middleware/file/closest.go

package file

import "github.com/miekg/dns"

// ClosestEncloser returns the closest encloser for rr.
func (z *Zone) ClosestEncloser(qname string, qtype uint16) string {
	// tree/tree.go does not store a parent *Node pointer, so we can't
	// just follow up the tree. TODO(miek): fix.
	offset, end := dns.NextLabel(qname, 0)
	for !end {
		elem, _ := z.Tree.Search(qname, qtype)
		if elem != nil {
			return elem.Name()
		}
		qname = qname[offset:]

		offset, end = dns.NextLabel(qname, offset)
	}

	return z.SOA.Header().Name
}

// nameErrorProof finds the closest encloser and return an NSEC that proofs
// the wildcard does not exist and an NSEC that proofs the name does no exist.
func (z *Zone) nameErrorProof(qname string, qtype uint16) []dns.RR {
	elem := z.Tree.Prev(qname)
	if elem == nil {
		return nil
	}
	nsec := z.lookupNSEC(elem, true)
	nsecIndex := 0
	for i := 0; i < len(nsec); i++ {
		if nsec[i].Header().Rrtype == dns.TypeNSEC {
			nsecIndex = i
			break
		}
	}

	// We do this lookup twice, once for wildcard and once for the name proof. TODO(miek): fix
	ce := z.ClosestEncloser(qname, qtype)
	elem = z.Tree.Prev("*." + ce)
	if elem == nil {
		// Root?
		return nil
	}
	nsec1 := z.lookupNSEC(elem, true)
	nsec1Index := 0
	for i := 0; i < len(nsec1); i++ {
		if nsec1[i].Header().Rrtype == dns.TypeNSEC {
			nsec1Index = i
			break
		}
	}

	// Check for duplicate NSEC.
	if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&
		nsec[nsecIndex].(*dns.NSEC).NextDomain == nsec1[nsec1Index].(*dns.NSEC).NextDomain {
		return nsec
	}

	return append(nsec, nsec1...)
}
add closest encloser stuff 2016-03-30 16:45:02 +00:00			`package file`

			`import "github.com/miekg/dns"`

			`// ClosestEncloser returns the closest encloser for rr.`
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`func (z *Zone) ClosestEncloser(qname string, qtype uint16) string {`
Fix closest encloser 2016-03-30 20:13:48 +01:00			`// tree/tree.go does not store a parent *Node pointer, so we can't`
			`// just follow up the tree. TODO(miek): fix.`
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`offset, end := dns.NextLabel(qname, 0)`
Fix closest encloser 2016-03-30 20:13:48 +01:00			`for !end {`
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`elem, _ := z.Tree.Search(qname, qtype)`
Fix closest encloser 2016-03-30 20:13:48 +01:00			`if elem != nil {`
			`return elem.Name()`
			`}`
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`qname = qname[offset:]`
Fix closest encloser 2016-03-30 20:13:48 +01:00
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`offset, end = dns.NextLabel(qname, offset)`
add closest encloser stuff 2016-03-30 16:45:02 +00:00			`}`
Fix closest encloser 2016-03-30 20:13:48 +01:00
			`return z.SOA.Header().Name`
add closest encloser stuff 2016-03-30 16:45:02 +00:00			`}`
Add nameerror proof 2016-03-30 20:47:38 +01:00
			`// nameErrorProof finds the closest encloser and return an NSEC that proofs`
			`// the wildcard does not exist and an NSEC that proofs the name does no exist.`
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`func (z *Zone) nameErrorProof(qname string, qtype uint16) []dns.RR {`
			`elem := z.Tree.Prev(qname)`
Add nameerror proof 2016-03-30 20:47:38 +01:00			`if elem == nil {`
			`return nil`
			`}`
			`nsec := z.lookupNSEC(elem, true)`
			`nsecIndex := 0`
			`for i := 0; i < len(nsec); i++ {`
			`if nsec[i].Header().Rrtype == dns.TypeNSEC {`
			`nsecIndex = i`
			`break`
			`}`
			`}`

Positive wildcare replies Reply to queries when you have a wildcard in the zone. This works for DNS and DNSSEC. Thing missing is NODATA responses for that specific wildcard. Add wildcard_test.go as well. 2016-03-31 09:25:22 +00:00			`// We do this lookup twice, once for wildcard and once for the name proof. TODO(miek): fix`
Use qname/qtype for lookups Drop the use of dns.RR when in fact the only thing we use is the name and type of the RR. Cleans up a bunch of stuff and also stops the weird making of dns.RRs just for a lookup. Should safe some memory as well. Fixes: #66 2016-04-02 17:49:13 +01:00			`ce := z.ClosestEncloser(qname, qtype)`
			`elem = z.Tree.Prev("*." + ce)`
Add nameerror proof 2016-03-30 20:47:38 +01:00			`if elem == nil {`
			`// Root?`
			`return nil`
			`}`
			`nsec1 := z.lookupNSEC(elem, true)`
			`nsec1Index := 0`
			`for i := 0; i < len(nsec1); i++ {`
			`if nsec1[i].Header().Rrtype == dns.TypeNSEC {`
			`nsec1Index = i`
			`break`
			`}`
			`}`

			`// Check for duplicate NSEC.`
			`if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&`
			`nsec[nsecIndex].(dns.NSEC).NextDomain == nsec1[nsec1Index].(dns.NSEC).NextDomain {`
			`return nsec`
			`}`

			`return append(nsec, nsec1...)`
			`}`