middleware/file: fix delegations (#376)

Fix the delegation handling in the *file* and *dnssec* middleware. Refactor tests a bit and show that they are failling. Add a Tree printer, cleanups and tests. Fix wildcard test - should get no answer from empty-non-terminal
2025-11-01 02:33:14 -04:00 · 2016-11-05 14:39:49 +00:00
parent d6902cd7a1
commit 2cca527d9f
18 changed files with 658 additions and 624 deletions
--- a/middleware/file/delegation_test.go
+++ b/middleware/file/delegation_test.go
@@ -30,6 +30,32 @@ var delegationTestCases = []test.Case{
 			test.NS("delegated.miek.nl.	1800	IN	NS	a.delegated.miek.nl."),
 			test.NS("delegated.miek.nl.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
 		},
+		Extra: []dns.RR{
+			test.A("a.delegated.miek.nl. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
+	},
+	{
+		Qname: "foo.delegated.miek.nl.", Qtype: dns.TypeA,
+		Ns: []dns.RR{
+			test.NS("delegated.miek.nl.	1800	IN	NS	a.delegated.miek.nl."),
+			test.NS("delegated.miek.nl.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
+		},
+		Extra: []dns.RR{
+			test.A("a.delegated.miek.nl. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
+	},
+	{
+		Qname: "foo.delegated.miek.nl.", Qtype: dns.TypeTXT,
+		Ns: []dns.RR{
+			test.NS("delegated.miek.nl.	1800	IN	NS	a.delegated.miek.nl."),
+			test.NS("delegated.miek.nl.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
+		},
+		Extra: []dns.RR{
+			test.A("a.delegated.miek.nl. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.miek.nl. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
 	},
 	{
 		Qname: "miek.nl.", Qtype: dns.TypeSOA,
@@ -45,22 +71,94 @@ var delegationTestCases = []test.Case{
 	},
 }

+var secureDelegationTestCases = []test.Case{
+	{
+		Qname: "a.delegated.example.org.", Qtype: dns.TypeTXT,
+		Do: true,
+		Ns: []dns.RR{
+			test.DS("delegated.example.org.	1800	IN	DS	10056 5 1 EE72CABD1927759CDDA92A10DBF431504B9E1F13"),
+			test.DS("delegated.example.org.	1800	IN	DS	10056 5 2 E4B05F87725FA86D9A64F1E53C3D0E6250946599DFE639C45955B0ED416CDDFA"),
+			test.NS("delegated.example.org.	1800	IN	NS	a.delegated.example.org."),
+			test.NS("delegated.example.org.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
+			test.RRSIG("delegated.example.org.	1800	IN	RRSIG	DS 13 3 1800 20161129153240 20161030153240 49035 example.org. rlNNzcUmtbjLSl02ZzQGUbWX75yCUx0Mug1jHtKVqRq1hpPE2S3863tIWSlz+W9wz4o19OI4jbznKKqk+DGKog=="),
+		},
+		Extra: []dns.RR{
+			test.OPT(4096, true),
+			test.A("a.delegated.example.org. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.example.org. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
+	},
+	{
+		Qname: "delegated.example.org.", Qtype: dns.TypeNS,
+		Do: true,
+		Answer: []dns.RR{
+			test.NS("delegated.example.org.	1800	IN	NS	a.delegated.example.org."),
+			test.NS("delegated.example.org.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
+		},
+		Extra: []dns.RR{
+			test.OPT(4096, true),
+			test.A("a.delegated.example.org. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.example.org. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
+	},
+	{
+		Qname: "foo.delegated.example.org.", Qtype: dns.TypeA,
+		Do: true,
+		Ns: []dns.RR{
+			test.DS("delegated.example.org.	1800	IN	DS	10056 5 1 EE72CABD1927759CDDA92A10DBF431504B9E1F13"),
+			test.DS("delegated.example.org.	1800	IN	DS	10056 5 2 E4B05F87725FA86D9A64F1E53C3D0E6250946599DFE639C45955B0ED416CDDFA"),
+			test.NS("delegated.example.org.	1800	IN	NS	a.delegated.example.org."),
+			test.NS("delegated.example.org.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
+			test.RRSIG("delegated.example.org.	1800	IN	RRSIG	DS 13 3 1800 20161129153240 20161030153240 49035 example.org. rlNNzcUmtbjLSl02ZzQGUbWX75yCUx0Mug1jHtKVqRq1hpPE2S3863tIWSlz+W9wz4o19OI4jbznKKqk+DGKog=="),
+		},
+		Extra: []dns.RR{
+			test.OPT(4096, true),
+			test.A("a.delegated.example.org. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.example.org. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
+	},
+	{
+		Qname: "foo.delegated.example.org.", Qtype: dns.TypeTXT,
+		Do: true,
+		Ns: []dns.RR{
+			test.DS("delegated.example.org.	1800	IN	DS	10056 5 1 EE72CABD1927759CDDA92A10DBF431504B9E1F13"),
+			test.DS("delegated.example.org.	1800	IN	DS	10056 5 2 E4B05F87725FA86D9A64F1E53C3D0E6250946599DFE639C45955B0ED416CDDFA"),
+			test.NS("delegated.example.org.	1800	IN	NS	a.delegated.example.org."),
+			test.NS("delegated.example.org.	1800	IN	NS	ns-ext.nlnetlabs.nl."),
+			test.RRSIG("delegated.example.org.	1800	IN	RRSIG	DS 13 3 1800 20161129153240 20161030153240 49035 example.org. rlNNzcUmtbjLSl02ZzQGUbWX75yCUx0Mug1jHtKVqRq1hpPE2S3863tIWSlz+W9wz4o19OI4jbznKKqk+DGKog=="),
+		},
+		Extra: []dns.RR{
+			test.OPT(4096, true),
+			test.A("a.delegated.example.org. 1800 IN A 139.162.196.78"),
+			test.AAAA("a.delegated.example.org. 1800 IN AAAA 2a01:7e00::f03c:91ff:fef1:6735"),
+		},
+	},
+}
+
 func TestLookupDelegation(t *testing.T) {
-	zone, err := Parse(strings.NewReader(dbMiekNLDelegation), testzone, "stdin")
+	testDelegation(t, dbMiekNLDelegation, testzone, delegationTestCases)
+}
+
+func TestLookupSecureDelegation(t *testing.T) {
+	testDelegation(t, exampleOrgSigned, "example.org.", secureDelegationTestCases)
+}
+
+func testDelegation(t *testing.T, z, origin string, testcases []test.Case) {
+	zone, err := Parse(strings.NewReader(z), origin, "stdin")
 	if err != nil {
-		t.Fatalf("expect no error when reading zone, got %q", err)
+		t.Fatalf("Expect no error when reading zone, got %q", err)
 	}

-	fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{testzone: zone}, Names: []string{testzone}}}
+	fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{origin: zone}, Names: []string{origin}}}
 	ctx := context.TODO()

-	for _, tc := range delegationTestCases {
+	for _, tc := range testcases {
 		m := tc.Msg()

 		rec := dnsrecorder.New(&test.ResponseWriter{})
 		_, err := fm.ServeDNS(ctx, rec, m)
 		if err != nil {
-			t.Errorf("expected no error, got %v\n", err)
+			t.Errorf("Expected no error, got %q\n", err)
 			return
 		}