Add middleware/dnssec (#133)

This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2025-11-01 10:43:17 -04:00 · 2016-04-26 17:57:11 +01:00
parent 8e6c690484
commit 1aa1a92198
39 changed files with 1206 additions and 144 deletions
--- a/core/setup/dnssec_test.go
+++ b/core/setup/dnssec_test.go
@@ -0,0 +1,54 @@
+package setup
+
+import (
+	"strings"
+	"testing"
+)
+
+func TestDnssec(t *testing.T) {
+	tests := []struct {
+		input              string
+		shouldErr          bool
+		expectedZones      []string
+		expectedKeys       []string
+		expectedErrContent string
+	}{
+		{
+			`dnssec`, false, nil, nil, "",
+		},
+		{
+			`dnssec miek.nl`, false, []string{"miek.nl."}, nil, "",
+		},
+	}
+
+	for i, test := range tests {
+		c := NewTestController(test.input)
+		zones, keys, err := dnssecParse(c)
+
+		if test.shouldErr && err == nil {
+			t.Errorf("Test %d: Expected error but found %s for input %s", i, err, test.input)
+		}
+
+		if err != nil {
+			if !test.shouldErr {
+				t.Errorf("Test %d: Expected no error but found one for input %s. Error was: %v", i, test.input, err)
+			}
+
+			if !strings.Contains(err.Error(), test.expectedErrContent) {
+				t.Errorf("Test %d: Expected error to contain: %v, found error: %v, input: %s", i, test.expectedErrContent, err, test.input)
+			}
+		}
+		if !test.shouldErr {
+			for i, z := range test.expectedZones {
+				if zones[i] != z {
+					t.Errorf("Dnssec not correctly set for input %s. Expected: %s, actual: %s", test.input, z, zones[i])
+				}
+			}
+			for i, k := range test.expectedKeys {
+				if k != keys[i].K.Header().Name {
+					t.Errorf("Dnssec not correctly set for input %s. Expected: '%s', actual: '%s'", test.input, k, keys[i].K.Header().Name)
+				}
+			}
+		}
+	}
+}