"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "test-syncres_cc1.cc" between
pdns-recursor-4.5.5.tar.bz2 and pdns-recursor-4.5.6.tar.bz2

About: PowerDNS - a separate release of the PowerDNS Recursor (without the authoritative nameserver).

test-syncres_cc1.cc  (pdns-recursor-4.5.5.tar.bz2):test-syncres_cc1.cc  (pdns-recursor-4.5.6.tar.bz2)
skipping to change at line 1939 skipping to change at line 1939
BOOST_CHECK(ret[2].d_type == QType::CNAME); BOOST_CHECK(ret[2].d_type == QType::CNAME);
BOOST_CHECK_EQUAL(ret[2].d_name, target); BOOST_CHECK_EQUAL(ret[2].d_name, target);
BOOST_CHECK(ret[3].d_type == QType::A); BOOST_CHECK(ret[3].d_type == QType::A);
BOOST_CHECK_EQUAL(ret[3].d_name, cnameTarget); BOOST_CHECK_EQUAL(ret[3].d_name, cnameTarget);
BOOST_CHECK(ret[4].d_type == QType::RRSIG); BOOST_CHECK(ret[4].d_type == QType::RRSIG);
BOOST_CHECK_EQUAL(ret[4].d_name, cnameTarget); BOOST_CHECK_EQUAL(ret[4].d_name, cnameTarget);
} }
BOOST_AUTO_TEST_CASE(test_dname_plus_ns_dnssec_secure)
{
std::unique_ptr<SyncRes> sr;
initSR(sr, true);
setDNSSECValidation(sr, DNSSECMode::ValidateAll);
primeHints();
const DNSName dnameOwner("powerdns");
const DNSName dnameTarget("example");
const DNSName target("dname.powerdns");
const DNSName cnameTarget("dname.example");
testkeysset_t keys;
auto luaconfsCopy = g_luaconfs.getCopy();
luaconfsCopy.dsAnchors.clear();
generateKeyMaterial(g_rootdnsname, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGES
T_SHA256, keys, luaconfsCopy.dsAnchors);
generateKeyMaterial(dnameTarget, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_
SHA256, keys);
g_luaconfs.setState(luaconfsCopy);
size_t queries = 0;
sr->setAsyncCallback([dnameOwner, dnameTarget, target, cnameTarget, keys, &que
ries](const ComboAddress& ip, const DNSName& domain, int type, bool doTCP, bool
sendRDQuery, int EDNS0Level, struct timeval* now, boost::optional<Netmask>& srcm
ask, boost::optional<const ResolveContext&> context, LWResult* res, bool* chaine
d) {
queries++;
if (type == QType::DS || type == QType::DNSKEY) {
return genericDSAndDNSKEYHandler(res, domain, domain, type, keys, false);
}
if (domain.isPartOf(dnameOwner)) {
setLWResult(res, 0, true, false, true);
addRecordToLW(res, dnameOwner, QType::DNAME, dnameTarget.toString());
addRRSIG(keys, res->d_records, DNSName("."), 300);
addRecordToLW(res, domain, QType::CNAME, cnameTarget.toString()); // CNAME
from a DNAME is not signed
addRecordToLW(res, dnameTarget, QType::NS, "a.gtld-servers.net.", DNSResou
rceRecord::AUTHORITY, 172800);
addDS(dnameTarget, 300, res->d_records, keys);
addRRSIG(keys, res->d_records, DNSName("."), 300);
addRecordToLW(res, "a.gtld-servers.net.", QType::A, "192.0.2.1", DNSResour
ceRecord::ADDITIONAL, 3600);
return LWResult::Result::Success;
}
else if (domain == cnameTarget) {
setLWResult(res, 0, true, false, true);
addRecordToLW(res, domain, QType::A, "192.0.2.42");
addRRSIG(keys, res->d_records, dnameTarget, 300);
return LWResult::Result::Success;
}
return LWResult::Result::Timeout;
});
vector<DNSRecord> ret;
int res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 5U); /* DNAME + RRSIG(DNAME) + CNAME + A + RRS
IG(A) */
BOOST_CHECK_EQUAL(queries, 4U);
BOOST_REQUIRE(ret[0].d_type == QType::DNAME);
BOOST_CHECK(ret[0].d_name == dnameOwner);
BOOST_CHECK_EQUAL(getRR<DNAMERecordContent>(ret[0])->getTarget(), dnameTarget)
;
BOOST_REQUIRE(ret[1].d_type == QType::RRSIG);
BOOST_CHECK_EQUAL(ret[1].d_name, dnameOwner);
BOOST_CHECK(ret[2].d_type == QType::CNAME);
BOOST_CHECK_EQUAL(ret[2].d_name, target);
BOOST_CHECK(ret[3].d_type == QType::A);
BOOST_CHECK_EQUAL(ret[3].d_name, cnameTarget);
BOOST_CHECK(ret[4].d_type == QType::RRSIG);
BOOST_CHECK_EQUAL(ret[4].d_name, cnameTarget);
// And the cache
ret.clear();
res = sr->beginResolve(target, QType(QType::A), QClass::IN, ret);
BOOST_CHECK_EQUAL(res, RCode::NoError);
BOOST_CHECK_EQUAL(sr->getValidationState(), vState::Secure);
BOOST_REQUIRE_EQUAL(ret.size(), 5U); /* DNAME + RRSIG(DNAME) + CNAME + A + RRS
IG(A) */
BOOST_CHECK_EQUAL(queries, 4U);
BOOST_REQUIRE(ret[0].d_type == QType::DNAME);
BOOST_CHECK(ret[0].d_name == dnameOwner);
BOOST_CHECK_EQUAL(getRR<DNAMERecordContent>(ret[0])->getTarget(), dnameTarget)
;
BOOST_CHECK(ret[1].d_type == QType::RRSIG);
BOOST_CHECK_EQUAL(ret[1].d_name, dnameOwner);
BOOST_CHECK(ret[2].d_type == QType::CNAME);
BOOST_CHECK_EQUAL(ret[2].d_name, target);
BOOST_CHECK(ret[3].d_type == QType::A);
BOOST_CHECK_EQUAL(ret[3].d_name, cnameTarget);
BOOST_CHECK(ret[4].d_type == QType::RRSIG);
BOOST_CHECK_EQUAL(ret[4].d_name, cnameTarget);
}
BOOST_AUTO_TEST_CASE(test_dname_dnssec_insecure) BOOST_AUTO_TEST_CASE(test_dname_dnssec_insecure)
{ {
/* /*
* The DNAME itself is signed, but the final A record is not * The DNAME itself is signed, but the final A record is not
*/ */
std::unique_ptr<SyncRes> sr; std::unique_ptr<SyncRes> sr;
initSR(sr, true); initSR(sr, true);
setDNSSECValidation(sr, DNSSECMode::ValidateAll); setDNSSECValidation(sr, DNSSECMode::ValidateAll);
primeHints(); primeHints();
 End of changes. 1 change blocks. 
0 lines changed or deleted 117 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)