nsec3 cover problems (#804)
* nsec3 cover fix * nsec3 cover fix test * nsec3 covered empty intervals * nsec3 another condition * nsec3 empty interval wildcard test * nsec3 empty interval comment
This commit is contained in:
parent
7064f7248f
commit
043a442757
6
nsecx.go
6
nsecx.go
|
@ -63,8 +63,10 @@ func (rr *NSEC3) Cover(name string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
nextHash := rr.NextDomain
|
nextHash := rr.NextDomain
|
||||||
if ownerHash == nextHash { // empty interval
|
|
||||||
return false
|
// if empty interval found, try cover wildcard hashes so nameHash shouldn't match with ownerHash
|
||||||
|
if ownerHash == nextHash && nameHash != ownerHash { // empty interval
|
||||||
|
return true
|
||||||
}
|
}
|
||||||
if ownerHash > nextHash { // end of zone
|
if ownerHash > nextHash { // end of zone
|
||||||
if nameHash > ownerHash { // covered since there is nothing after ownerHash
|
if nameHash > ownerHash { // covered since there is nothing after ownerHash
|
||||||
|
|
|
@ -112,6 +112,18 @@ func TestNsec3(t *testing.T) {
|
||||||
name: "asd.com.",
|
name: "asd.com.",
|
||||||
covers: false,
|
covers: false,
|
||||||
},
|
},
|
||||||
|
{ // empty interval wildcard
|
||||||
|
rr: &NSEC3{
|
||||||
|
Hdr: RR_Header{Name: "2n1tb3vairuobl6rkdvii42n9tfmialp.com."},
|
||||||
|
Hash: 1,
|
||||||
|
Flags: 1,
|
||||||
|
Iterations: 5,
|
||||||
|
Salt: "F10E9F7EA83FC8F3",
|
||||||
|
NextDomain: "2N1TB3VAIRUOBL6RKDVII42N9TFMIALP",
|
||||||
|
},
|
||||||
|
name: "*.asd.com.",
|
||||||
|
covers: true,
|
||||||
|
},
|
||||||
{ // name hash is before owner hash, not covered
|
{ // name hash is before owner hash, not covered
|
||||||
rr: &NSEC3{
|
rr: &NSEC3{
|
||||||
Hdr: RR_Header{Name: "3V62ULR0NRE83V0RJA2VJGTLIF9V6RAB.com."},
|
Hdr: RR_Header{Name: "3V62ULR0NRE83V0RJA2VJGTLIF9V6RAB.com."},
|
||||||
|
|
Loading…
Reference in New Issue