Mirrors/coredns
1
0
Fork 0
mirror of https://github.com/coredns/coredns.git synced 2025-11-18 18:02:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

middleware/file: proper support for wildcard (#323)

Browse Source 
Add support for wildcard records, while taking care of wildcard-cnames
and DNSSEC. Add enough tests to check all the corner cases.
This commit is contained in:
Miek Gieben
2016-10-08 15:22:31 +01:00
committed by GitHub
parent b44d82839f
commit e43384b501
13 changed files with 437 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

145
middleware/file/dnssex_test.go Normal file
View File

@@ -0,0 +1,145 @@
package file
const dbDnssexNLSigned = `
; File written on Tue Mar 29 21:02:24 2016
; dnssec_signzone version 9.10.3-P4-Ubuntu
dnssex.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. (
1459281744 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
14400 ; minimum (4 hours)
)
1800 RRSIG SOA 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
CA/Y3m9hCOiKC/8ieSOv8SeP964BUdG/8MC3
WtKljUosK9Z9bBGrVizDjjqgq++lyH8BZJcT
aabAsERs4xj5PRtcxicwQXZACX5VYjXHQeZm
CyytFU5wq2gcXSmvUH86zZzftx3RGPvn1aOo
TlcvoC3iF8fYUCpROlUS0YR8Cdw= )
1800 NS omval.tednet.nl.
1800 NS linode.atoom.net.
1800 NS ns-ext.nlnetlabs.nl.
1800 RRSIG NS 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
dLIeEvP86jj5nd3orv9bH7hTvkblF4Na0sbl
k6fJA6ha+FPN1d6Pig3NNEEVQ/+wlOp/JTs2
v07L7roEEUCbBprI8gMSld2gFDwNLW3DAB4M
WD/oayYdAnumekcLzhgvWixTABjWAGRTGQsP
sVDFXsGMf9TGGC9FEomgkCVeNC0= )
1800 A 139.162.196.78
1800 RRSIG A 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
LKJKLzPiSEDWOLAag2YpfD5EJCuDcEAJu+FZ
Xy+4VyOv9YvRHCTL4vbrevOo5+XymY2RxU1q
j+6leR/Fe7nlreSj2wzAAk2bIYn4m6r7hqeO
aKZsUFfpX8cNcFtGEywfHndCPELbRxFeEziP
utqHFLPNMX5nYCpS28w4oJ5sAnM= )
1800 TXT "Doing It Safe Is Better"
1800 RRSIG TXT 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
f6S+DUfJK1UYdOb3AHgUXzFTTtu+yLp/Fv7S
Hv0CAGhXAVw+nBbK719igFvBtObS33WKwzxD
1pQNMaJcS6zeevtD+4PKB1KDC4fyJffeEZT6
E30jGR8Y29/xA+Fa4lqDNnj9zP3b8TiABCle
ascY5abkgWCALLocFAzFJQ/27YQ= )
1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
1800 RRSIG AAAA 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
PWcPSawEUBAfCuv0liEOQ8RYe7tfNW4rubIJ
LE+dbrub1DUer3cWrDoCYFtOufvcbkYJQ2CQ
AGjJmAQ5J2aqYDOPMrKa615V0KT3ifbZJcGC
gkIic4U/EXjaQpRoLdDzR9MyVXOmbA6sKYzj
ju1cNkLqM8D7Uunjl4pIr6rdSFo= )
14400 NSEC *.dnssex.nl. A NS SOA TXT AAAA RRSIG NSEC DNSKEY
14400 RRSIG NSEC 8 2 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
oIvM6JZIlNc1aNKGTxv58ApSnDr1nDPPgnD9
9oJZRIn7eb5WnpeDz2H3z5+x6Bhlp5hJJaUp
KJ3Ss6Jg/IDnrmIvKmgq6L6gHj1Y1IiHmmU8
VeZTRzdTsDx/27OsN23roIvsytjveNSEMfIm
iLZ23x5kg1kBdJ9p3xjYHm5lR+8= )
1800 DNSKEY 256 3 8 (
AwEAAazSO6uvLPEVknDA8yxjFe8nnAMU7txp
wb19k55hQ81WV3G4bpBM1NdN6sbYHrkXaTNx
2bQWAkvX6pz0XFx3z/MPhW+vkakIWFYpyQ7R
AT5LIJfToVfiCDiyhhF0zVobKBInO9eoGjd9
BAW3TUt+LmNAO/Ak5D5BX7R3CuA7v9k7
) ; ZSK; alg = RSASHA256; key id = 14460
1800 DNSKEY 257 3 8 (
AwEAAbyeaV9zg0IqdtgYoqK5jJ239anzwG2i
gvH1DxSazLyaoNvEkCIvPgMLW/JWfy7Z1mQp
SMy9DtzL5pzRyQgw7kIeXLbi6jufUFd9pxN+
xnzKLf9mY5AcnGToTrbSL+jnMT67wG+c34+Q
PeVfucHNUePBxsbz2+4xbXiViSQyCQGv
) ; KSK; alg = RSASHA256; key id = 18772
1800 RRSIG DNSKEY 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
cFSFtJE+DBGNxb52AweFaVHBe5Ue5MDpqNdC
TIneUnEhP2m+vK4zJ/TraK0WdQFpsX63pod8
PZ9y03vHUfewivyonCCBD3DcNdoU9subhN22
tez9Ct8Z5/9E4RAz7orXal4M1VUEhRcXSEH8
SJW20mfVsqJAiKqqNeGB/pAj23I= )
1800 RRSIG DNSKEY 8 2 1800 (
20160428190224 20160329190224 18772 dnssex.nl.
oiiwo/7NYacePqohEp50261elhm6Dieh4j2S
VZGAHU5gqLIQeW9CxKJKtSCkBVgUo4cvO4Rn
2tzArAuclDvBrMXRIoct8u7f96moeFE+x5FI
DYqICiV6k449ljj9o4t/5G7q2CRsEfxZKpTI
A/L0+uDk0RwVVzL45+TnilcsmZs= )
*.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"
1800 RRSIG TXT 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
FUZSTyvZfeuuOpCmNzVKOfITRHJ6/ygjmnnb
XGBxVUyQjoLuYXwD5XqZWGw4iKH6QeSDfGCx
4MPqA4qQmW7Wwth7mat9yMfA4+p2sO84bysl
7/BG9+W2G+q1uQiM9bX9V42P2X/XuW5Y/t9Y
8u1sljQ7D8WwS6naH/vbaJxnDBw= )
14400 NSEC a.dnssex.nl. TXT RRSIG NSEC
14400 RRSIG NSEC 8 2 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
os6INm6q2eXknD5z8TpfbK00uxVbQefMvHcR
/RNX/kh0xXvzAaaDOV+Ge/Ko+2dXnKP+J1LY
G9ffXNpdbaQy5ygzH5F041GJst4566GdG/jt
7Z7vLHYxEBTpZfxo+PLsXQXH3VTemZyuWyDf
qJzafXJVH1F0nDrcXmMlR6jlBHA= )
www.dnssex.nl. 1800 IN CNAME a.dnssex.nl.
1800 RRSIG CNAME 8 3 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
Omv42q/uVvdNsWQoSrQ6m6w6U7r7Abga7uF4
25b3gZlse0C+WyMyGFMGUbapQm7azvBpreeo
uKJHjzd+ufoG+Oul6vU9vyoj+ejgHzGLGbJQ
HftfP+UqP5SWvAaipP/LULTWKPuiBcLDLiBI
PGTfsq0DB6R+qCDTV0fNnkgxEBQ= )
14400 NSEC dnssex.nl. CNAME RRSIG NSEC
14400 RRSIG NSEC 8 3 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
TBN3ddfZW+kC84/g3QlNNJMeLZoyCalPQylt
KXXLPGuxfGpl3RYRY8KaHbP+5a8MnHjqjuMB
Lofb7yKMFxpSzMh8E36vnOqry1mvkSakNj9y
9jM8PwDjcpYUwn/ql76MsmNgEV5CLeQ7lyH4
AOrL79yOSQVI3JHJIjKSiz88iSw= )
a.dnssex.nl. 1800 IN A 139.162.196.78
1800 RRSIG A 8 3 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
OXHpFj9nSpKi5yA/ULH7MOpGAWfyJ2yC/2xa
Pw0fqSY4QvcRt+V3adcFA4H9+P1b32GpxEjB
lXmCJID+H4lYkhUR4r4IOZBVtKG2SJEBZXip
pH00UkOIBiXxbGzfX8VL04v2G/YxUgLW57kA
aknaeTOkJsO20Y+8wmR9EtzaRFI= )
1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
1800 RRSIG AAAA 8 3 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
jrepc/VnRzJypnrG0WDEqaAr3HMjWrPxJNX0
86gbFjZG07QxBmrA1rj0jM9YEWTjjyWb2tT7
lQhzKDYX/0XdOVUeeOM4FoSks80V+pWR8fvj
AZ5HmX69g36tLosMDKNR4lXcrpv89QovG4Hr
/r58fxEKEFJqrLDjMo6aOrg+uKA= )
14400 NSEC www.dnssex.nl. A AAAA RRSIG NSEC
14400 RRSIG NSEC 8 3 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
S+UM62wXRNNFN3QDWK5YFWUbHBXC4aqaqinZ
A2ZDeC+IQgyw7vazPz7cLI5T0YXXks0HTMlr
soEjKnnRZsqSO9EuUavPNE1hh11Jjm0fB+5+
+Uro0EmA5Dhgc0Z2VpbXVQEhNDf/pI1gem15
RffN2tBYNykZn4Has2ySgRaaRYQ= )`

10
middleware/file/lookup.go
View File

@@ -44,7 +44,7 @@ func (z *Zone) Lookup(qname string, qtype uint16, do bool) ([]dns.RR, []dns.RR,
glue := []dns.RR{}
for _, ns := range rrs {
if dns.IsSubDomain(ns.Header().Name, ns.(*dns.NS).Ns) {
// even with Do, this should be unsigned.
// Even with Do, this should be unsigned.
elem, res := z.Tree.SearchGlue(ns.(*dns.NS).Ns)
if res == tree.Found {
glue = append(glue, elem.Types(dns.TypeAAAA)...)
@@ -55,21 +55,22 @@ func (z *Zone) Lookup(qname string, qtype uint16, do bool) ([]dns.RR, []dns.RR,
return nil, rrs, glue, Delegation
}
rrs := elem.Types(dns.TypeCNAME)
rrs := elem.Types(dns.TypeCNAME, qname)
if len(rrs) > 0 { // should only ever be 1 actually; TODO(miek) check for this?
return z.lookupCNAME(rrs, qtype, do)
}
rrs = elem.Types(qtype)
rrs = elem.Types(qtype, qname)
if len(rrs) == 0 {
return z.noData(elem, do)
}
if do {
sigs := elem.Types(dns.TypeRRSIG)
sigs := elem.Types(dns.TypeRRSIG, qname)
sigs = signatureForSubType(sigs, qtype)
rrs = append(rrs, sigs...)
}
return rrs, nil, nil, Success
}
@@ -156,6 +157,7 @@ func (z *Zone) lookupCNAME(rrs []dns.RR, qtype uint16, do bool) ([]dns.RR, []dns
if elem == nil {
return rrs, nil, nil, Success
}
targets := cnameForType(elem.All(), qtype)
if do {
sigs := elem.Types(dns.TypeRRSIG)

37
middleware/file/tree/elem.go
View File

@@ -4,7 +4,8 @@ import "github.com/miekg/dns"
// Elem is an element in the tree.
type Elem struct {
m map[uint16][]dns.RR
m map[uint16][]dns.RR
name string // owner name
}
// newElem returns a new elem.
@@ -14,13 +15,20 @@ func newElem(rr dns.RR) *Elem {
return &e
}
// Types returns the RRs with type qtype from e.
func (e *Elem) Types(qtype uint16) []dns.RR {
if rrs, ok := e.m[qtype]; ok {
return rrs
// Types returns the RRs with type qtype from e. If qname is given (only the
// first one is used), the RR are copied and the owner is replaced with qname[0].
func (e *Elem) Types(qtype uint16, qname ...string) []dns.RR {
rrs := e.m[qtype]
if rrs != nil && len(qname) > 0 {
copied := make([]dns.RR, len(rrs))
for i := range rrs {
copied[i] = dns.Copy(rrs[i])
copied[i].Header().Name = qname[0]
}
return copied
}
// nodata
return nil
return rrs
}
// All returns all RRs from e, regardless of type.
@@ -34,12 +42,25 @@ func (e *Elem) All() []dns.RR {
// Name returns the name for this node.
func (e *Elem) Name() string {
if e.name != "" {
return e.name
}
for _, rrs := range e.m {
return rrs[0].Header().Name
e.name = rrs[0].Header().Name
return e.name
}
return ""
}
// Wildcard returns true if this name starts with a wildcard label (*.)
func (e *Elem) IsWildcard() bool {
n := e.Name()
if len(n) < 2 {
return false
}
return n[0] == '*' && n[1] == '.'
}
// Insert inserts rr into e. If rr is equal to existing rrs this is a noop.
func (e *Elem) Insert(rr dns.RR) {
t := rr.Header().Rrtype

19
middleware/file/tree/tree.go
View File

@@ -179,12 +179,22 @@ func (t *Tree) SearchGlue(qname string) (*Elem, Result) {
}
// search searches the tree for qname and type. If glue is true the search *does* not
// spot when hitting NS records, but descends in search of glue. The qtype for this
// stop when hitting NS records, but descends in search of glue. The qtype for this
// kind of search can only be AAAA or A.
func (n *Node) search(qname string, qtype uint16, glue bool) (*Node, Result) {
old := n
var wild *Node
for n != nil {
// Is this a wildcard that applies to us
if n.Elem.IsWildcard() {
if dns.IsSubDomain(n.Elem.Name()[2:], qname) {
wild = n
}
}
switch c := Less(n.Elem, qname); {
case c == 0:
return n, Found
@@ -200,6 +210,13 @@ func (n *Node) search(qname string, qtype uint16, glue bool) (*Node, Result) {
n = n.Right
}
}
// If we have seen a wildcard "on-the-way-to-here", we should return this wildcard
// instead. This is to be able to have a more specific RR defined *under* the wildcard.
if wild != nil {
return wild, Found
}
if dns.CountLabel(qname) < dns.CountLabel(old.Elem.Name()) {
return n, EmptyNonTerminal
}

266
middleware/file/wildcard_test.go
View File

@@ -19,6 +19,12 @@ var wildcardTestCases = []test.Case{
test.TXT(`wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
},
{
Qname: "a.wild.dnssex.nl.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`a.wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
},
{
Qname: "wild.dnssex.nl.", Qtype: dns.TypeTXT, Do: true,
Answer: []dns.RR{
@@ -27,22 +33,31 @@ var wildcardTestCases = []test.Case{
},
Extra: []dns.RR{test.OPT(4096, true)},
},
// nodata reponse
/*
{
Qname: "wild.dnssex.nl.", Qtype: dns.TypeSRV,
Answer: []dns.RR{
test.TXT(`wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
{
Qname: "a.wild.dnssex.nl.", Qtype: dns.TypeTXT, Do: true,
Answer: []dns.RR{
test.RRSIG("a.wild.dnssex.nl. 1800 IN RRSIG TXT 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. FUZSTyvZfeuuOpCm"),
test.TXT(`a.wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
{
Qname: "wild.dnssex.nl.", Qtype: dns.TypeSRV, Do: true,
Answer: []dns.RR{
test.RRSIG("wild.dnssex.nl. 1800 IN RRSIG TXT 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. FUZSTyvZfeuuOpCm"),
test.TXT(`wild.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"`),
},
Extra: []dns.RR{test.OPT(4096, true)},
},
// nodata responses
{
Qname: "wild.dnssex.nl.", Qtype: dns.TypeSRV,
Ns: []dns.RR{
test.SOA(`dnssex.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1459281744 14400 3600 604800 14400`),
},
*/
},
{
Qname: "wild.dnssex.nl.", Qtype: dns.TypeSRV, Do: true,
Ns: []dns.RR{
test.NSEC(`*.dnssex.nl. 14400 IN NSEC a.dnssex.nl. TXT RRSIG NSEC`),
test.RRSIG(`*.dnssex.nl. 14400 IN RRSIG NSEC 8 2 14400 20160428190224 20160329190224 14460 dnssex.nl. os6INm6q2eXknD5z8TpfbK00uxVbQefMvHcR/RNX/kh0xXvzAaaDOV+Ge/Ko+2dXnKP+J1LYG9ffXNpdbaQy5ygzH5F041GJst4566GdG/jt7Z7vLHYxEBTpZfxo+PLsXQXH3VTemZyuWyDfqJzafXJVH1F0nDrcXmMlR6jlBHA=`),
test.RRSIG(`dnssex.nl. 1800 IN RRSIG SOA 8 2 1800 20160428190224 20160329190224 14460 dnssex.nl. CA/Y3m9hCOiKC/8ieSOv8SeP964BUdG/8MC3WtKljUosK9Z9bBGrVizDjjqgq++lyH8BZJcTaabAsERs4xj5PRtcxicwQXZACX5VYjXHQeZmCyytFU5wq2gcXSmvUH86zZzftx3RGPvn1aOoTlcvoC3iF8fYUCpROlUS0YR8Cdw=`),
test.SOA(`dnssex.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. 1459281744 14400 3600 604800 14400`),
},
Extra: []dns.RR{test.OPT(4096, true)},
},
}
func TestLookupWildcard(t *testing.T) {
@@ -85,146 +100,83 @@ func TestLookupWildcard(t *testing.T) {
}
}
const dbDnssexNLSigned = `
; File written on Tue Mar 29 21:02:24 2016
; dnssec_signzone version 9.10.3-P4-Ubuntu
dnssex.nl. 1800 IN SOA linode.atoom.net. miek.miek.nl. (
1459281744 ; serial
14400 ; refresh (4 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
14400 ; minimum (4 hours)
)
1800 RRSIG SOA 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
CA/Y3m9hCOiKC/8ieSOv8SeP964BUdG/8MC3
WtKljUosK9Z9bBGrVizDjjqgq++lyH8BZJcT
aabAsERs4xj5PRtcxicwQXZACX5VYjXHQeZm
CyytFU5wq2gcXSmvUH86zZzftx3RGPvn1aOo
TlcvoC3iF8fYUCpROlUS0YR8Cdw= )
1800 NS omval.tednet.nl.
1800 NS linode.atoom.net.
1800 NS ns-ext.nlnetlabs.nl.
1800 RRSIG NS 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
dLIeEvP86jj5nd3orv9bH7hTvkblF4Na0sbl
k6fJA6ha+FPN1d6Pig3NNEEVQ/+wlOp/JTs2
v07L7roEEUCbBprI8gMSld2gFDwNLW3DAB4M
WD/oayYdAnumekcLzhgvWixTABjWAGRTGQsP
sVDFXsGMf9TGGC9FEomgkCVeNC0= )
1800 A 139.162.196.78
1800 RRSIG A 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
LKJKLzPiSEDWOLAag2YpfD5EJCuDcEAJu+FZ
Xy+4VyOv9YvRHCTL4vbrevOo5+XymY2RxU1q
j+6leR/Fe7nlreSj2wzAAk2bIYn4m6r7hqeO
aKZsUFfpX8cNcFtGEywfHndCPELbRxFeEziP
utqHFLPNMX5nYCpS28w4oJ5sAnM= )
1800 TXT "Doing It Safe Is Better"
1800 RRSIG TXT 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
f6S+DUfJK1UYdOb3AHgUXzFTTtu+yLp/Fv7S
Hv0CAGhXAVw+nBbK719igFvBtObS33WKwzxD
1pQNMaJcS6zeevtD+4PKB1KDC4fyJffeEZT6
E30jGR8Y29/xA+Fa4lqDNnj9zP3b8TiABCle
ascY5abkgWCALLocFAzFJQ/27YQ= )
1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
1800 RRSIG AAAA 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
PWcPSawEUBAfCuv0liEOQ8RYe7tfNW4rubIJ
LE+dbrub1DUer3cWrDoCYFtOufvcbkYJQ2CQ
AGjJmAQ5J2aqYDOPMrKa615V0KT3ifbZJcGC
gkIic4U/EXjaQpRoLdDzR9MyVXOmbA6sKYzj
ju1cNkLqM8D7Uunjl4pIr6rdSFo= )
14400 NSEC *.dnssex.nl. A NS SOA TXT AAAA RRSIG NSEC DNSKEY
14400 RRSIG NSEC 8 2 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
oIvM6JZIlNc1aNKGTxv58ApSnDr1nDPPgnD9
9oJZRIn7eb5WnpeDz2H3z5+x6Bhlp5hJJaUp
KJ3Ss6Jg/IDnrmIvKmgq6L6gHj1Y1IiHmmU8
VeZTRzdTsDx/27OsN23roIvsytjveNSEMfIm
iLZ23x5kg1kBdJ9p3xjYHm5lR+8= )
1800 DNSKEY 256 3 8 (
AwEAAazSO6uvLPEVknDA8yxjFe8nnAMU7txp
wb19k55hQ81WV3G4bpBM1NdN6sbYHrkXaTNx
2bQWAkvX6pz0XFx3z/MPhW+vkakIWFYpyQ7R
AT5LIJfToVfiCDiyhhF0zVobKBInO9eoGjd9
BAW3TUt+LmNAO/Ak5D5BX7R3CuA7v9k7
) ; ZSK; alg = RSASHA256; key id = 14460
1800 DNSKEY 257 3 8 (
AwEAAbyeaV9zg0IqdtgYoqK5jJ239anzwG2i
gvH1DxSazLyaoNvEkCIvPgMLW/JWfy7Z1mQp
SMy9DtzL5pzRyQgw7kIeXLbi6jufUFd9pxN+
xnzKLf9mY5AcnGToTrbSL+jnMT67wG+c34+Q
PeVfucHNUePBxsbz2+4xbXiViSQyCQGv
) ; KSK; alg = RSASHA256; key id = 18772
1800 RRSIG DNSKEY 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
cFSFtJE+DBGNxb52AweFaVHBe5Ue5MDpqNdC
TIneUnEhP2m+vK4zJ/TraK0WdQFpsX63pod8
PZ9y03vHUfewivyonCCBD3DcNdoU9subhN22
tez9Ct8Z5/9E4RAz7orXal4M1VUEhRcXSEH8
SJW20mfVsqJAiKqqNeGB/pAj23I= )
1800 RRSIG DNSKEY 8 2 1800 (
20160428190224 20160329190224 18772 dnssex.nl.
oiiwo/7NYacePqohEp50261elhm6Dieh4j2S
VZGAHU5gqLIQeW9CxKJKtSCkBVgUo4cvO4Rn
2tzArAuclDvBrMXRIoct8u7f96moeFE+x5FI
DYqICiV6k449ljj9o4t/5G7q2CRsEfxZKpTI
A/L0+uDk0RwVVzL45+TnilcsmZs= )
*.dnssex.nl. 1800 IN TXT "Doing It Safe Is Better"
1800 RRSIG TXT 8 2 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
FUZSTyvZfeuuOpCmNzVKOfITRHJ6/ygjmnnb
XGBxVUyQjoLuYXwD5XqZWGw4iKH6QeSDfGCx
4MPqA4qQmW7Wwth7mat9yMfA4+p2sO84bysl
7/BG9+W2G+q1uQiM9bX9V42P2X/XuW5Y/t9Y
8u1sljQ7D8WwS6naH/vbaJxnDBw= )
14400 NSEC a.dnssex.nl. TXT RRSIG NSEC
14400 RRSIG NSEC 8 2 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
os6INm6q2eXknD5z8TpfbK00uxVbQefMvHcR
/RNX/kh0xXvzAaaDOV+Ge/Ko+2dXnKP+J1LY
G9ffXNpdbaQy5ygzH5F041GJst4566GdG/jt
7Z7vLHYxEBTpZfxo+PLsXQXH3VTemZyuWyDf
qJzafXJVH1F0nDrcXmMlR6jlBHA= )
www.dnssex.nl. 1800 IN CNAME a.dnssex.nl.
1800 RRSIG CNAME 8 3 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
Omv42q/uVvdNsWQoSrQ6m6w6U7r7Abga7uF4
25b3gZlse0C+WyMyGFMGUbapQm7azvBpreeo
uKJHjzd+ufoG+Oul6vU9vyoj+ejgHzGLGbJQ
HftfP+UqP5SWvAaipP/LULTWKPuiBcLDLiBI
PGTfsq0DB6R+qCDTV0fNnkgxEBQ= )
14400 NSEC dnssex.nl. CNAME RRSIG NSEC
14400 RRSIG NSEC 8 3 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
TBN3ddfZW+kC84/g3QlNNJMeLZoyCalPQylt
KXXLPGuxfGpl3RYRY8KaHbP+5a8MnHjqjuMB
Lofb7yKMFxpSzMh8E36vnOqry1mvkSakNj9y
9jM8PwDjcpYUwn/ql76MsmNgEV5CLeQ7lyH4
AOrL79yOSQVI3JHJIjKSiz88iSw= )
a.dnssex.nl. 1800 IN A 139.162.196.78
1800 RRSIG A 8 3 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
OXHpFj9nSpKi5yA/ULH7MOpGAWfyJ2yC/2xa
Pw0fqSY4QvcRt+V3adcFA4H9+P1b32GpxEjB
lXmCJID+H4lYkhUR4r4IOZBVtKG2SJEBZXip
pH00UkOIBiXxbGzfX8VL04v2G/YxUgLW57kA
aknaeTOkJsO20Y+8wmR9EtzaRFI= )
1800 AAAA 2a01:7e00::f03c:91ff:fef1:6735
1800 RRSIG AAAA 8 3 1800 (
20160428190224 20160329190224 14460 dnssex.nl.
jrepc/VnRzJypnrG0WDEqaAr3HMjWrPxJNX0
86gbFjZG07QxBmrA1rj0jM9YEWTjjyWb2tT7
lQhzKDYX/0XdOVUeeOM4FoSks80V+pWR8fvj
AZ5HmX69g36tLosMDKNR4lXcrpv89QovG4Hr
/r58fxEKEFJqrLDjMo6aOrg+uKA= )
14400 NSEC www.dnssex.nl. A AAAA RRSIG NSEC
14400 RRSIG NSEC 8 3 14400 (
20160428190224 20160329190224 14460 dnssex.nl.
S+UM62wXRNNFN3QDWK5YFWUbHBXC4aqaqinZ
A2ZDeC+IQgyw7vazPz7cLI5T0YXXks0HTMlr
soEjKnnRZsqSO9EuUavPNE1hh11Jjm0fB+5+
+Uro0EmA5Dhgc0Z2VpbXVQEhNDf/pI1gem15
RffN2tBYNykZn4Has2ySgRaaRYQ= )`
var wildcardDoubleTestCases = []test.Case{
{
Qname: "wild.w.example.org.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`wild.w.example.org. IN TXT "Wildcard"`),
},
},
{
Qname: "wild.c.example.org.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`wild.c.example.org. IN TXT "c Wildcard"`),
},
},
{
Qname: "wild.d.example.org.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`alias.example.org. IN TXT "Wildcard CNAME expansion"`),
test.CNAME(`wild.d.example.org. IN CNAME alias.example.org`),
},
},
{
Qname: "alias.example.org.", Qtype: dns.TypeTXT,
Answer: []dns.RR{
test.TXT(`alias.example.org. IN TXT "Wildcard CNAME expansion"`),
},
},
}
func TestLookupDoubleWildcard(t *testing.T) {
zone, err := Parse(strings.NewReader(exampleOrg), "example.org.", "stdin")
if err != nil {
t.Fatalf("expect no error when reading zone, got %q", err)
}
fm := File{Next: test.ErrorHandler(), Zones: Zones{Z: map[string]*Zone{"example.org.": zone}, Names: []string{"example.org."}}}
ctx := context.TODO()
for _, tc := range wildcardDoubleTestCases {
m := tc.Msg()
rec := dnsrecorder.New(&test.ResponseWriter{})
_, err := fm.ServeDNS(ctx, rec, m)
if err != nil {
t.Errorf("expected no error, got %v\n", err)
return
}
resp := rec.Msg
sort.Sort(test.RRSet(resp.Answer))
sort.Sort(test.RRSet(resp.Ns))
sort.Sort(test.RRSet(resp.Extra))
if !test.Header(t, tc, resp) {
t.Logf("%v\n", resp)
continue
}
if !test.Section(t, tc, test.Answer, resp.Answer) {
t.Logf("%v\n", resp)
}
if !test.Section(t, tc, test.Ns, resp.Ns) {
t.Logf("%v\n", resp)
}
if !test.Section(t, tc, test.Extra, resp.Extra) {
t.Logf("%v\n", resp)
}
}
}
const exampleOrg = `; example.org test file
example.org. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
example.org. IN NS b.iana-servers.net.
example.org. IN NS a.iana-servers.net.
example.org. IN A 127.0.0.1
example.org. IN A 127.0.0.2
*.w.example.org. IN TXT "Wildcard"
a.b.c.w.example.org. IN TXT "Not a wildcard"
*.c.example.org. IN TXT "c Wildcard"
*.d.example.org. IN CNAME alias.example.org.
alias.example.org. IN TXT "Wildcard CNAME expansion"
`