nsec3 cover problems (#804)
* nsec3 cover fix * nsec3 cover fix test * nsec3 covered empty intervals * nsec3 another condition * nsec3 empty interval wildcard test * nsec3 empty interval comment
This commit is contained in:
parent
7064f7248f
commit
043a442757
6
nsecx.go
6
nsecx.go
|
@ -63,8 +63,10 @@ func (rr *NSEC3) Cover(name string) bool {
|
|||
}
|
||||
|
||||
nextHash := rr.NextDomain
|
||||
if ownerHash == nextHash { // empty interval
|
||||
return false
|
||||
|
||||
// if empty interval found, try cover wildcard hashes so nameHash shouldn't match with ownerHash
|
||||
if ownerHash == nextHash && nameHash != ownerHash { // empty interval
|
||||
return true
|
||||
}
|
||||
if ownerHash > nextHash { // end of zone
|
||||
if nameHash > ownerHash { // covered since there is nothing after ownerHash
|
||||
|
|
|
@ -112,6 +112,18 @@ func TestNsec3(t *testing.T) {
|
|||
name: "asd.com.",
|
||||
covers: false,
|
||||
},
|
||||
{ // empty interval wildcard
|
||||
rr: &NSEC3{
|
||||
Hdr: RR_Header{Name: "2n1tb3vairuobl6rkdvii42n9tfmialp.com."},
|
||||
Hash: 1,
|
||||
Flags: 1,
|
||||
Iterations: 5,
|
||||
Salt: "F10E9F7EA83FC8F3",
|
||||
NextDomain: "2N1TB3VAIRUOBL6RKDVII42N9TFMIALP",
|
||||
},
|
||||
name: "*.asd.com.",
|
||||
covers: true,
|
||||
},
|
||||
{ // name hash is before owner hash, not covered
|
||||
rr: &NSEC3{
|
||||
Hdr: RR_Header{Name: "3V62ULR0NRE83V0RJA2VJGTLIF9V6RAB.com."},
|
||||
|
|
Loading…
Reference in New Issue