ns1.usa.example.com.        IN      A       120     192.168.4.1
 2      usa-ns2.usa.example.com.        IN      A       120     192.168.4.2

diff --git a/regression-tests/ds-inside-delegation/expected_result.narrow b/regression-tests/ds-inside-delegation/expected_result.narrow
index 4c1fb8f68e20e14d631a5186a66641897908a3c6..9f62772b37d09ed3b97ce48a3c32a86e0110cc78 100644 (file)
--- a/regression-tests/ds-inside-delegation/expected_result.narrow
+++ b/regression-tests/ds-inside-delegation/expected_result.narrow
@@ -1,7 +1,7 @@
-1      t67rqvqprigd7rtb5fah6c3o7g9th3iv.example.com.   IN      NSEC3   120     1 1 1 abcd T67RQVQPRIGD7RTB5FAH6C3O7G9TH3J1 NS RRSIG
+1      t67rqvqprigd7rtb5fah6c3o7g9th3iv.example.com.   IN      NSEC3   86400   1 1 1 abcd T67RQVQPRIGD7RTB5FAH6C3O7G9TH3J1 NS RRSIG
 1      usa.example.com.        IN      NS      120     usa-ns1.usa.example.com.
 1      usa.example.com.        IN      NS      120     usa-ns2.usa.example.com.
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
 2      .       IN      OPT     32768   
 2      usa-ns1.usa.example.com.        IN      A       120     192.168.4.1
 2      usa-ns2.usa.example.com.        IN      A       120     192.168.4.2

diff --git a/regression-tests/ds-inside-delegation/expected_result.nsec3 b/regression-tests/ds-inside-delegation/expected_result.nsec3
index d62c2f1fe06bb19445b5681836317bf938172c18..2afc10d8d94f760c3ee5cb792c57b7ae13f0e033 100644 (file)
--- a/regression-tests/ds-inside-delegation/expected_result.nsec3
+++ b/regression-tests/ds-inside-delegation/expected_result.nsec3
@@ -1,7 +1,7 @@
-1      t66sektb7egvs7s57m1qged4h6809g8s.example.com.   IN      NSEC3   120     1 1 1 abcd T6A44A7N1B90T5RIS4IBQKT51MMDL0LO A RRSIG
+1      t66sektb7egvs7s57m1qged4h6809g8s.example.com.   IN      NSEC3   86400   1 1 1 abcd T6A44A7N1B90T5RIS4IBQKT51MMDL0LO A RRSIG
 1      usa.example.com.        IN      NS      120     usa-ns1.usa.example.com.
 1      usa.example.com.        IN      NS      120     usa-ns2.usa.example.com.
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
 2      .       IN      OPT     32768   
 2      usa-ns1.usa.example.com.        IN      A       120     192.168.4.1
 2      usa-ns2.usa.example.com.        IN      A       120     192.168.4.2

diff --git a/regression-tests/example.com b/regression-tests/example.com
index 62f804371c0f1b51ba679f8fe43940a160918dc3..cb0ea7e5302e18671d8010e7909fb4e6483ae583 100644 (file)
--- a/regression-tests/example.com
+++ b/regression-tests/example.com
@@ -1,6 +1,6 @@
 $TTL 120
 $ORIGIN example.com.
-@              IN      SOA     ns1.example.com.        ahu.example.com. (
+@      100000  IN      SOA     ns1.example.com.        ahu.example.com. (
                        2000081501
                        8H ; refresh
                        2H ; retry
@@ -12,7 +12,7 @@ $ORIGIN example.com.
 @                      IN      NS      ns2.example.com.
 @                      IN      MX      10      smtp-servers.example.com.
 @                      IN      MX      15      smtp-servers.test.com.
-@                      IN      DNSKEY  256 3 5 AwEAAarTiHhPgvD28WCN8UBXcEcf8f+OF+d/bEoN6zTuHl/oVra5/qfonhYK/RjI74RzHc2wli9TpXOWycQV3YSfpFZ9z+GB/bbsvBon1XMyNf5KXuOwRdHZXIZh1cku3AcIyNroD26MPkbFLHY0+xRI+7u7OsQ6nYcPBpqDiJnB2BMh
+;@                     IN      DNSKEY  256 3 5 AwEAAarTiHhPgvD28WCN8UBXcEcf8f+OF+d/bEoN6zTuHl/oVra5/qfonhYK/RjI74RzHc2wli9TpXOWycQV3YSfpFZ9z+GB/bbsvBon1XMyNf5KXuOwRdHZXIZh1cku3AcIyNroD26MPkbFLHY0+xRI+7u7OsQ6nYcPBpqDiJnB2BMh
 ;
 ns1                    IN      A       192.168.1.1
 ns2                    IN      A       192.168.1.2

diff --git a/regression-tests/five-levels-wildcard-one-below-apex/command b/regression-tests/five-levels-wildcard-one-below-apex/command
index a6030fdcd7a68261d2aae6bbc38df5beded3abb7..9d1606d1f13895b79a7a325106a0eb3b77fcbc99 100755 (executable)
--- a/regression-tests/five-levels-wildcard-one-below-apex/command
+++ b/regression-tests/five-levels-wildcard-one-below-apex/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig www.a.b.c.d.e.something.wtest.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig www.a.b.c.d.e.something.wtest.com A dnssec

diff --git a/regression-tests/five-levels-wildcard-one-below-apex/expected_result b/regression-tests/five-levels-wildcard-one-below-apex/expected_result
index cbcb94c67474541ddddc2740d7e2e82c7dabe607..f2dc0d28cb7d1c3194b8e60eeed194288be08f2f 100644 (file)
--- a/regression-tests/five-levels-wildcard-one-below-apex/expected_result
+++ b/regression-tests/five-levels-wildcard-one-below-apex/expected_result
@@ -1 +1,7 @@
-1      a.something.wtest.com.  IN      NSEC    3600    wtest.com. A RRSIG NSEC
+0      www.a.b.c.d.e.something.wtest.com.      IN      A       3600    4.3.2.1
+0      www.a.b.c.d.e.something.wtest.com.      IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      a.something.wtest.com.  IN      NSEC    86400   wtest.com. A RRSIG NSEC
+1      a.something.wtest.com.  IN      RRSIG   86400   NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.a.b.c.d.e.something.wtest.com.', qtype=A

diff --git a/regression-tests/five-levels-wildcard-one-below-apex/expected_result.narrow b/regression-tests/five-levels-wildcard-one-below-apex/expected_result.narrow
index 23f649bd9e4ce97394d8ad4dcd98ac461f5c679b..a3a2083fc720eb174acc8a451cbdd7ea13bd66f9 100644 (file)
--- a/regression-tests/five-levels-wildcard-one-below-apex/expected_result.narrow
+++ b/regression-tests/five-levels-wildcard-one-below-apex/expected_result.narrow
@@ -1 +1,7 @@
+0      www.a.b.c.d.e.something.wtest.com.      IN      A       3600    4.3.2.1
+0      www.a.b.c.d.e.something.wtest.com.      IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
 1      pqgjjrj5si55uc1208gt1hp1k217fhqu.wtest.com.     IN      NSEC3   86400   1 1 1 abcd PQGJJRJ5SI55UC1208GT1HP1K217FHR0 RRSIG
+1      pqgjjrj5si55uc1208gt1hp1k217fhqu.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.a.b.c.d.e.something.wtest.com.', qtype=A

diff --git a/regression-tests/five-levels-wildcard-one-below-apex/expected_result.nsec3 b/regression-tests/five-levels-wildcard-one-below-apex/expected_result.nsec3
index f5e0f61496605cf6c32c40dc6568b636d7bc9e12..8407a981ba467523b6911c17d654bbbbf2aae7da 100644 (file)
--- a/regression-tests/five-levels-wildcard-one-below-apex/expected_result.nsec3
+++ b/regression-tests/five-levels-wildcard-one-below-apex/expected_result.nsec3
@@ -1 +1,7 @@
-1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   3600    1 1 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+0      www.a.b.c.d.e.something.wtest.com.      IN      A       3600    4.3.2.1
+0      www.a.b.c.d.e.something.wtest.com.      IN      RRSIG   3600    A 8 3 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   86400   1 1 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.a.b.c.d.e.something.wtest.com.', qtype=A

diff --git a/regression-tests/five-levels-wildcard/command b/regression-tests/five-levels-wildcard/command
index 5037adfd73d19400f9baebbc1cbc27b9ff8ac3dc..8335364fccd6ecc8cb73448785233d7e75c2e748 100755 (executable)
--- a/regression-tests/five-levels-wildcard/command
+++ b/regression-tests/five-levels-wildcard/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig www.a.b.c.d.e.wtest.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig www.a.b.c.d.e.wtest.com A dnssec

diff --git a/regression-tests/five-levels-wildcard/expected_result b/regression-tests/five-levels-wildcard/expected_result
index 27b688b5eabcd95ae2258c3aa6f3c30aa8fc43f9..9d5a4fe24d345b460641d7f53b4b68937848ecbd 100644 (file)
--- a/regression-tests/five-levels-wildcard/expected_result
+++ b/regression-tests/five-levels-wildcard/expected_result
@@ -1 +1,7 @@
-1      *.a.b.c.d.e.wtest.com.  IN      NSEC    3600    secure.wtest.com. A RRSIG NSEC
+0      www.a.b.c.d.e.wtest.com.        IN      A       3600    6.7.8.9
+0      www.a.b.c.d.e.wtest.com.        IN      RRSIG   3600    A 8 7 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      *.a.b.c.d.e.wtest.com.  IN      NSEC    86400   secure.wtest.com. A RRSIG NSEC
+1      *.a.b.c.d.e.wtest.com.  IN      RRSIG   86400   NSEC 8 7 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.a.b.c.d.e.wtest.com.', qtype=A

diff --git a/regression-tests/five-levels-wildcard/expected_result.narrow b/regression-tests/five-levels-wildcard/expected_result.narrow
index 7bc473d215b1dc95c91b7b90c51e90d561beeda9..42a06912ec773aab2910cff6df3d854693b84792 100644 (file)
--- a/regression-tests/five-levels-wildcard/expected_result.narrow
+++ b/regression-tests/five-levels-wildcard/expected_result.narrow
@@ -1 +1,7 @@
+0      www.a.b.c.d.e.wtest.com.        IN      A       3600    6.7.8.9
+0      www.a.b.c.d.e.wtest.com.        IN      RRSIG   3600    A 8 7 3600 [expiry] [inception] [keytag] wtest.com. ...
 1      pet5iqbgccga60p2n38nmuanrk50papg.wtest.com.     IN      NSEC3   86400   1 1 1 abcd PET5IQBGCCGA60P2N38NMUANRK50PAPI RRSIG
+1      pet5iqbgccga60p2n38nmuanrk50papg.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.a.b.c.d.e.wtest.com.', qtype=A

diff --git a/regression-tests/five-levels-wildcard/expected_result.nsec3 b/regression-tests/five-levels-wildcard/expected_result.nsec3
index f5e0f61496605cf6c32c40dc6568b636d7bc9e12..56bc239fab937f633a536fd037769db5b8c0ce19 100644 (file)
--- a/regression-tests/five-levels-wildcard/expected_result.nsec3
+++ b/regression-tests/five-levels-wildcard/expected_result.nsec3
@@ -1 +1,7 @@
-1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   3600    1 1 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+0      www.a.b.c.d.e.wtest.com.        IN      A       3600    6.7.8.9
+0      www.a.b.c.d.e.wtest.com.        IN      RRSIG   3600    A 8 7 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      NSEC3   86400   1 1 1 abcd SHEGK154N8362AG22AR9VDDRF3127M6I A RRSIG
+1      pd15qdsjjbfosu5fg2oqrnlb8r8oifl6.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='www.a.b.c.d.e.wtest.com.', qtype=A

diff --git a/regression-tests/minimal-noerror/expected_result b/regression-tests/minimal-noerror/expected_result
index b6b65ba3edfc393ffe8271c72b90885ecadd30db..5dd9d1226e3d33708e4940b38d96cfa7cb71d883 100644 (file)
--- a/regression-tests/minimal-noerror/expected_result
+++ b/regression-tests/minimal-noerror/expected_result
@@ -1 +1 @@
-1      minimal.com.    IN      NSEC    120     minimal.com. NS SOA RRSIG NSEC DNSKEY
+1      minimal.com.    IN      NSEC    86400   minimal.com. NS SOA RRSIG NSEC DNSKEY

diff --git a/regression-tests/minimal-noerror/expected_result.narrow b/regression-tests/minimal-noerror/expected_result.narrow
index ab9bcf73b14f5742b1528ef28a7d9b1f9696a51a..c7c4ef9ecfe4b5f71fa46dd88a29de611ed5218b 100644 (file)
--- a/regression-tests/minimal-noerror/expected_result.narrow
+++ b/regression-tests/minimal-noerror/expected_result.narrow
@@ -1 +1 @@
-1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   120     1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9313 NS SOA RRSIG DNSKEY NSEC3PARAM
+1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   86400   1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9313 NS SOA RRSIG DNSKEY NSEC3PARAM

diff --git a/regression-tests/minimal-noerror/expected_result.nsec3 b/regression-tests/minimal-noerror/expected_result.nsec3
index d00f89355be020d5f152fd02c3c0aa1f995631d9..d885980b1cc4a1bd405d7ce9db39f14b03db82fe 100644 (file)
--- a/regression-tests/minimal-noerror/expected_result.nsec3
+++ b/regression-tests/minimal-noerror/expected_result.nsec3
@@ -1 +1 @@
-1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   120     1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9312 NS SOA RRSIG DNSKEY NSEC3PARAM
+1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   86400   1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9312 NS SOA RRSIG DNSKEY NSEC3PARAM

diff --git a/regression-tests/minimal-nxdomain/expected_result b/regression-tests/minimal-nxdomain/expected_result
index b6b65ba3edfc393ffe8271c72b90885ecadd30db..5dd9d1226e3d33708e4940b38d96cfa7cb71d883 100644 (file)
--- a/regression-tests/minimal-nxdomain/expected_result
+++ b/regression-tests/minimal-nxdomain/expected_result
@@ -1 +1 @@
-1      minimal.com.    IN      NSEC    120     minimal.com. NS SOA RRSIG NSEC DNSKEY
+1      minimal.com.    IN      NSEC    86400   minimal.com. NS SOA RRSIG NSEC DNSKEY

diff --git a/regression-tests/minimal-nxdomain/expected_result.narrow b/regression-tests/minimal-nxdomain/expected_result.narrow
index fd35b6446db43e563f899eda8952d02ab51ed3f1..f0c15c31da1c08e795a91df6107c4c302d9cab5a 100644 (file)
--- a/regression-tests/minimal-nxdomain/expected_result.narrow
+++ b/regression-tests/minimal-nxdomain/expected_result.narrow
@@ -1,3 +1,3 @@
-1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   120     1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9313 NS SOA RRSIG DNSKEY NSEC3PARAM
+1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   86400   1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9313 NS SOA RRSIG DNSKEY NSEC3PARAM
 1      8hki26qt36v6qs8cll4e4nvjit38uhap.minimal.com.   IN      NSEC3   86400   1 1 1 abcd 8HKI26QT36V6QS8CLL4E4NVJIT38UHAR RRSIG
 1      9oadfe8c55evko75kb06spdl23p4fmrh.minimal.com.   IN      NSEC3   86400   1 1 1 abcd 9OADFE8C55EVKO75KB06SPDL23P4FMRJ RRSIG

diff --git a/regression-tests/minimal-nxdomain/expected_result.nsec3 b/regression-tests/minimal-nxdomain/expected_result.nsec3
index d00f89355be020d5f152fd02c3c0aa1f995631d9..d885980b1cc4a1bd405d7ce9db39f14b03db82fe 100644 (file)
--- a/regression-tests/minimal-nxdomain/expected_result.nsec3
+++ b/regression-tests/minimal-nxdomain/expected_result.nsec3
@@ -1 +1 @@
-1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   120     1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9312 NS SOA RRSIG DNSKEY NSEC3PARAM
+1      09lo11rs63u9b3d538a86ijvqcqt9312.minimal.com.   IN      NSEC3   86400   1 1 1 abcd 09LO11RS63U9B3D538A86IJVQCQT9312 NS SOA RRSIG DNSKEY NSEC3PARAM

diff --git a/regression-tests/non-existing-record-other-types-exist-ns/expected_result b/regression-tests/non-existing-record-other-types-exist-ns/expected_result
index c9f9226dd22114eb944debec96116d9cefcf9c25..a5cc1924da3740a9c2de0aeba19fa20cfb6f7c9e 100644 (file)
--- a/regression-tests/non-existing-record-other-types-exist-ns/expected_result
+++ b/regression-tests/non-existing-record-other-types-exist-ns/expected_result
@@ -1,3 +1,3 @@
-1      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='ns1.example.com.', qtype=AAAA

diff --git a/regression-tests/non-existing-record-other-types-exist/expected_result b/regression-tests/non-existing-record-other-types-exist/expected_result
index f0bbc3b503dd6b348aec87f5ff0c9cda083bf005..a9aaa10ac701765083828f716b53406b7bbb724b 100644 (file)
--- a/regression-tests/non-existing-record-other-types-exist/expected_result
+++ b/regression-tests/non-existing-record-other-types-exist/expected_result
@@ -1,3 +1,3 @@
-1      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='outpost.example.com.', qtype=AAAA

diff --git a/regression-tests/ns-with-identical-glue/expected_result b/regression-tests/ns-with-identical-glue/expected_result
index 292dedd68e6ec0eea2afb3f335c7ddc71d5a39a2..ea2775438cbb1736cf916689263616030dfa8b2d 100644 (file)
--- a/regression-tests/ns-with-identical-glue/expected_result
+++ b/regression-tests/ns-with-identical-glue/expected_result
@@ -1,4 +1,4 @@
 1      blah.test.com.  IN      NS      3600    blah.test.com.
-2      blah.test.com.  IN      A       3600    9.9.9.9
+2      blah.test.com.  IN      A       3600    192.168.6.1
 Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 0, opcode: 0
 Reply to question for qname='blah.test.com.', qtype=MX

diff --git a/regression-tests/nsec-bitmap/command b/regression-tests/nsec-bitmap/command
index 312d4fcdd9f034b256abb9931d687e2d5acc965b..9190ecc7cedfb40e26501ec66ed85d1981e89bda 100755 (executable)
--- a/regression-tests/nsec-bitmap/command
+++ b/regression-tests/nsec-bitmap/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig hightype.example.com NSEC dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig hightype.example.com NSEC dnssec

diff --git a/regression-tests/nsec-bitmap/expected_result b/regression-tests/nsec-bitmap/expected_result
index 992d779aa76176aa3496b65feb204b2a8e6b9778..5780b6994c11dd984e7a9ff4a4c609e1ee108126 100644 (file)
--- a/regression-tests/nsec-bitmap/expected_result
+++ b/regression-tests/nsec-bitmap/expected_result
@@ -1 +1,5 @@
-0      hightype.example.com.   IN      NSEC    120     host-0.example.com. A RRSIG NSEC TYPE65534
+0      hightype.example.com.   IN      NSEC    86400   host-0.example.com. A RRSIG NSEC TYPE65534
+0      hightype.example.com.   IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='hightype.example.com.', qtype=NSEC

diff --git a/regression-tests/nsec-bitmap/expected_result.narrow b/regression-tests/nsec-bitmap/expected_result.narrow
index f7bc732379ec742465d920498b587019de602767..d0460525a8837495ec3aafeedca340618caa8924 100644 (file)
--- a/regression-tests/nsec-bitmap/expected_result.narrow
+++ b/regression-tests/nsec-bitmap/expected_result.narrow
@@ -1 +1,7 @@
-1      3v4it454kfh142bi7afagnuvigrpfptt.example.com.   IN      NSEC3   120     1 1 1 abcd 3V4IT454KFH142BI7AFAGNUVIGRPFPTU A RRSIG TYPE65534
+1      3v4it454kfh142bi7afagnuvigrpfptt.example.com.   IN      NSEC3   86400   1 1 1 abcd 3V4IT454KFH142BI7AFAGNUVIGRPFPTU A RRSIG TYPE65534
+1      3v4it454kfh142bi7afagnuvigrpfptt.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='hightype.example.com.', qtype=NSEC

diff --git a/regression-tests/nsec-bitmap/expected_result.nsec3 b/regression-tests/nsec-bitmap/expected_result.nsec3
index bd037df2151d388bebc791ac99fea480f8dd8c4f..5bc4f6c20ede68742a55567d565b0d6b2a89c376 100644 (file)
--- a/regression-tests/nsec-bitmap/expected_result.nsec3
+++ b/regression-tests/nsec-bitmap/expected_result.nsec3
@@ -1 +1,7 @@
-1      3v4it454kfh142bi7afagnuvigrpfptt.example.com.   IN      NSEC3   120     1 1 1 abcd 3V4S43RV1GT28N0F2PPJ8I8482ESMUOB A RRSIG TYPE65534
+1      3v4it454kfh142bi7afagnuvigrpfptt.example.com.   IN      NSEC3   86400   1 1 1 abcd 3V4S43RV1GT28N0F2PPJ8I8482ESMUOB A RRSIG TYPE65534
+1      3v4it454kfh142bi7afagnuvigrpfptt.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='hightype.example.com.', qtype=NSEC

diff --git a/regression-tests/nsec-glue-at-delegation/command b/regression-tests/nsec-glue-at-delegation/command
new file mode 100644 (file)
index 0000000..b705a0b
--- /dev/null
+++ b/regression-tests/nsec-glue-at-delegation/command
@@ -0,0 +1,2 @@
+#!/bin/sh
+cleandig blah.test.com MX dnssec

diff --git a/regression-tests/nsec-glue-at-delegation/expected_result b/regression-tests/nsec-glue-at-delegation/expected_result
new file mode 100644 (file)
index 0000000..6a223b6
--- /dev/null
+++ b/regression-tests/nsec-glue-at-delegation/expected_result
@@ -0,0 +1,7 @@
+1      blah.test.com.  IN      NS      3600    blah.test.com.
+1      blah.test.com.  IN      NSEC    86400   counter.test.com. NS RRSIG NSEC
+1      blah.test.com.  IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+2      .       IN      OPT     32768   
+2      blah.test.com.  IN      A       3600    192.168.6.1
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='blah.test.com.', qtype=MX

diff --git a/regression-tests/nsec-glue-at-delegation/expected_result.narrow b/regression-tests/nsec-glue-at-delegation/expected_result.narrow
new file mode 100644 (file)
index 0000000..88e1d7f
--- /dev/null
+++ b/regression-tests/nsec-glue-at-delegation/expected_result.narrow
@@ -0,0 +1,9 @@
+1      2eu2gulbu53h9uvhfalshpbo2a83t6l2.test.com.      IN      NSEC3   86400   1 1 1 abcd 2EU2GULBU53H9UVHFALSHPBO2A83T6L3 NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      2eu2gulbu53h9uvhfalshpbo2a83t6l2.test.com.      IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+1      blah.test.com.  IN      NS      3600    blah.test.com.
+1      s96h2qicbt8d9i5aa43kp8sjjresq4ka.test.com.      IN      NSEC3   86400   1 1 1 abcd S96H2QICBT8D9I5AA43KP8SJJRESQ4KC A NS RRSIG
+1      s96h2qicbt8d9i5aa43kp8sjjresq4ka.test.com.      IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+2      .       IN      OPT     32768   
+2      blah.test.com.  IN      A       3600    192.168.6.1
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='blah.test.com.', qtype=MX

diff --git a/regression-tests/nsec-glue-at-delegation/expected_result.nsec3 b/regression-tests/nsec-glue-at-delegation/expected_result.nsec3
new file mode 100644 (file)
index 0000000..8162482
--- /dev/null
+++ b/regression-tests/nsec-glue-at-delegation/expected_result.nsec3
@@ -0,0 +1,9 @@
+1      2eu2gulbu53h9uvhfalshpbo2a83t6l2.test.com.      IN      NSEC3   86400   1 1 1 abcd 88F1BQRB2ISCVFEL2SQQCKSVFLNEKAP6 NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      2eu2gulbu53h9uvhfalshpbo2a83t6l2.test.com.      IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+1      blah.test.com.  IN      NS      3600    blah.test.com.
+1      qd81ag9inqts1ocs7api0pji94k27btr.test.com.      IN      NSEC3   86400   1 1 1 abcd SA5VVPQN1COEJGJ3HBKFEKDNII8KKSQA CNAME RRSIG
+1      qd81ag9inqts1ocs7api0pji94k27btr.test.com.      IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] test.com. ...
+2      .       IN      OPT     32768   
+2      blah.test.com.  IN      A       3600    192.168.6.1
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='blah.test.com.', qtype=MX

diff --git a/regression-tests/nsec-glue/command b/regression-tests/nsec-glue/command
index f4266c454dea52329162d2fff8e45b1da86f3765..f976759df69fccc3e42d20bb91b6e3ad35df1608 100755 (executable)
--- a/regression-tests/nsec-glue/command
+++ b/regression-tests/nsec-glue/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig usazzz.example.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig usazzz.example.com A dnssec
 

diff --git a/regression-tests/nsec-glue/expected_result b/regression-tests/nsec-glue/expected_result
index 12fcd1420dc933af31b4308926351d4051ade959..21a68a262b095222033254198bc00059986d94d0 100644 (file)
--- a/regression-tests/nsec-glue/expected_result
+++ b/regression-tests/nsec-glue/expected_result
@@ -1,2 +1,9 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
-1      usa.example.com.        IN      NSEC    120     www.example.com. NS RRSIG NSEC
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      usa.example.com.        IN      NSEC    86400   www.example.com. NS RRSIG NSEC
+1      usa.example.com.        IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usazzz.example.com.', qtype=A

diff --git a/regression-tests/nsec-glue/expected_result.narrow b/regression-tests/nsec-glue/expected_result.narrow
index f47c66a9c182bfcabc70ff0fba5d87fb7ea7592c..6a1c2d557f0e2077663f5b08d458033390cd5aff 100644 (file)
--- a/regression-tests/nsec-glue/expected_result.narrow
+++ b/regression-tests/nsec-glue/expected_result.narrow
@@ -1,3 +1,11 @@
 1      9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2 RRSIG
+1      9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 1      kt3ll2fgp7p2s71mk7frk5igi8pc8gl1.example.com.   IN      NSEC3   86400   1 1 1 abcd KT3LL2FGP7P2S71MK7FRK5IGI8PC8GL3 RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      kt3ll2fgp7p2s71mk7frk5igi8pc8gl1.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usazzz.example.com.', qtype=A

diff --git a/regression-tests/nsec-glue/expected_result.nsec3 b/regression-tests/nsec-glue/expected_result.nsec3
index 95b042ccc3fcd68438261c75d2ee6688c924ffe7..3fd9649f9e8d0ca45ceeca59d75ffefb8efdf100 100644 (file)
--- a/regression-tests/nsec-glue/expected_result.nsec3
+++ b/regression-tests/nsec-glue/expected_result.nsec3
@@ -1,3 +1,11 @@
-1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   120     1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
-1      kt0pu1qu9of4ek09a6amheu1l4c4dq6b.example.com.   IN      NSEC3   120     1 1 1 abcd KT832M4L92B5MCUCJI8QJF16MM2DU3MK A RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      kt0pu1qu9of4ek09a6amheu1l4c4dq6b.example.com.   IN      NSEC3   86400   1 1 1 abcd KT832M4L92B5MCUCJI8QJF16MM2DU3MK A RRSIG
+1      kt0pu1qu9of4ek09a6amheu1l4c4dq6b.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='usazzz.example.com.', qtype=A

diff --git a/regression-tests/nsec-middle/command b/regression-tests/nsec-middle/command
index ac281057f340cf236d4a358d1513e078ba26dd38..9745b8bb7be6445062513f0a27dd3a6c50c7bd8d 100755 (executable)
--- a/regression-tests/nsec-middle/command
+++ b/regression-tests/nsec-middle/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig outerpost.example.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig outerpost.example.com A dnssec
 

diff --git a/regression-tests/nsec-middle/expected_result b/regression-tests/nsec-middle/expected_result
index 54d407347f8d5c7527ca47468ea5a29e2f777516..0b7e2a1172a0b9efd041003413c1213211863791 100644 (file)
--- a/regression-tests/nsec-middle/expected_result
+++ b/regression-tests/nsec-middle/expected_result
@@ -1,2 +1,9 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
-1      ns2.example.com.        IN      NSEC    120     outpost.example.com. A RRSIG NSEC
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      ns2.example.com.        IN      NSEC    86400   outpost.example.com. A RRSIG NSEC
+1      ns2.example.com.        IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outerpost.example.com.', qtype=A

diff --git a/regression-tests/nsec-middle/expected_result.narrow b/regression-tests/nsec-middle/expected_result.narrow
index 6a5791733cde3f0ba4d411d2017a71e1718c8b60..0db51e55c8c8bd7d248d5eb71aaa5970019ea09f 100644 (file)
--- a/regression-tests/nsec-middle/expected_result.narrow
+++ b/regression-tests/nsec-middle/expected_result.narrow
@@ -1,3 +1,11 @@
 1      9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2 RRSIG
+1      9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 1      sthvu2kihc96kc1tu8v3curr8og5dghn.example.com.   IN      NSEC3   86400   1 1 1 abcd STHVU2KIHC96KC1TU8V3CURR8OG5DGHP RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      sthvu2kihc96kc1tu8v3curr8og5dghn.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outerpost.example.com.', qtype=A

diff --git a/regression-tests/nsec-middle/expected_result.nsec3 b/regression-tests/nsec-middle/expected_result.nsec3
index 68f5fb027337e1d5c07efd63abbc8bac8de33e93..6cac84aaad5680f680b33fad5c50b7cccdfa5001 100644 (file)
--- a/regression-tests/nsec-middle/expected_result.nsec3
+++ b/regression-tests/nsec-middle/expected_result.nsec3
@@ -1,3 +1,11 @@
-1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   120     1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
-1      sthkgrndv06hbdrfe7a329lup4mctmqr.example.com.   IN      NSEC3   120     1 1 1 abcd STKPKJBN0URUBBIM832MF33V5OGJR396 A RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      sthkgrndv06hbdrfe7a329lup4mctmqr.example.com.   IN      NSEC3   86400   1 1 1 abcd STKPKJBN0URUBBIM832MF33V5OGJR396 A RRSIG
+1      sthkgrndv06hbdrfe7a329lup4mctmqr.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outerpost.example.com.', qtype=A

diff --git a/regression-tests/nsec-wildcard/command b/regression-tests/nsec-wildcard/command
index bb6730d3f82653f87dd02769ed0ff1947940fc44..72029fc3b9bbe335b0635bdde4c37839cfb678d3 100755 (executable)
--- a/regression-tests/nsec-wildcard/command
+++ b/regression-tests/nsec-wildcard/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig t.something.wtest.com TXT dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig t.something.wtest.com TXT dnssec
 

diff --git a/regression-tests/nsec-wildcard/expected_result b/regression-tests/nsec-wildcard/expected_result
index e144b089e26d7f51c178092e9cf0b5fbb8168159..f773699c792ae3c5cb8f8ede6c570d3b8d9fe816 100644 (file)
--- a/regression-tests/nsec-wildcard/expected_result
+++ b/regression-tests/nsec-wildcard/expected_result
@@ -1,2 +1,9 @@
-1      *.something.wtest.com.  IN      NSEC    3600    a.something.wtest.com. A RRSIG NSEC
-1      a.something.wtest.com.  IN      NSEC    3600    wtest.com. A RRSIG NSEC
+1      *.something.wtest.com.  IN      NSEC    86400   a.something.wtest.com. A RRSIG NSEC
+1      *.something.wtest.com.  IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      a.something.wtest.com.  IN      NSEC    86400   wtest.com. A RRSIG NSEC
+1      a.something.wtest.com.  IN      RRSIG   86400   NSEC 8 4 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      SOA     3600    ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='t.something.wtest.com.', qtype=TXT

diff --git a/regression-tests/nsec-wildcard/expected_result.narrow b/regression-tests/nsec-wildcard/expected_result.narrow
index 3d3b5b5bf43b450456d43ef0156d9d2cd1bb4458..da2aca705555c655c2c2af4b23ced85f5d5ec8c3 100644 (file)
--- a/regression-tests/nsec-wildcard/expected_result.narrow
+++ b/regression-tests/nsec-wildcard/expected_result.narrow
@@ -1,2 +1,9 @@
 1      368r0s1q794jmkdrcpf6f85v316hd9ak.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 368R0S1Q794JMKDRCPF6F85V316HD9AM RRSIG
-1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   3600    1 1 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1      368r0s1q794jmkdrcpf6f85v316hd9ak.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 54NJS65S8U96TKFFRFT6L7J1T1556VIL TXT RRSIG
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      SOA     3600    ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='t.something.wtest.com.', qtype=TXT

diff --git a/regression-tests/nsec-wildcard/expected_result.nsec3 b/regression-tests/nsec-wildcard/expected_result.nsec3
index 34342e9f4cc3178f1cfa4e825251e6f44e63f1db..2ee8b774a1f8cf66a036ad87670de0755264cee7 100644 (file)
--- a/regression-tests/nsec-wildcard/expected_result.nsec3
+++ b/regression-tests/nsec-wildcard/expected_result.nsec3
@@ -1,2 +1,9 @@
-1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   3600    1 1 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
-1      shegk154n8362ag22ar9vddrf3127m6i.wtest.com.     IN      NSEC3   3600    1 1 1 abcd 53I5J7TGM8QG2GBV716RVQVARQCIJUE2 A NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 67I2ESLUBOJ7DPG4263L3T8DV19G6D0G TXT RRSIG
+1      54njs65s8u96tkffrft6l7j1t1556vik.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      shegk154n8362ag22ar9vddrf3127m6i.wtest.com.     IN      NSEC3   86400   1 1 1 abcd 53I5J7TGM8QG2GBV716RVQVARQCIJUE2 A NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      shegk154n8362ag22ar9vddrf3127m6i.wtest.com.     IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      RRSIG   3600    SOA 8 2 3600 [expiry] [inception] [keytag] wtest.com. ...
+1      wtest.com.      IN      SOA     3600    ns1.wtest.com. ahu.example.com. 2005092501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='t.something.wtest.com.', qtype=TXT

diff --git a/regression-tests/nsec-wraparound/command b/regression-tests/nsec-wraparound/command
index 4921a3aa300b7cff5c30ca2729e0ee06e7ce9dfa..7af813e5ef2c593ca10bad9d494df0bef55bfc40 100755 (executable)
--- a/regression-tests/nsec-wraparound/command
+++ b/regression-tests/nsec-wraparound/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig zzz.example.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig zzz.example.com A dnssec
 

diff --git a/regression-tests/nsec-wraparound/expected_result b/regression-tests/nsec-wraparound/expected_result
index d99b62a39990b01fd0751753bfecbb6733a62e32..3f6ac8b9f7a9450620f8d703291551ee19f8b460 100644 (file)
--- a/regression-tests/nsec-wraparound/expected_result
+++ b/regression-tests/nsec-wraparound/expected_result
@@ -1,2 +1,9 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
-1      www.example.com.        IN      NSEC    120     example.com. CNAME RRSIG NSEC
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      www.example.com.        IN      NSEC    86400   example.com. CNAME RRSIG NSEC
+1      www.example.com.        IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='zzz.example.com.', qtype=A

diff --git a/regression-tests/nsec-wraparound/expected_result.nsec3 b/regression-tests/nsec-wraparound/expected_result.nsec3
index b35b7149447427ec8cab422a11580f69bcaa3153..a20b5458d212e90c2a801bfbcfa392b64c93c5e8 100644 (file)
--- a/regression-tests/nsec-wraparound/expected_result.nsec3
+++ b/regression-tests/nsec-wraparound/expected_result.nsec3
@@ -1,3 +1,11 @@
-1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   120     1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
-1      gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com.   IN      NSEC3   120     1 1 1 abcd GNO4LESKG6U7HKEJ9UL71SF1HD7F1P96 A RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com.   IN      NSEC3   86400   1 1 1 abcd GNO4LESKG6U7HKEJ9UL71SF1HD7F1P96 A RRSIG
+1      gnk5kv3h2h1h8ge405j6093608ukp3i5.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='zzz.example.com.', qtype=A

diff --git a/regression-tests/nsec-wrong-type-at-apex/command b/regression-tests/nsec-wrong-type-at-apex/command
index 42569b52794e0d1fd0b2823972228415a21c0ea1..4806fc9352fa9b7f271e4115548f2260e7f456ff 100755 (executable)
--- a/regression-tests/nsec-wrong-type-at-apex/command
+++ b/regression-tests/nsec-wrong-type-at-apex/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig example.com TXT dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig example.com TXT dnssec
 

diff --git a/regression-tests/nsec-wrong-type-at-apex/expected_result b/regression-tests/nsec-wrong-type-at-apex/expected_result
index 48441ba51f7961d9a4f85aa56138ae27e1660263..a4818c38c0fe17b2460c8611d939339c17dd9657 100644 (file)
--- a/regression-tests/nsec-wrong-type-at-apex/expected_result
+++ b/regression-tests/nsec-wrong-type-at-apex/expected_result
@@ -1 +1,7 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=TXT

diff --git a/regression-tests/nsec-wrong-type-at-apex/expected_result.narrow b/regression-tests/nsec-wrong-type-at-apex/expected_result.narrow
index 30d271ec5a6fc842dc064c6ae1e0309bd85c0b75..24164544dbf1b47ae00842af1d329523668bb07d 100644 (file)
--- a/regression-tests/nsec-wrong-type-at-apex/expected_result.narrow
+++ b/regression-tests/nsec-wrong-type-at-apex/expected_result.narrow
@@ -1 +1,7 @@
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=TXT

diff --git a/regression-tests/nsec-wrong-type-at-apex/expected_result.nsec3 b/regression-tests/nsec-wrong-type-at-apex/expected_result.nsec3
index ea63946bb816cb9d9cdeec76aedac725df042aa3..c85202e45d29ae30f02a82b62ffd40c212155282 100644 (file)
--- a/regression-tests/nsec-wrong-type-at-apex/expected_result.nsec3
+++ b/regression-tests/nsec-wrong-type-at-apex/expected_result.nsec3
@@ -1 +1,7 @@
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='example.com.', qtype=TXT

diff --git a/regression-tests/nsec-wrong-type/command b/regression-tests/nsec-wrong-type/command
index 12b0e1989ef3dc148f499234c6b15ef4bda9d093..1a1624a8c92aff1baf67dfdcc2db936882a1214c 100755 (executable)
--- a/regression-tests/nsec-wrong-type/command
+++ b/regression-tests/nsec-wrong-type/command
@@ -1,3 +1,3 @@
 #!/bin/sh
-cleandig outpost.example.com TXT dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig outpost.example.com TXT dnssec
 

diff --git a/regression-tests/nsec-wrong-type/expected_result b/regression-tests/nsec-wrong-type/expected_result
index 2580d61b43fd4a2e45f2dc2ba87cf20f277ba45c..16f8574511dfb9e93d002f6f68672dec13459de5 100644 (file)
--- a/regression-tests/nsec-wrong-type/expected_result
+++ b/regression-tests/nsec-wrong-type/expected_result
@@ -1 +1,7 @@
-1      outpost.example.com.    IN      NSEC    120     semi-external.example.com. A RRSIG NSEC
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      outpost.example.com.    IN      NSEC    86400   semi-external.example.com. A RRSIG NSEC
+1      outpost.example.com.    IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outpost.example.com.', qtype=TXT

diff --git a/regression-tests/nsec-wrong-type/expected_result.narrow b/regression-tests/nsec-wrong-type/expected_result.narrow
index 168b4259717f49255588f52dd9b04d6382a9c3b9..3c8df4eb83933f29348d5d93d5c7a83dde077093 100644 (file)
--- a/regression-tests/nsec-wrong-type/expected_result.narrow
+++ b/regression-tests/nsec-wrong-type/expected_result.narrow
@@ -1 +1,7 @@
-1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   120     1 1 1 abcd 5UVGFM2VJCJE09SVS7LFB22I1UUQJF99 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   86400   1 1 1 abcd 5UVGFM2VJCJE09SVS7LFB22I1UUQJF99 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outpost.example.com.', qtype=TXT

diff --git a/regression-tests/nsec-wrong-type/expected_result.nsec3 b/regression-tests/nsec-wrong-type/expected_result.nsec3
index 729d87c2fa27030da9d78bdd6fb28039bee78887..8d051e85fb0f5bc2193576b5a84bd2ab9ee24b05 100644 (file)
--- a/regression-tests/nsec-wrong-type/expected_result.nsec3
+++ b/regression-tests/nsec-wrong-type/expected_result.nsec3
@@ -1 +1,7 @@
-1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   120     1 1 1 abcd 5V0S7HPRC5IAFH3C3RO0HHNH543D3UIU A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   86400   1 1 1 abcd 5V0S7HPRC5IAFH3C3RO0HHNH543D3UIU A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+2      .       IN      OPT     32768   
+Rcode: 0, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='outpost.example.com.', qtype=TXT

diff --git a/regression-tests/nxdomain-below-nonempty-terminal/command b/regression-tests/nxdomain-below-nonempty-terminal/command
index 3ab6314fdf376a5713ac39faedc2a75433e62d1e..71bd07d818511bc3582600a225667f29123b0410 100755 (executable)
--- a/regression-tests/nxdomain-below-nonempty-terminal/command
+++ b/regression-tests/nxdomain-below-nonempty-terminal/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig nx1.nx2.outpost.example.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig nx1.nx2.outpost.example.com A dnssec

diff --git a/regression-tests/nxdomain-below-nonempty-terminal/expected_result b/regression-tests/nxdomain-below-nonempty-terminal/expected_result
index b9a61fa42867a97c85e0384cc90bea1ea9b06fdf..f25ff2abb6d830e296087534ffe337b1e4bc9d13 100644 (file)
--- a/regression-tests/nxdomain-below-nonempty-terminal/expected_result
+++ b/regression-tests/nxdomain-below-nonempty-terminal/expected_result
@@ -1,2 +1,9 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
-1      outpost.example.com.    IN      NSEC    120     semi-external.example.com. A RRSIG NSEC
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      outpost.example.com.    IN      NSEC    86400   semi-external.example.com. A RRSIG NSEC
+1      outpost.example.com.    IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx1.nx2.outpost.example.com.', qtype=A

diff --git a/regression-tests/nxdomain-below-nonempty-terminal/expected_result.narrow b/regression-tests/nxdomain-below-nonempty-terminal/expected_result.narrow
index c043e7f9acf2c7d4189f442fd8dd66c0c8bb1a67..e48b9b515bd36ec813c21340c20c3bf5df5e0b24 100644 (file)
--- a/regression-tests/nxdomain-below-nonempty-terminal/expected_result.narrow
+++ b/regression-tests/nxdomain-below-nonempty-terminal/expected_result.narrow
@@ -1,3 +1,11 @@
-1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   120     1 1 1 abcd 5UVGFM2VJCJE09SVS7LFB22I1UUQJF99 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   86400   1 1 1 abcd 5UVGFM2VJCJE09SVS7LFB22I1UUQJF99 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 1      sdgbafmjek5v4t8c89q9u0n03qmcslor.example.com.   IN      NSEC3   86400   1 1 1 abcd SDGBAFMJEK5V4T8C89Q9U0N03QMCSLOT RRSIG
+1      sdgbafmjek5v4t8c89q9u0n03qmcslor.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
 1      tsdp8hajlfgr90cv4ib634g1m25nc5up.example.com.   IN      NSEC3   86400   1 1 1 abcd TSDP8HAJLFGR90CV4IB634G1M25NC5UR RRSIG
+1      tsdp8hajlfgr90cv4ib634g1m25nc5up.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx1.nx2.outpost.example.com.', qtype=A

diff --git a/regression-tests/nxdomain-below-nonempty-terminal/expected_result.nsec3 b/regression-tests/nxdomain-below-nonempty-terminal/expected_result.nsec3
index 560cf172ea5f028b6d481fa38cb7fd4e1d1e1de9..9d7140b23e8697a27cecf8fb497aacb8d8e93530 100644 (file)
--- a/regression-tests/nxdomain-below-nonempty-terminal/expected_result.nsec3
+++ b/regression-tests/nxdomain-below-nonempty-terminal/expected_result.nsec3
@@ -1,3 +1,11 @@
-1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   120     1 1 1 abcd 5V0S7HPRC5IAFH3C3RO0HHNH543D3UIU A RRSIG
-1      sdeu4ba3b451gf8ijikm2tphu3bugl4g.example.com.   IN      NSEC3   120     1 1 1 abcd SDH8FVJ6LQLSVCQCO8QP82I6JTR574H2 A RRSIG
-1      tsbl3ev9tces1kjgto3qtn36ltlu0te1.example.com.   IN      NSEC3   120     1 1 1 abcd TSIKPRKTT53V9ILUK08SMR9KADQ44TR1 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   86400   1 1 1 abcd 5V0S7HPRC5IAFH3C3RO0HHNH543D3UIU A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      sdeu4ba3b451gf8ijikm2tphu3bugl4g.example.com.   IN      NSEC3   86400   1 1 1 abcd SDH8FVJ6LQLSVCQCO8QP82I6JTR574H2 A RRSIG
+1      sdeu4ba3b451gf8ijikm2tphu3bugl4g.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      tsbl3ev9tces1kjgto3qtn36ltlu0te1.example.com.   IN      NSEC3   86400   1 1 1 abcd TSIKPRKTT53V9ILUK08SMR9KADQ44TR1 A RRSIG
+1      tsbl3ev9tces1kjgto3qtn36ltlu0te1.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx1.nx2.outpost.example.com.', qtype=A

diff --git a/regression-tests/nxdomain-for-unknown-record/expected_result b/regression-tests/nxdomain-for-unknown-record/expected_result
index 3862067496ef71959bc426f9aff43cd39cf4cb5c..d5b9e06f2be3a8f08c3f578140ba86e9e30e1d88 100644 (file)
--- a/regression-tests/nxdomain-for-unknown-record/expected_result
+++ b/regression-tests/nxdomain-for-unknown-record/expected_result
@@ -1,3 +1,3 @@
-1      example.com.    IN      SOA     120     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='no-such-host.example.com.', qtype=A

diff --git a/regression-tests/second-level-nxdomain/command b/regression-tests/second-level-nxdomain/command
index 11949f812a1c77c0425e328033057818d47ead08..871795e36cd79921eff71aa40db17d79de53a3aa 100755 (executable)
--- a/regression-tests/second-level-nxdomain/command
+++ b/regression-tests/second-level-nxdomain/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig nx.outpost.example.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig nx.outpost.example.com A dnssec

diff --git a/regression-tests/second-level-nxdomain/expected_result b/regression-tests/second-level-nxdomain/expected_result
index b9a61fa42867a97c85e0384cc90bea1ea9b06fdf..711fd146bdf78932d0da52e54950635916775c4f 100644 (file)
--- a/regression-tests/second-level-nxdomain/expected_result
+++ b/regression-tests/second-level-nxdomain/expected_result
@@ -1,2 +1,9 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
-1      outpost.example.com.    IN      NSEC    120     semi-external.example.com. A RRSIG NSEC
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      outpost.example.com.    IN      NSEC    86400   semi-external.example.com. A RRSIG NSEC
+1      outpost.example.com.    IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx.outpost.example.com.', qtype=A

diff --git a/regression-tests/second-level-nxdomain/expected_result.narrow b/regression-tests/second-level-nxdomain/expected_result.narrow
index 20aee9db837aae5c6f1c1710d550b9b170445d7f..286acc62166e27e8371a95aabecea9d6308815ea 100644 (file)
--- a/regression-tests/second-level-nxdomain/expected_result.narrow
+++ b/regression-tests/second-level-nxdomain/expected_result.narrow
@@ -1,3 +1,11 @@
-1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   120     1 1 1 abcd 5UVGFM2VJCJE09SVS7LFB22I1UUQJF99 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   86400   1 1 1 abcd 5UVGFM2VJCJE09SVS7LFB22I1UUQJF99 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 1      k6ta8mhi455hk3jskn0b2st81j6fa1l0.example.com.   IN      NSEC3   86400   1 1 1 abcd K6TA8MHI455HK3JSKN0B2ST81J6FA1L2 RRSIG
+1      k6ta8mhi455hk3jskn0b2st81j6fa1l0.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
 1      tsdp8hajlfgr90cv4ib634g1m25nc5up.example.com.   IN      NSEC3   86400   1 1 1 abcd TSDP8HAJLFGR90CV4IB634G1M25NC5UR RRSIG
+1      tsdp8hajlfgr90cv4ib634g1m25nc5up.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx.outpost.example.com.', qtype=A

diff --git a/regression-tests/second-level-nxdomain/expected_result.nsec3 b/regression-tests/second-level-nxdomain/expected_result.nsec3
index 1f72d469db5b6ebe6a216e8b0bbd566004d74a4e..d8b6253b3d9a0ae867ad117029c1634aa6d23e95 100644 (file)
--- a/regression-tests/second-level-nxdomain/expected_result.nsec3
+++ b/regression-tests/second-level-nxdomain/expected_result.nsec3
@@ -1,3 +1,11 @@
-1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   120     1 1 1 abcd 5V0S7HPRC5IAFH3C3RO0HHNH543D3UIU A RRSIG
-1      k6r6482mfo4upme9n407c2grb6opp1ip.example.com.   IN      NSEC3   120     1 1 1 abcd K6TDMVV7BP54FEFUIVR0BVABIBUN0AV9 A RRSIG
-1      tsbl3ev9tces1kjgto3qtn36ltlu0te1.example.com.   IN      NSEC3   120     1 1 1 abcd TSIKPRKTT53V9ILUK08SMR9KADQ44TR1 A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      NSEC3   86400   1 1 1 abcd 5V0S7HPRC5IAFH3C3RO0HHNH543D3UIU A RRSIG
+1      5uvgfm2vjcje09svs7lfb22i1uuqjf98.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      k6r6482mfo4upme9n407c2grb6opp1ip.example.com.   IN      NSEC3   86400   1 1 1 abcd K6TDMVV7BP54FEFUIVR0BVABIBUN0AV9 A RRSIG
+1      k6r6482mfo4upme9n407c2grb6opp1ip.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      tsbl3ev9tces1kjgto3qtn36ltlu0te1.example.com.   IN      NSEC3   86400   1 1 1 abcd TSIKPRKTT53V9ILUK08SMR9KADQ44TR1 A RRSIG
+1      tsbl3ev9tces1kjgto3qtn36ltlu0te1.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx.outpost.example.com.', qtype=A

diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
index f33ae95ba95fdbc062b9571bc9211aec2b7837f3..30bca3844f1af30ed68491845d376712ea6cd951 100755 (executable)
--- a/regression-tests/start-test-stop
+++ b/regression-tests/start-test-stop
@@ -1,4 +1,4 @@
-#!/bin/sh -ex
+#!/bin/bash -ex
 
 tosql ()
 {
@@ -28,17 +28,31 @@ gsqlite3-nodnssec gsqlite3 gsqlite3-nsec3
 opendbx-sqlite3
 tinydns
 
+add -presigned to any gmysql test (except narrow) to test 
+presigned operation
+
 add 'wait' (literally) after the context to not kill 
 pdns_server immediately after testing
 __EOF__
        exit 1
 fi
 
+rm -f pdns*.pid
+
+presigned=no
+
+if [ ${context: -10} = "-presigned" ]
+then
+       presigned=yes
+       port=$((port-100))
+       context=${context%-presigned}
+fi
+
 case $context in
                bind)
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=bind --bind-config=./named.conf                \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9    \
+                               --fancy-records --send-root-referral    \
                                --cache-ttl=0 --no-config &
                        skipreasons=nodnssec
                        ;;
@@ -57,7 +71,7 @@ case $context in
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=bind --bind-config=./named.conf       \
                                --bind-dnssec-db=./dnssec.sqlite3 \
-                               --query-logging --send-root-referral --loglevel=9    \
+                        --send-root-referral    \
                                --cache-ttl=0 --no-config &
                        ;;
                gmysql-nodnssec)
@@ -77,7 +91,7 @@ case $context in
 
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gmysql \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --gmysql-dbname="$GMYSQLDB" \
                                --gmysql-user="$GMYSQLUSER" \
@@ -129,7 +143,7 @@ __EOF__
 
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gmysql --gmysql-dnssec \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --gmysql-dbname="$GMYSQLDB" \
                                --gmysql-user="$GMYSQLUSER" \
@@ -177,7 +191,7 @@ __EOF__
 
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gpgsql --gpgsql-dnssec \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --gpgsql-dbname="$GPGSQLDB" \
                                --gpgsql-user="$GPGSQLUSER" &
@@ -209,7 +223,7 @@ gpgsql-user=$GPGSQLUSER
 __EOF__
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gpgsql \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --gpgsql-dbname="$GPGSQLDB" \
                                --gpgsql-user="$GPGSQLUSER" &
@@ -225,7 +239,7 @@ __EOF__
 
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gsqlite3 \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --gsqlite3-database=pdns.sqlite3 &
                        skipreasons=nodnssec
@@ -241,7 +255,7 @@ __EOF__
 
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=opendbx \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --opendbx-backend=sqlite3 --opendbx-host-read=./ --opendbx-host-write=./ \
                                --opendbx-database=pdns-opendbx.sqlite3 &
@@ -272,7 +286,7 @@ __EOF__
 
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
-                               --fancy-records --query-logging --send-root-referral --loglevel=9 \
+                               --fancy-records --send-root-referral \
                                --cache-ttl=0 --no-config \
                                --gsqlite3-database=pdns.sqlite3 &
                        if [ $context = gsqlite3-nsec3 ]
@@ -285,7 +299,7 @@ __EOF__
                tinydns)
                        $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./ \
                                --no-shuffle --launch=tinydns \
-                               --query-logging --loglevel=9 --cache-ttl=0 --no-config \
+                        --cache-ttl=0 --no-config \
                                --send-root-referral \
                                --tinydns-dbfile=../modules/tinydnsbackend/data.cdb & 
                        skipreasons=nodnssec
@@ -303,6 +317,52 @@ export context
 export extracontexts
 export skipreasons
 
+if [ $presigned = yes ] && [ ${context:0:6} = gmysql ]
+then
+       context=${context}-presigned
+       [ -z "$GMYSQL2DB" ] && GMYSQL2DB=pdnstest2
+       [ -z "$GMYSQL2USER" ] && GMYSQL2USER=root
+       [ -z "$GMYSQL2HOST" ] && GMYSQL2HOST=localhost
+       [ -z "$GMYSQL2PASSWD" ] && GMYSQL2PASSWD=''
+
+       mysqladmin --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" --force drop "$GMYSQL2DB" \
+               || echo ignoring mysqladmin drop failure
+       mysqladmin --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" create "$GMYSQL2DB"
+       mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \
+               "$GMYSQL2DB" < ../pdns/no-dnssec.schema.mysql.sql
+       mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \
+               "$GMYSQL2DB" < ../pdns/dnssec.schema.mysql.sql
+
+       for zone in $(grep zone named.conf  | cut -f2 -d\")
+       do
+               mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \
+               "$GMYSQL2DB" \
+               -e "INSERT INTO domains (name, type, master) VALUES('$zone','SLAVE','127.0.0.1:$port')"
+       done
+
+       port=$((port+100))
+
+       $RUNWRAPPER ../pdns/pdns_server --daemon=no --local-port=$port --socket-dir=./  \
+               --no-shuffle --launch=gmysql --gmysql-dnssec \
+               --fancy-records --send-root-referral \
+               --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
+               --gmysql-dbname="$GMYSQL2DB" \
+               --gmysql-user="$GMYSQL2USER" \
+               --gmysql-host="$GMYSQL2HOST" \
+               --gmysql-password="$GMYSQL2PASSWD" \
+               --config-name=gmysql2 |& egrep -v "update records set ordername|insert into records" &
+       echo 'waiting for zones to be slaved'
+       while sleep 10
+       do
+               todo=$(mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQl2HOST" \
+                          "$GMYSQL2DB" -ss -e 'SELECT COUNT(id) FROM domains WHERE last_check IS NULL')
+               if [ $todo = 0 ]
+               then
+                       break
+               fi
+       done
+fi
+
 ## TODO: give pdns a few seconds to startup or fail, then check if it did not fail
 ## TODO: give sdig a timeout
 nameserver=127.0.0.1 ./runtests
@@ -313,4 +373,5 @@ then
        echo tests done! push enter to terminate instance
        read l
 fi
-kill $(cat pdns.pid)
+kill $(cat pdns*.pid)
+rm pdns*.pid
\ No newline at end of file

diff --git a/regression-tests/test.com b/regression-tests/test.com
index f93a86c275a670d6f569e1fbadfa111f72eba5bf..482d2277deeac4e4a1473b2890a00ddec0a67a62 100644 (file)
--- a/regression-tests/test.com
+++ b/regression-tests/test.com
@@ -23,8 +23,8 @@ _ldap._tcp.dc         IN      SRV     0 100 389 server1
 _double._tcp.dc                IN      SRV     0 100 389 server1
 _double._tcp.dc                IN      SRV     1 100 389 server1
 blah                   IN      NS      blah
-blah                   IN      A       9.9.9.9
+blah                   IN      A       192.168.6.1
 ;images                        IN      URL     "http://www.ds9a.nl"
 ;bert@auto.test.com.                   IN      MBOXFW  "bert@ds9a.nl"
 very-long-txt          IN      TXT     "A very long TXT record! boy you won't believe how long. A very long TXT record! boy you won't believe how long. A very long TXT record! boy you won't believe how long. A very long TXT record! boy you won't believe how long. A very long TXT record! boy you won't believe how long!"
-within-server          IN      CNAME   outpost.example.com.
\ No newline at end of file
+within-server          IN      CNAME   outpost.example.com.

diff --git a/regression-tests/two-level-nxdomain/command b/regression-tests/two-level-nxdomain/command
index a848cc1e3ae7c3c16fb879669c4ceed4067bd7c0..faf2f6a66434dea0809cdf0f4a6e41d3f66382e2 100755 (executable)
--- a/regression-tests/two-level-nxdomain/command
+++ b/regression-tests/two-level-nxdomain/command
@@ -1,2 +1,2 @@
 #!/bin/sh
-cleandig nx1.nx2.example.com A dnssec | egrep 'IN[[:space:]]+NSEC'
+cleandig nx1.nx2.example.com A dnssec

diff --git a/regression-tests/two-level-nxdomain/expected_result b/regression-tests/two-level-nxdomain/expected_result
index 54d407347f8d5c7527ca47468ea5a29e2f777516..74e4fd04d1c2c4bdac6e8cec52f147c6ccca6a87 100644 (file)
--- a/regression-tests/two-level-nxdomain/expected_result
+++ b/regression-tests/two-level-nxdomain/expected_result
@@ -1,2 +1,9 @@
-1      example.com.    IN      NSEC    120     escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
-1      ns2.example.com.        IN      NSEC    120     outpost.example.com. A RRSIG NSEC
+1      example.com.    IN      NSEC    86400   escapedtext.example.com. NS SOA MX RRSIG NSEC DNSKEY
+1      example.com.    IN      RRSIG   86400   NSEC 8 2 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      ns2.example.com.        IN      NSEC    86400   outpost.example.com. A RRSIG NSEC
+1      ns2.example.com.        IN      RRSIG   86400   NSEC 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx1.nx2.example.com.', qtype=A

diff --git a/regression-tests/two-level-nxdomain/expected_result.narrow b/regression-tests/two-level-nxdomain/expected_result.narrow
index 311f92e1002535948a06008c48faedf14478d7d1..46383544fffd2b09f77249d4eb73178953a0ecf7 100644 (file)
--- a/regression-tests/two-level-nxdomain/expected_result.narrow
+++ b/regression-tests/two-level-nxdomain/expected_result.narrow
@@ -1,3 +1,11 @@
 1      9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FAG9508OQU3M22QAC0U5EQGG45V8CF2 RRSIG
+1      9fag9508oqu3m22qac0u5eqgg45v8cf0.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
 1      ectnliqstqsjnnrpuhjj5h0j3c3odkk3.example.com.   IN      NSEC3   86400   1 1 1 abcd ECTNLIQSTQSJNNRPUHJJ5H0J3C3ODKK5 RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      ectnliqstqsjnnrpuhjj5h0j3c3odkk3.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTNQ6OCN2VKUIV3NJU14OQTAEN2MT5SL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx1.nx2.example.com.', qtype=A

diff --git a/regression-tests/two-level-nxdomain/expected_result.nsec3 b/regression-tests/two-level-nxdomain/expected_result.nsec3
index 6101ba38026386dd84f57f9ced8c9e7b8aeacc76..f1d66fdb96357c211604a9b71a226eba3938deba 100644 (file)
--- a/regression-tests/two-level-nxdomain/expected_result.nsec3
+++ b/regression-tests/two-level-nxdomain/expected_result.nsec3
@@ -1,3 +1,11 @@
-1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   120     1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
-1      ecskkg9s6f7lap5qjrnns1bf8pjunshj.example.com.   IN      NSEC3   120     1 1 1 abcd ECTPI4N8UNDE9GNVKHG28NJR512JBD4O A RRSIG
-1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   120     1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      NSEC3   86400   1 1 1 abcd 9FDAOFPLLN0FQFU9DP274GOU59QFHSLD A RRSIG
+1      9f8hti7cc7oqnqjv84klnp89glqrss3r.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      ecskkg9s6f7lap5qjrnns1bf8pjunshj.example.com.   IN      NSEC3   86400   1 1 1 abcd ECTPI4N8UNDE9GNVKHG28NJR512JBD4O A RRSIG
+1      ecskkg9s6f7lap5qjrnns1bf8pjunshj.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      RRSIG   86400   SOA 8 2 100000 [expiry] [inception] [keytag] example.com. ...
+1      example.com.    IN      SOA     86400   ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      NSEC3   86400   1 1 1 abcd VTP9NUQBEH436S7J0K8TI2A32MMKCUUL NS SOA MX RRSIG DNSKEY NSEC3PARAM
+1      vtnq6ocn2vkuiv3nju14oqtaen2mt5sk.example.com.   IN      RRSIG   86400   NSEC3 8 3 86400 [expiry] [inception] [keytag] example.com. ...
+2      .       IN      OPT     32768   
+Rcode: 3, RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
+Reply to question for qname='nx1.nx2.example.com.', qtype=A