diff --git a/src/knot/nameserver/internet.c b/src/knot/nameserver/internet.c
index 527d35e04c2e41c88a31c8d30af7510803ea5b78..407c97f1e65527966af621afd979a913041a683f 100644
--- a/src/knot/nameserver/internet.c
+++ b/src/knot/nameserver/internet.c
@@ -30,12 +30,6 @@
#include "contrib/mempattern.h"
#include "contrib/sockaddr.h"
-/*! \brief Kind of additional record. */
-enum additional_kind {
- ADDITIONAL_OPTIONAL = 0,
- ADDITIONAL_MANDATORY,
-};
-
/*! \brief Check if given node was already visited. */
static int wildcard_has_visited(struct query_data *qdata, const zone_node_t *node)
{
@@ -281,47 +275,40 @@ static int put_delegation(knot_pkt_t *pkt, struct query_data *qdata)
/*! \brief Put additional records for given RR. */
static int put_additional(knot_pkt_t *pkt, const knot_rrset_t *rr,
- struct query_data *qdata, knot_rrinfo_t *info,
- int state, enum additional_kind kind)
+ struct query_data *qdata, knot_rrinfo_t *info, int state)
{
+ if (rr->additional == NULL) {
+ return KNOT_EOK;
+ }
+
/* Valid types for ADDITIONALS insertion. */
/* \note Not resolving CNAMEs as MX/NS name must not be an alias. (RFC2181/10.3) */
- static const uint16_t ar_type_list[] = {KNOT_RRTYPE_A, KNOT_RRTYPE_AAAA};
+ static const uint16_t ar_type_list[] = { KNOT_RRTYPE_A, KNOT_RRTYPE_AAAA };
static const int ar_type_count = 2;
int ret = KNOT_EOK;
- /* All RRs should have additional node cached or NULL. */
- for (uint16_t i = 0; i < rr->rrs.rr_count; i++) {
- const zone_node_t *node = rr->additional[i];
- if (node == NULL) {
- continue;
- }
+ additional_t *additional = (additional_t *)rr->additional;
- bool is_notauth = (node->flags & (NODE_FLAGS_DELEG | NODE_FLAGS_NONAUTH));
- bool is_glue = is_notauth &&
- state == DELEG && rr->type == KNOT_RRTYPE_NS &&
- knot_dname_in(rr->owner, node->owner);
+ /* Iterate over the additionals. */
+ for (uint16_t i = 0; i < additional->count; i++) {
+ glue_t *glue = &additional->glues[i];
+ uint32_t flags = KNOT_PF_NULL;
- /* Non-authoritative node allowed only as a glue. */
- if (is_notauth && !is_glue) {
- continue;
+ /* Optional glue doesn't cause truncation. (RFC 1034/4.3.2 step 3b). */
+ if (state != DELEG || glue->optional) {
+ flags |= KNOT_PF_NOTRUNC;
}
- /* Glue is required as per RFC 1034 Section 4.3.2 step 3b. */
- if (kind != (is_glue ? ADDITIONAL_MANDATORY : ADDITIONAL_OPTIONAL)) {
- continue;
- }
-
- uint32_t flags = KNOT_PF_CHECKDUP | (is_glue ? 0 : KNOT_PF_NOTRUNC);
- uint16_t hint = knot_pkt_compr_hint(info, KNOT_COMPR_HINT_RDATA + i);
- knot_rrset_t rrsigs = node_rrset(node, KNOT_RRTYPE_RRSIG);
+ uint16_t hint = knot_pkt_compr_hint(info, KNOT_COMPR_HINT_RDATA +
+ glue->ns_pos);
+ knot_rrset_t rrsigs = node_rrset(glue->node, KNOT_RRTYPE_RRSIG);
for (int k = 0; k < ar_type_count; ++k) {
- knot_rrset_t additional = node_rrset(node, ar_type_list[k]);
- if (knot_rrset_empty(&additional)) {
+ knot_rrset_t rrset = node_rrset(glue->node, ar_type_list[k]);
+ if (knot_rrset_empty(&rrset)) {
continue;
}
- ret = ns_put_rr(pkt, &additional, &rrsigs, hint, flags, qdata);
+ ret = ns_put_rr(pkt, &rrset, &rrsigs, hint, flags, qdata);
if (ret != KNOT_EOK) {
break;
}
@@ -609,47 +596,28 @@ static int solve_authority_dnssec(int state, knot_pkt_t *pkt, struct query_data
}
}
-static int solve_additional_kind(int state, knot_pkt_t *pkt, struct query_data *qdata,
- enum additional_kind kind)
+static int solve_additional(int state, knot_pkt_t *pkt, struct query_data *qdata,
+ void *ctx)
{
int ret = KNOT_EOK;
- /* Only glue can be mandatory. */
- if (kind == ADDITIONAL_MANDATORY && state != DELEG) {
- return ret;
- }
-
/* Scan all RRs in ANSWER/AUTHORITY. */
for (uint16_t i = 0; i < pkt->rrset_count; ++i) {
knot_rrset_t *rr = &pkt->rr[i];
knot_rrinfo_t *info = &pkt->rr_info[i];
/* Skip types for which it doesn't apply. */
- if (!knot_rrtype_additional_needed(pkt->rr[i].type)) {
+ if (!knot_rrtype_additional_needed(rr->type)) {
continue;
}
/* Put additional records for given type. */
- ret = put_additional(pkt, rr, qdata, info, state, kind);
+ ret = put_additional(pkt, rr, qdata, info, state);
if (ret != KNOT_EOK) {
break;
}
}
- return ret;
-}
-
-static int solve_additional(int state, knot_pkt_t *pkt,
- struct query_data *qdata, void *ctx)
-{
- int ret = KNOT_EOK;
-
- /* First mandatory, then optional. */
- ret = solve_additional_kind(state, pkt, qdata, ADDITIONAL_MANDATORY);
- if (ret == KNOT_EOK) {
- ret = solve_additional_kind(state, pkt, qdata, ADDITIONAL_OPTIONAL);
- }
-
/* Evaluate final state. */
switch (ret) {
case KNOT_EOK: return state; /* Keep current state. */
diff --git a/src/knot/updates/apply.c b/src/knot/updates/apply.c
index 9101a5326959b23f25b775c6fabf22a01a60da9c..71bc540f4e6f5881dd3483957eea6de756a139ec 100644
--- a/src/knot/updates/apply.c
+++ b/src/knot/updates/apply.c
@@ -51,10 +51,8 @@ static int free_additional(zone_node_t **node, void *data)
for (uint16_t i = 0; i < (*node)->rrset_count; ++i) {
struct rr_data *data = &(*node)->rrs[i];
- if (data->additional) {
- free(data->additional);
- data->additional = NULL;
- }
+ additional_clear(data->additional);
+ data->additional = NULL;
}
return KNOT_EOK;
diff --git a/src/knot/zone/contents.c b/src/knot/zone/contents.c
index 3343db9c88d4e945c9455ee144a3f1bd2605a492..45d9fa7eb682ad468f6601ea4d294c2d492bbcac 100644
--- a/src/knot/zone/contents.c
+++ b/src/knot/zone/contents.c
@@ -114,22 +114,23 @@ static int create_nsec3_name(const zone_contents_t *zone,
}
/*! \brief Link pointers to additional nodes for this RRSet. */
-static int discover_additionals(struct rr_data *rr_data, zone_contents_t *zone)
+static int discover_additionals(const knot_dname_t *owner, struct rr_data *rr_data,
+ zone_contents_t *zone)
{
assert(rr_data != NULL);
- const knot_rdataset_t *rrs = &rr_data->rrs;
+ /* Drop possible previous additional nodes. */
+ additional_clear(rr_data->additional);
- /* Create new additional nodes. */
+ const knot_rdataset_t *rrs = &rr_data->rrs;
uint16_t rdcount = rrs->rr_count;
- if (rr_data->additional) {
- free(rr_data->additional);
- }
- rr_data->additional = malloc(rdcount * sizeof(zone_node_t *));
- if (rr_data->additional == NULL) {
- return KNOT_ENOMEM;
- }
+ uint16_t mandatory_count = 0;
+ uint16_t others_count = 0;
+ glue_t mandatory[rdcount];
+ glue_t others[rdcount];
+
+ /* Scan new additional nodes. */
for (uint16_t i = 0; i < rdcount; i++) {
const knot_dname_t *dname = knot_rdata_name(rrs, i, rr_data->type);
const zone_node_t *node = NULL, *encloser = NULL, *prev = NULL;
@@ -143,7 +144,44 @@ static int discover_additionals(struct rr_data *rr_data, zone_contents_t *zone)
assert(node != NULL);
}
- rr_data->additional[i] = (zone_node_t *)node;
+ if (node == NULL) {
+ continue;
+ }
+
+ glue_t *glue;
+ if ((node->flags & (NODE_FLAGS_DELEG | NODE_FLAGS_NONAUTH)) &&
+ rr_data->type == KNOT_RRTYPE_NS &&
+ knot_dname_in(owner, node->owner)) {
+ glue = &mandatory[mandatory_count++];
+ glue->optional = false;
+ } else {
+ glue = &others[others_count++];
+ glue->optional = true;
+ }
+ glue->node = node;
+ glue->ns_pos = i;
+ }
+
+ /* Store sorted additionals by the type, mandatory first. */
+ size_t total_count = mandatory_count + others_count;
+ if (total_count > 0) {
+ rr_data->additional = malloc(sizeof(additional_t));
+ if (rr_data->additional == NULL) {
+ return KNOT_ENOMEM;
+ }
+ rr_data->additional->count = total_count;
+
+ size_t size = total_count * sizeof(glue_t);
+ rr_data->additional->glues = malloc(size);
+ if (rr_data->additional->glues == NULL) {
+ free(rr_data->additional);
+ return KNOT_ENOMEM;
+ }
+
+ size_t mandatory_size = mandatory_count * sizeof(glue_t);
+ memcpy(rr_data->additional->glues, mandatory, mandatory_size);
+ memcpy(rr_data->additional->glues + mandatory_count, others,
+ size - mandatory_size);
}
return KNOT_EOK;
@@ -305,7 +343,7 @@ static int adjust_additional(zone_node_t **tnode, void *data)
for(uint16_t i = 0; i < node->rrset_count; ++i) {
struct rr_data *rr_data = &node->rrs[i];
if (knot_rrtype_additional_needed(rr_data->type)) {
- int ret = discover_additionals(rr_data, args->zone);
+ int ret = discover_additionals(node->owner, rr_data, args->zone);
if (ret != KNOT_EOK) {
return ret;
}
diff --git a/src/knot/zone/node.c b/src/knot/zone/node.c
index 8fb1b9d3e71e6cb7663b936511c875356494d26b..0fdc16ba8f8152dfade7f3bf664f8580a59a2a4f 100644
--- a/src/knot/zone/node.c
+++ b/src/knot/zone/node.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -19,11 +19,21 @@
#include "libknot/rrtype/rrsig.h"
#include "contrib/mempattern.h"
+void additional_clear(additional_t *additional)
+{
+ if (additional == NULL) {
+ return;
+ }
+
+ free(additional->glues);
+ free(additional);
+}
+
/*! \brief Clears allocated data in RRSet entry. */
static void rr_data_clear(struct rr_data *data, knot_mm_t *mm)
{
knot_rdataset_clear(&data->rrs, mm);
- free(data->additional);
+ additional_clear(data->additional);
}
/*! \brief Clears allocated data in RRSet entry. */
diff --git a/src/knot/zone/node.h b/src/knot/zone/node.h
index 9ed19273efe5318d531465ed526bfe5b4af25454..97df8b1b4e20712963cd3434af723d02a780ebeb 100644
--- a/src/knot/zone/node.h
+++ b/src/knot/zone/node.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -54,11 +54,24 @@ typedef struct zone_node {
uint8_t flags; /*!< \ref node_flags enum. */
} zone_node_t;
+/*!< \brief Glue node context. */
+typedef struct {
+ const zone_node_t *node; /*!< Glue node. */
+ uint16_t ns_pos; /*!< Corresponding NS record position (for compression). */
+ bool optional; /*!< Optional glue indicator. */
+} glue_t;
+
+/*!< \brief Additional data. */
+typedef struct {
+ glue_t *glues; /*!< Glue data. */
+ uint16_t count; /*!< Number of glue nodes. */
+} additional_t;
+
/*!< \brief Structure storing RR data. */
struct rr_data {
- uint16_t type; /*!< \brief RR type of data. */
- knot_rdataset_t rrs; /*!< \brief Data of given type. */
- zone_node_t **additional; /*!< \brief Additional nodes with glues. */
+ uint16_t type; /*!< RR type of data. */
+ knot_rdataset_t rrs; /*!< Data of given type. */
+ additional_t *additional; /*!< Additional nodes with glues. */
};
/*! \brief Flags used to mark nodes with some property. */
@@ -77,6 +90,13 @@ enum node_flags {
NODE_FLAGS_WILDCARD_CHILD = 1 << 4
};
+/*!
+ * \brief Clears additional structure.
+ *
+ * \param additional Additional to clear.
+ */
+void additional_clear(additional_t *additional);
+
/*!
* \brief Creates and initializes new node structure.
*
diff --git a/src/libknot/rrset.h b/src/libknot/rrset.h
index b2d60a498f7bb3cf412d2ba1bd789ce0f67d9c1b..afe3b37b4f3fa4e58e149ca0ea9d5250df577bcd 100644
--- a/src/libknot/rrset.h
+++ b/src/libknot/rrset.h
@@ -42,7 +42,7 @@ struct knot_rrset {
uint16_t rclass; /*!< CLASS of the RRSet. */
knot_rdataset_t rrs; /*!< RRSet's RRs */
/* Optional fields. */
- struct zone_node **additional; /*!< Additional records. */
+ void *additional; /*!< Additional records. */
};
typedef struct knot_rrset knot_rrset_t;
diff --git a/tests-extra/tests/basic/delegation_tc/data/tc.test.zone b/tests-extra/tests/basic/delegation_tc/data/tc.test.zone
index 2b35912fe18c8a057ca47843ca950fa9c83c6e9c..c0d6e9297453165f480a8f02f4402d54fc0b5b00 100644
--- a/tests-extra/tests/basic/delegation_tc/data/tc.test.zone
+++ b/tests-extra/tests/basic/delegation_tc/data/tc.test.zone
@@ -1,5 +1,5 @@
-; File written on Mon Jun 27 16:20:15 2016
-; dnssec_signzone version 9.10.4-P1-RedHat-9.10.4-1.P1.fc24
+; File written on Tue Oct 4 18:49:49 2016
+; dnssec_signzone version 9.10.3-P4-Ubuntu
tc.test. 60 IN SOA tc.test. admin.tc.test. (
1 ; serial
60 ; refresh (1 minute)
@@ -8,61 +8,113 @@ tc.test. 60 IN SOA tc.test. admin.tc.test. (
60 ; minimum (1 minute)
)
60 RRSIG SOA 13 2 60 (
- 20160727132015 20160627132015 64455 tc.test.
- TnjmkPEP/Yy1UuTqzahLYltxhlPmC7zaHqIf
- XixOb1NTA7iRu3CQ8fydn9drzXvFXlZLx8hJ
- RdzmPYf/XXPdDQ== )
+ 20161103154949 20161004154949 43962 tc.test.
+ CdroAlkr6etDRTiUrtK63XwysxIWy8PBh2bK
+ mIhx3h4HFx29bqeyhiUCZZ7AZwvJMRNSb6vW
+ tIn6ctgo9nJB8g== )
+ 60 NS ns.glue.deleg.tc.test.
60 NS tc.test.
+ 60 NS a1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890a.tc.test.
+ 60 NS b1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890b.tc.test.
60 RRSIG NS 13 2 60 (
- 20160727132015 20160627132015 64455 tc.test.
- Ixp5MrVn6puk0DM2G3E0Dv1+Ssqn0w4OLsXm
- L0558mx6XG8e6vjOYab9PMkscYswujF612ET
- Xh5Jv3ielAQwUA== )
- 60 A 0.0.0.0
- 60 RRSIG A 13 2 60 (
- 20160727132015 20160627132015 64455 tc.test.
- lvmzV1EVATXjKdtjdZNykSbz3aG/fMI3UU6Y
- qjs0xY9lO58UjdifCWRIEclcEj492aqKyhHC
- TK00LHCoigTXIg== )
+ 20161103154949 20161004154949 43962 tc.test.
+ tExlMqyl8AGdpN54tLe51urPTOkUWOh3AN/0
+ adMTHB1/5GOESgv8F+cPrZCGghR2uF3G61Gh
+ TWxZ1NI3hM7gMw== )
60 AAAA ::
60 RRSIG AAAA 13 2 60 (
- 20160727132015 20160627132015 64455 tc.test.
- P8e9gYCeih3z3elNnNc0yN9IM42LmsHL+4Gz
- sDvbzTHQ6iry4LHrvGmlJ5A5SvtRMFqRVHzh
- C3RvOZrAR7ZQAw== )
- 60 NSEC foreign.tc.test. A NS SOA AAAA RRSIG NSEC DNSKEY
+ 20161103154949 20161004154949 43962 tc.test.
+ vBNliPGFvWdC9HcPAmftJC6fZmGlC7x2dIWC
+ RL+0U6UVBh+J1AQVI/McHkS/ojj6C/3k/XnI
+ JZhKFfOPm2cahA== )
+ 60 NSEC glue.deleg.tc.test. NS SOA AAAA RRSIG NSEC DNSKEY
60 RRSIG NSEC 13 2 60 (
- 20160727132015 20160627132015 64455 tc.test.
- jbLlXSKDpBmULul32602Xhfeuzksyr9FJQSX
- YUPfwKEn9KhEEIqG2H737Q/IrEQ4wXT8OxOq
- kQldQGuKJzik1w== )
+ 20161103154949 20161004154949 43962 tc.test.
+ 74SOcgcFwHTcR9vVerLexSsusmRb56Ly+WoX
+ ZtxiMNyjIPHPY6FTvJG9PToQZ9RivENeC1F/
+ ysDIpga+TC3XjQ== )
60 DNSKEY 256 3 13 (
- dmTlwBFWofgOnzvUJxiDncJBTVHnZqfdiGUq
- /pspqAlSSbloYVWMUJi/VuaO8IkCoxanvbJO
- 14z1nvPngQEdhg==
- ) ; ZSK; alg = ECDSAP256SHA256 ; key id = 64455
+ SWZimv5X53kJSM9SHXaSp13I3SRPB3VsIATS
+ q6WhFs6xqI/RfWJlSmrHRIyXhnMsgMqzP1hc
+ psZoHx9V6JBdQQ==
+ ) ; ZSK; alg = ECDSAP256SHA256; key id = 43962
60 RRSIG DNSKEY 13 2 60 (
- 20160727132015 20160627132015 64455 tc.test.
- QLuwVg0lv7VhnhSDLrdakw1Z0PnY2BPgqory
- c2zHlw5yqzCIUHD09RcDya4Wcc7MgeVyx8E/
- ofOayYOx5bOJmw== )
+ 20161103154949 20161004154949 43962 tc.test.
+ KWHRVRIP3uXVsGa41jBOAAnTNcrvlSfAiRUp
+ 7boGE4kuONxA8Q0OaNV2gk4VoREadz0lgfni
+ 2D12paWCMtTtOg== )
+ns.glue.deleg.tc.test. 60 IN AAAA ::
ns1.glue.tc.test. 60 IN AAAA ::
ns2.glue.tc.test. 60 IN AAAA ::
ns1.mixed.tc.test. 60 IN AAAA ::
+glue.deleg.tc.test. 60 IN NS unreachable.glue.deleg.tc.test.
+ 60 DS 0 0 0 (
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 000000000000000000000000000000000000
+ 0000000000000000 )
+ 60 RRSIG DS 13 4 60 (
+ 20161103154949 20161004154949 43962 tc.test.
+ hy9jX6erUiHKqIxQ8y19z0nmPPLWkyaDZ8m/
+ q0X/xchcDrvGqc/U0MGLnaaN51jf42hq6X3C
+ H6GeHDvz1OqstQ== )
+ 60 NSEC foreign.tc.test. NS DS RRSIG NSEC
+ 60 RRSIG NSEC 13 4 60 (
+ 20161103154949 20161004154949 43962 tc.test.
+ PNYj39ndR5DQySdXPBrcZG65I1upHgytrjF0
+ 6bScaqcJNEeElS/ig6mwqW35B0oQmwypKsXn
+ am63w/B/RCYccw== )
ns1.tc.test. 60 IN AAAA ::
60 RRSIG AAAA 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- ZgmxeHyHkfjthPOHeXUtVeOU3jgBZgX0bLvi
- ea7jLpBSHW4TTjqw//eLv3He6/aX8GLryGAe
- dMTRQJkTeYF+Cg== )
+ 20161103154949 20161004154949 43962 tc.test.
+ gcVt5GtZ6fb4KaqTFUOXuj5fPaHxTNnl3IK7
+ CjZn6/wesLmE3y5wVQhoudQBzum5a2k5rjru
+ 6Dh7RMUXoIUEow== )
60 NSEC ns2.tc.test. AAAA RRSIG NSEC
60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- NPx5b/hjFJT2xt+CUNQmFHDLF78Ma3VaFZOW
- ynAJ6CxEVhkowziVihK23suEBHpC4BeS+7lD
- CJOFDSPBkuisLA== )
-parent.tc.test. 60 IN NS ns1.tc.test.
- 60 IN NS ns2.tc.test.
+ 20161103154949 20161004154949 43962 tc.test.
+ BAQsRggb/+eQfkp4UXOB3EmcLsv7mmyDS02D
+ PbF+9+PrfH9ls6oXP1wsplZjX+CmegBZLQtZ
+ joPCCJTWRSnxUA== )
+ns2.tc.test. 60 IN AAAA ::
+ 60 RRSIG AAAA 13 3 60 (
+ 20161103154949 20161004154949 43962 tc.test.
+ SfwMuwRAtwAtaOSg8S+IRoQzyQcc7T+CFkSx
+ UOndn2wYeoKvoECryvQlPFO67Sp0xeAOXNYN
+ 6c5b6o9U9U9Xpw== )
+ 60 NSEC parent.tc.test. AAAA RRSIG NSEC
+ 60 RRSIG NSEC 13 3 60 (
+ 20161103154949 20161004154949 43962 tc.test.
+ lgFal01FR1nsoLbZjZk7Dqre5h3ddaaNXUQv
+ 2Qp52aJQjLzolVSxDYFdqThSyeR/hR6R4Qz/
+ SSBTePSsIgSyJA== )
+unreachable.tc.test. 60 IN NS ns1.unreachable.tc.test.
+ 60 IN NS ns2.unreachable.tc.test.
60 DS 0 0 0 (
000000000000000000000000000000000000
000000000000000000000000000000000000
@@ -94,33 +146,21 @@ parent.tc.test. 60 IN NS ns1.tc.test.
000000000000000000000000000000000000
0000000000000000 )
60 RRSIG DS 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- wiwEeDbPOIHnMCOyT5bwiLt/LFvtRSTm4qEK
- B4hnVPNi+vaFum6hzyDeD1Pvk2DBF+GymzMs
- VcvnJ08KpSVZCA== )
- 60 NSEC unreachable.tc.test. NS DS RRSIG NSEC
- 60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- u7l8cLKgpeAV//tkeCuC6gskK9C1ecqHjnSc
- MCKedEcWFDHs1eZZu4Zc/XXBoviTdO0GFSFg
- Qu3ttGHyCl3fMw== )
-ns2.tc.test. 60 IN AAAA ::
- 60 RRSIG AAAA 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- FAt/j5NI/hOMhnXyCYKUMpRLLj+x2NDuWGxI
- Riejg4oFfD/mRyNS3zc+bdxFUg7LkqbGYjog
- F5IEgTZp12kBXQ== )
- 60 NSEC parent.tc.test. AAAA RRSIG NSEC
+ 20161103154949 20161004154949 43962 tc.test.
+ TJci/N50BFgb+j+dY0uIsmWaWoXtZgPvZX9Y
+ 2uvCN2UTT5YgZe7PmvNlpHaf4INR3wPBZTAd
+ NQyo/aSzFDRW6g== )
+ 60 NSEC tc.test. NS DS RRSIG NSEC
60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- WzlI2GOO1V4EReUrB11XAMojvmXlfSETsyKb
- I12crk4J8saxHkWGEDgGdGJKyxUqwTPGzfGt
- umrufGCjG7rQSg== )
-mixed.tc.test. 60 IN NS ns1.glue.tc.test.
+ 20161103154949 20161004154949 43962 tc.test.
+ NctQNuDiG6dDMZMWzgwb3B0CcHm5ymoSIDGf
+ QwGB5Cm3pSuIeYwUmDxIxQ0TsFqvILTObUXj
+ 6L9FpH762qOOzQ== )
+mixed.tc.test. 60 IN NS ns1.tc.test.
+ 60 IN NS ns1.glue.tc.test.
60 IN NS ns1.mixed.tc.test.
- 60 IN NS ns2.mixed.tc.test.
60 IN NS ns1.foreign.
- 60 IN NS ns1.tc.test.
+ 60 IN NS ns2.mixed.tc.test.
60 IN NS mixed.tc.test.
60 AAAA ::
60 DS 0 0 0 (
@@ -154,18 +194,18 @@ mixed.tc.test. 60 IN NS ns1.glue.tc.test.
000000000000000000000000000000000000
0000000000000000 )
60 RRSIG DS 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- EBzF/SidBA4MfNPBYjpySXro2kk7xUbFKMaH
- oEyPhBPBZmWgj90yUAY99ToeXm89d48THrj8
- mQGiuIPQqraTew== )
+ 20161103154949 20161004154949 43962 tc.test.
+ nxQnxKLM0nb8ofj27x+5bRh8rlXJH0CxdyaH
+ sFNUSCZCgDWLWaCHfnVN72DRBBS8fYqsrRYU
+ /w6WMadeAMjFZQ== )
60 NSEC ns1.tc.test. NS DS RRSIG NSEC
60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- VuUqyaNf7AzFOuzxksdXaBMC28gudtTi6ONT
- FYaE7755Lb+CViJOSOvTxjfW203ZZAQDriyu
- +MPy+3SWX2mpLA== )
-unreachable.tc.test. 60 IN NS ns1.unreachable.tc.test.
- 60 IN NS ns2.unreachable.tc.test.
+ 20161103154949 20161004154949 43962 tc.test.
+ sMGpWInz4Nq9FoR2BmV6Rhz7vrFYE9VZ56gU
+ tPokXH6Wq1EkhyHb8pU93L34c3ZmdZq3w3L2
+ Md1d7nbXZB9iLw== )
+foreign.tc.test. 60 IN NS ns1.foreign.
+ 60 IN NS ns2.foreign.
60 DS 0 0 0 (
000000000000000000000000000000000000
000000000000000000000000000000000000
@@ -197,18 +237,18 @@ unreachable.tc.test. 60 IN NS ns1.unreachable.tc.test.
000000000000000000000000000000000000
0000000000000000 )
60 RRSIG DS 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- FcwbELcllvBAwlwdnhbRbvWfIbBG7Zo3dvkR
- leAn9UHxsvX5VTj1PMfyEbF0GCW2G/aypOxk
- W1cWRvh6rbhuEQ== )
- 60 NSEC tc.test. NS DS RRSIG NSEC
+ 20161103154949 20161004154949 43962 tc.test.
+ zA+z/aFaPHYnpL2WqdLtzBeJWG1787K/fM9c
+ 5lx26R2dU+icIgYp8PvF3kR0JCsEaatJ976P
+ E162l20bRl0FmA== )
+ 60 NSEC glue.tc.test. NS DS RRSIG NSEC
60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- 2RuLDamP6L3wxnR8KxMGsBXO9Md5SNb454m6
- h571kM56PSEJUtSCMRN+6d0aw0RHbv1lBAMK
- 5PrSNT79J03hGw== )
-foreign.tc.test. 60 IN NS ns1.foreign.
- 60 IN NS ns2.foreign.
+ 20161103154949 20161004154949 43962 tc.test.
+ 0JIr/XfONM1bfGApeinZ27P0joqQB0pFFtOW
+ qsesrOjzGf6lbcWn6Jj+5w93LO1X2pcaM/10
+ GFcABRrkPIcVuQ== )
+parent.tc.test. 60 IN NS ns1.tc.test.
+ 60 IN NS ns2.tc.test.
60 DS 0 0 0 (
000000000000000000000000000000000000
000000000000000000000000000000000000
@@ -240,16 +280,16 @@ foreign.tc.test. 60 IN NS ns1.foreign.
000000000000000000000000000000000000
0000000000000000 )
60 RRSIG DS 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- qyuZxrODgWdj2TK4mbdCggBu6iW/Yo0Ic6qD
- mRGXmaaD5cLfGi40M0+Rx/ejQAdjdMw9b8/O
- Toxk5SPaoRfkBg== )
- 60 NSEC glue.tc.test. NS DS RRSIG NSEC
+ 20161103154949 20161004154949 43962 tc.test.
+ hGh1MErM/Bzq/5Kyy5+QX0uvJU2KipsOu0OK
+ tkSDGZw6wg3H1kmgngODnWqdZjiF6bAigzNl
+ VtmFW84CGNDH8A== )
+ 60 NSEC unreachable.tc.test. NS DS RRSIG NSEC
60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- 2m9bCBlcybvflAFhMNQ+nWw3BRJy9POCC+X+
- aakp7pVSz4D210zGZpGko4z0B8ycS9zgIT/C
- tWlb9Ti39jLmjg== )
+ 20161103154949 20161004154949 43962 tc.test.
+ 9nz05/2JAHhfGTfST4mQ/7SvKXQisE+VTakO
+ zsq0yV6TCaWAx+jrK/pDm4Ko0wTsDwBBASGn
+ /kZQJ1vJ993VdA== )
glue.tc.test. 60 IN NS ns1.glue.tc.test.
60 IN NS ns2.glue.tc.test.
60 DS 0 0 0 (
@@ -283,13 +323,13 @@ glue.tc.test. 60 IN NS ns1.glue.tc.test.
000000000000000000000000000000000000
0000000000000000 )
60 RRSIG DS 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- +fsRJmG1j6Lmv22PA5Cu6gnKTT945LXfEdX9
- E01YzT/tt2uvCcB6kKMJBa/Z+tYJvimmB0kJ
- XT+/EFWfXy75UA== )
+ 20161103154949 20161004154949 43962 tc.test.
+ WEwidsGXvEcggup1H5cbfAPVnC1ZW1TDFZks
+ h3ZPY3GpBgHZb0/+0o9l0pC6804zxhBfxSMI
+ g4tNd8Ez+8OUbQ== )
60 NSEC mixed.tc.test. NS DS RRSIG NSEC
60 RRSIG NSEC 13 3 60 (
- 20160727132015 20160627132015 64455 tc.test.
- hppa5s62Dqg2iofOsnJ6D9Bc8Gg61Um9vAxb
- P/yGKBKp35m2PJP3iQ9M6WwWUAIiCtxUFCk9
- W01Xe2Y+OcBHAQ== )
+ 20161103154949 20161004154949 43962 tc.test.
+ xT9iBxgZhNMqeyWIQjm1bmiZG0yRU0Z9C2BH
+ gEvl/3vCQoOVlPZRkMvUB8hQideyb8rfwcR4
+ fTtRpkqgK4no4g== )
diff --git a/tests-extra/tests/basic/delegation_tc/data/tc.test.zone.unsigned b/tests-extra/tests/basic/delegation_tc/data/tc.test.zone.unsigned
index b9515a601ec1375ddcbeba1471edec38aee04ee8..2d998f7727aca41ab756fdac331cfb2cc7283e1d 100644
--- a/tests-extra/tests/basic/delegation_tc/data/tc.test.zone.unsigned
+++ b/tests-extra/tests/basic/delegation_tc/data/tc.test.zone.unsigned
@@ -2,10 +2,19 @@ $ORIGIN tc.test.
$TTL 60
@ SOA @ admin 1 60 60 1800 60
+
+; local name servers
NS @
- A 0.0.0.0
+ NS a1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890a
+ NS b1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890123456789.1234567890123456789012345678901234567890b
AAAA ::
+; foreign name server
+ NS ns.glue.deleg
+ns.glue.deleg AAAA ::
+glue.deleg DS 0 0 0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
+glue.deleg NS unreachable.glue.deleg
+
; delegation with glue
glue DS 0 0 0 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
glue NS ns1.glue
diff --git a/tests-extra/tests/basic/delegation_tc/test.py b/tests-extra/tests/basic/delegation_tc/test.py
index 877eb2a937460a3bd40c5238c6c8010195e39c12..4b4e7dc23e8fbce230822d0b1b43d7dd93b00a1e 100644
--- a/tests-extra/tests/basic/delegation_tc/test.py
+++ b/tests-extra/tests/basic/delegation_tc/test.py
@@ -13,19 +13,21 @@ t.link(zone, knot)
t.start()
class DelegationTest:
- def __init__(self, name):
+ def __init__(self, name, authoritative=False):
self._name = name
+ self._auth = authoritative
def _get_flags(self, truncated):
- if truncated:
- return ("TC", "AA")
+ if self._auth:
+ return ("AA TC", "") if truncated else ("AA", "TC")
else:
- return ("", "AA TC")
+ return ("TC", "AA") if truncated else ("", "AA TC")
def run(self, bufsize=None, truncated=False, counts=None):
- name = "www.%s" % self._name
+ name = "%s%s" % ("" if self._auth else "www.", self._name)
+ rtype = "NS" if self._auth else "A"
flags, noflags = self._get_flags(truncated)
- resp = knot.dig(name, "A", udp=True, dnssec=True, bufsize=bufsize)
+ resp = knot.dig(name, rtype, udp=True, dnssec=True, bufsize=bufsize)
resp.check(rcode="NOERROR", noflags=noflags, flags=flags)
for section in counts:
for rtype in counts[section]:
@@ -37,6 +39,35 @@ class DelegationTest:
def __exit__(self, exc_type, exc_vaue, traceback):
return False
+# Authoritative answer with glue of foreign name server
+
+with DelegationTest("tc.test", authoritative=True) as test:
+ # incomplete answer, no signature
+ test.run(bufsize=592, truncated=True, counts={
+ "answer": {"NS": 4, "RRSIG": 0},
+ "additional": {"AAAA": 0, "RRSIG": 0}}
+ )
+ # complete answer, no additionals
+ test.run(bufsize=695, truncated=False, counts={
+ "answer": {"NS": 4, "RRSIG": 1},
+ "additional": {"AAAA": 0, "RRSIG": 0}}
+ )
+ # complete answer, one optional additional for foreign name server
+ test.run(bufsize=723, truncated=False, counts={
+ "answer": {"NS": 4, "RRSIG": 1},
+ "additional": {"AAAA": 1, "RRSIG": 0}}
+ )
+ # complete answer, all optional additionals
+ test.run(bufsize=751, truncated=False, counts={
+ "answer": {"NS": 4, "RRSIG": 1},
+ "additional": {"AAAA": 2, "RRSIG": 0}}
+ )
+ # complete answer, all optional additionals with signature
+ test.run(bufsize=2000, truncated=False, counts={
+ "answer": {"NS": 4, "RRSIG": 1},
+ "additional": {"AAAA": 2, "RRSIG": 1}}
+ )
+
# Delegation with glue
with DelegationTest("glue.tc.test") as test:
@@ -61,7 +92,7 @@ with DelegationTest("glue.tc.test") as test:
"additional": {"AAAA": 1, "RRSIG": 0}}
)
# complete delegation, complete glue
- test.run(bufsize=768, truncated=False, counts={
+ test.run(bufsize=2000, truncated=False, counts={
"authority": {"NS": 2, "DS": 1, "RRSIG": 1},
"additional": {"AAAA": 2, "RRSIG": 0}}
)
@@ -80,10 +111,11 @@ with DelegationTest("unreachable.tc.test") as test:
"additional": {"AAAA": 0, "RRSIG": 0}}
)
# complete delegation, no glue available
- test.run(bufsize=719, truncated=False, counts={
+ test.run(bufsize=2000, truncated=False, counts={
"authority": {"NS": 2, "DS": 1, "RRSIG": 1},
"additional": {"AAAA": 0, "RRSIG": 0}}
)
+
# Delegation with foreign name servers
with DelegationTest("foreign.tc.test") as test:
@@ -98,7 +130,7 @@ with DelegationTest("foreign.tc.test") as test:
"additional": {"AAAA": 0, "RRSIG": 0}}
)
# complete delegation, no glue needed
- test.run(bufsize=722, truncated=False, counts={
+ test.run(bufsize=2000, truncated=False, counts={
"authority": {"NS": 2, "DS": 1, "RRSIG": 1},
"additional": {"AAAA": 0, "RRSIG": 0}}
)
@@ -137,7 +169,7 @@ with DelegationTest("parent.tc.test") as test:
"additional": {"AAAA": 2, "RRSIG": 1}}
)
# complete delegation, all optional additionals with signatures
- test.run(bufsize=976, truncated=False, counts={
+ test.run(bufsize=2000, truncated=False, counts={
"authority": {"NS": 2, "DS": 1, "RRSIG": 1},
"additional": {"AAAA": 2, "RRSIG": 2}}
)
@@ -176,9 +208,14 @@ with DelegationTest("mixed.tc.test") as test:
"additional": {"AAAA": 3, "RRSIG": 0}}
)
# complete delegation, full glue, optional
- test.run(bufsize=999, truncated=False, counts={
+ test.run(bufsize=924, truncated=False, counts={
+ "authority": {"NS": 6, "DS": 1, "RRSIG": 1},
+ "additional": {"AAAA": 4, "RRSIG": 0}}
+ )
+ # complete delegation, full glue, optional with signature
+ test.run(bufsize=2000, truncated=False, counts={
"authority": {"NS": 6, "DS": 1, "RRSIG": 1},
- "additional": {"AAAA": 3, "RRSIG": 1}}
+ "additional": {"AAAA": 4, "RRSIG": 1}}
)
t.stop()