NS records returned for sub and sub sub domains

This commit is contained in:
AJ ONeal 2017-10-20 11:37:04 -06:00
parent 44f33c999d
commit 2ab424feb6
2 changed files with 76 additions and 39 deletions

View File

@ -33,18 +33,28 @@ Test that A queries for ANAME-enabled records (but no address) recurse (regardle
Generally speaking test the cases of 0, 1, and 2 records of any given type (null case, single case, multi case)
### Variables
```
port=65053
ns=localhost
digcmd="node bin/dig.js"
#digcmd="dig"
# For the sake of accuracy, it's most important to test with the standard unix dig tool
digcmd="dig"
# For the sake of completeness, it's important to test with our very own dig tool
#digcmd="node bin/dig.js"
```
### Run the server
```
# Serve:
node bin/digd.js +norecurse -p $port --input sample/db.json
```
### Manual Tests
```
# Sample Data:
# no A records for out-delegated.example.com
@ -54,15 +64,15 @@ node bin/digd.js +norecurse -p $port --input sample/db.json
# Test:
# should return NS records in AUTHORITY section, nothing else
$digcmd @$ns -p $port A out-delegated.example.com
node bin/dig.js @$ns -p $port ANY out-delegated.example.com
$digcmd @$ns -p $port ANY out-delegated.example.com
# should return SOA records in AUTHORITY section, nothing else
node bin/dig.js @$ns -p $port A in-delegated.example.com
node bin/dig.js @$ns -p $port ANY in-delegated.example.com
$digcmd @$ns -p $port A in-delegated.example.com
$digcmd @$ns -p $port ANY in-delegated.example.com
# should return NS records in ANSWER section, nothing else
node bin/dig.js @$ns -p $port NS out-delegated.example.com
node bin/dig.js @$ns -p $port NS in-delegated.example.com
$digcmd @$ns -p $port NS out-delegated.example.com
$digcmd @$ns -p $port NS in-delegated.example.com
# Sample Data:
@ -71,16 +81,16 @@ node bin/dig.js @$ns -p $port NS in-delegated.example.com
# Test:
# should return records in ANSWER section, nothing else
node bin/dig.js @$ns -p $port A example.com
node bin/dig.js @$ns -p $port AAAA example.com
node bin/dig.js @$ns -p $port MX example.com
node bin/dig.js @$ns -p $port SRV example.com
node bin/dig.js @$ns -p $port TXT example.com
node bin/dig.js @$ns -p $port ANY example.com
$digcmd @$ns -p $port A example.com
$digcmd @$ns -p $port AAAA example.com
$digcmd @$ns -p $port MX example.com
$digcmd @$ns -p $port SRV example.com
$digcmd @$ns -p $port TXT example.com
$digcmd @$ns -p $port ANY example.com
# should return SOA records in AUTHORITY section, nothing else
node bin/dig.js @$ns -p $port A doesntexist.example.com
node bin/dig.js @$ns -p $port NS doesntexist.example.com
$digcmd @$ns -p $port A doesntexist.example.com
$digcmd @$ns -p $port NS doesntexist.example.com
# Sample Data:
@ -89,23 +99,31 @@ node bin/dig.js @$ns -p $port NS doesntexist.example.com
# Test:
# should return record of correct type in ANSWER section, nothing else
node bin/dig.js @$ns -p $port A a.example.com
node bin/dig.js @$ns -p $port ANY a.example.com
node bin/dig.js @$ns -p $port AAAA aaaa.example.com
node bin/dig.js @$ns -p $port ANY aaaa.example.com
node bin/dig.js @$ns -p $port MX mx.example.com
node bin/dig.js @$ns -p $port ANY mx.example.com
node bin/dig.js @$ns -p $port SRV srv.example.com
node bin/dig.js @$ns -p $port ANY srv.example.com
node bin/dig.js @$ns -p $port TXT txt.example.com
node bin/dig.js @$ns -p $port ANY txt.example.com
node bin/dig.js @$ns -p $port TXT mtxt.example.com
node bin/dig.js @$ns -p $port ANY mtxt.example.com
$digcmd @$ns -p $port A a.example.com
$digcmd @$ns -p $port AAAA aaaa.example.com
$digcmd @$ns -p $port MX mx.example.com
$digcmd @$ns -p $port SRV srv.example.com
$digcmd @$ns -p $port TXT txt.example.com
$digcmd @$ns -p $port TXT mtxt.example.com
# should return record of correct type in ANSWER section, and SOA / NS
$digcmd @$ns -p $port ANY a.example.com
$digcmd @$ns -p $port ANY aaaa.example.com
$digcmd @$ns -p $port ANY mx.example.com
$digcmd @$ns -p $port ANY srv.example.com
$digcmd @$ns -p $port ANY txt.example.com
$digcmd @$ns -p $port ANY mtxt.example.com
# Test:
# all subdomains of a delegated domain should return NS for that domain
$digcmd @$ns -p 65053 ANY ns.example.com
$digcmd @$ns -p 65053 ANY foo.ns.example.com
$digcmd @$ns -p 65053 ANY bar.foo.ns.example.com
# should return SOA record in AUTHORITY section, nothing else
node bin/dig.js @$ns -p $port A doesntexist.a.example.com
$digcmd @$ns -p $port A doesntexist.a.example.com
# should return NS records in ANSWER section, nothing else
node bin/dig.js @$ns -p $port NS a.example.com
$digcmd @$ns -p $port NS a.example.com
```

View File

@ -114,9 +114,10 @@ function dbToResourceRecord(r) {
}
function getNs(db, ds, results, cb) {
console.log('[DEV] getNs entered');
console.log('[DEV] getNs entered with domains', ds);
var d = ds.shift();
console.log('[DEV] trying another one', d);
if (!d) {
results.header.rcode = NXDOMAIN;
@ -298,6 +299,10 @@ module.exports.query = function (input, query, cb) {
qarr.shift(); // first
}
console.log('[DEV] getNsAlso?', getNsAlso);
console.log('[DEV] answerSoa?', answerSoa);
console.log('[DEV] qnames');
console.log(qnames);
var myDomains = db.domains.filter(function (d) {
return -1 !== qnames.indexOf(d.id.toLowerCase());
});
@ -325,7 +330,7 @@ module.exports.query = function (input, query, cb) {
return getSoa(db, myDomains[0], results, cb, answerSoa);
}
return getNs(db, myDomains.slice(0), results, function (err, results) {
return getNs(db, /*myDomains.slice(0)*/qnames.map(function (qn) { return { id: qn }; }), results, function (err, results) {
//console.log('[DEV] getNs complete');
if (err) { cb(err, results); return; }
@ -352,6 +357,12 @@ module.exports.query = function (input, query, cb) {
if (err) { cb(err); return; }
// There are two special cases
// NS records are returned as ANSWER for NS and ANY, and as AUTHORITY when an externally-delegated domain would return an SOA (no records)
// SOA records are returned as ANSWER for SOA and ANY, and as AUTHORITY when no records are found, but the domain is controlled here
console.log("[DEV] has records");
// filter out NS (delegation) records, unless that is what is intended
someRecords = someRecords.filter(function (r) {
// If it's not an NS record, it's a potential result
@ -359,21 +370,23 @@ module.exports.query = function (input, query, cb) {
return true;
}
// If the query was for NS, it's a potential result
if ('NS' === query.question[0].typeName) {
return true;
}
console.log("It's NS");
// If it's a vanity NS, it's not a valid NS for lookup
if (-1 !== db.primaryNameservers.indexOf(r.data.toLowerCase())) {
console.log("It's a vanity NS");
return false;
}
// If the query was for NS, it's a potential result
if ('ANY' === query.question[0].typeName || 'NS' === query.question[0].typeName) {
return true;
}
nsRecords.push(r);
return false;
});
// TODO should NS be returned as ANSWER or AUTHORITY in ANY?
myRecords = someRecords;
if (255 !== query.question[0].type && 'ANY' !== query.question[0].typeName) {
myRecords = myRecords.filter(function (r) {
@ -391,6 +404,11 @@ module.exports.query = function (input, query, cb) {
});
results.header.rcode = NOERROR;
//console.log('[DEV] ANSWER results', results);
if (255 === query.question[0].type && 'ANY' === query.question[0].typeName) {
getNsAndSoa(false, true);
return;
}
cb(null, results);
return;
}
@ -404,9 +422,10 @@ module.exports.query = function (input, query, cb) {
return;
}
if (!myRecords.length) {
getNsAndSoa(true);
}
console.log("[DEV] Gonna get NS and SOA");
// !myRecords.length
getNsAndSoa(true);
});
};