- Added unit test for QNAME minimisation + harden below nxdomain

synergy.


git-svn-id: file:///svn/unbound/trunk@3933 be551aaa-1e26-0410-a405-d3ace91eadb9

doc/Changelog

@@ -5,6 +5,8 @@
 	  subdomain of the NSEC owner.
 	- QNAME minimisation uses QTYPE=A, therefore always check cache for
 	  this type in harden-below-nxdomain functionality.
+	- Added unit test for QNAME minimisation + harden below nxdomain
+	  synergy.
 
 22 November 2016: Wouter
 	- iana portlist update.

testdata/stop_nxdomain_minimised.rpl

@@ -0,0 +1,110 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	harden-below-nxdomain: yes
+	qname-minimisation: yes
+	trust-anchor: ". IN DNSKEY 257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3"
+	val-override-date: "20070916134226"
+
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129 	# K.ROOT-SERVERS.NET.
+stub-zone:
+	name: "anotherexample.local."
+	stub-addr: 10.20.30.40
+CONFIG_END
+
+SCENARIO_BEGIN Test stop cache search on nxdomain for QNAME minimised query
+
+; K.ROOT-SERVERS.NET.
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129 
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS	K.ROOT-SERVERS.NET.
+SECTION ADDITIONAL
+K.ROOT-SERVERS.NET.	IN	A	193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR NOERROR
+SECTION QUESTION
+. IN DNSKEY
+SECTION ANSWER
+.	3600	IN	DNSKEY	257 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30900 (ksk), size = 512b}
+.	3600	IN	RRSIG	DNSKEY 5 0 3600 20070926134150 20070829134150 30900 . BlVcSh8xSgm7ne+XVCJwNHQKjk5kTJgG4Fa3sOSfp3YUjb2YclmVWyIw7XEHl0/C6CN5gdy18idnM6vT6Hy42A== ;{id = 30900}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NXDOMAIN
+SECTION QUESTION
+local. IN A
+SECTION AUTHORITY
+.	86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
+.	86400	IN	RRSIG	SOA 5 0 86400 20070926134150 20070829134150 30900 . bOYbFZZp7vWWC2oxV+kph+YXjoQj2f6QJktlgmzRI7oReFX9jy/LibTPQi/sW0SGHpLaj3G5p4IfIlBibne4DA== ;{id = 30900}
+.	86400	IN	NSEC	ac. NS SOA RRSIG NSEC DNSKEY 
+.	86400	IN	RRSIG	NSEC 5 0 86400 20070926134150 20070829134150 30900 . U+/m5+FmczzkosEx1aTP7MK/F3PpcKWct8CzM1jhjwNe2RlnW7qFe0IH8SLzD/elvxDTQMpJSMlKOhUUdapB8g== ;{id = 30900}
+lk.	86400	IN	NSEC	lr. NS DS RRSIG NSEC 
+lk.	86400	IN	RRSIG	NSEC 5 1 86400 20070926134150 20070829134150 30900 . j6Pw5Eu9vGHDJcckTSWa8YD1b7FV7c/Z8aVkLfJCH+iPcaa40/LSp784+t2PnAAXL8fgriNL6jF/ve1rti3ANQ== ;{id = 30900}
+ENTRY_END
+RANGE_END
+
+RANGE_BEGIN 0 100
+	ADDRESS 10.20.30.40
+ENTRY_BEGIN
+MATCH opcode qtype qname
+ADJUST copy_id
+REPLY QR AA NOERROR
+SECTION QUESTION
+anotherexample.local. IN TXT
+SECTION ANSWER
+anotherexample.local.	86400	IN	TXT	"should not resolve this"
+ENTRY_END
+RANGE_END
+
+STEP 1 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+example.local. IN TXT
+ENTRY_END
+
+; recursion happens here.
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+example.local. IN TXT
+SECTION AUTHORITY
+.	86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
+ENTRY_END
+
+STEP 20 QUERY
+ENTRY_BEGIN
+REPLY RD
+SECTION QUESTION
+anotherexample.local. IN TXT
+ENTRY_END
+
+; query should be answered using NXDOMAIN for local in cache
+STEP 30 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RD RA NXDOMAIN
+SECTION QUESTION
+anotherexample.local. IN TXT
+SECTION AUTHORITY
+.	86400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2010111601 1800 900 604800 86400
+ENTRY_END
+
+SCENARIO_END