Add middleware/dnssec (#133)

This adds an online dnssec middleware. The middleware will sign
responses on the fly. Negative responses are signed with NSEC black
lies.

middleware/file/closest.go

@@ -52,6 +52,10 @@ func (z *Zone) nameErrorProof(qname string, qtype uint16) []dns.RR {
 		}
 	}
 
+	if len(nsec) == 0 || len(nsec1) == 0 {
+		return nsec
+	}
+
 	// Check for duplicate NSEC.
 	if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&
 		nsec[nsecIndex].(*dns.NSEC).NextDomain == nsec1[nsec1Index].(*dns.NSEC).NextDomain {

middleware/file/file.go

@@ -1,7 +1,7 @@
 package file
 
 import (
-	"fmt"
+	"errors"
 	"io"
 	"log"
 
@@ -27,12 +27,15 @@ func (f File) ServeDNS(ctx context.Context, w dns.ResponseWriter, r *dns.Msg) (i
 	state := middleware.State{W: w, Req: r}
 
 	if state.QClass() != dns.ClassINET {
-		return dns.RcodeServerFailure, fmt.Errorf("can only deal with ClassINET")
+		return dns.RcodeServerFailure, errors.New("can only deal with ClassINET")
 	}
 	qname := state.Name()
 	zone := middleware.Zones(f.Zones.Names).Matches(qname)
 	if zone == "" {
-		return f.Next.ServeDNS(ctx, w, r)
+		if f.Next != nil {
+			return f.Next.ServeDNS(ctx, w, r)
+		}
+		return dns.RcodeServerFailure, errors.New("no next middleware found")
 	}
 	z, ok := f.Zones.Z[zone]
 	if !ok {

middleware/file/reload_test.go

@@ -11,7 +11,7 @@ import (
 )
 
 func TestZoneReload(t *testing.T) {
-	fileName, rm, err := test.Zone(t, ".", reloadZoneTest)
+	fileName, rm, err := test.TempFile(t, ".", reloadZoneTest)
 	if err != nil {
 		t.Fatalf("failed to create zone: %s", err)
 	}