• Petr Špaček's avatar
    resolver: fix nsec_wildcard_answer_response to actually test something · 1df45b3e
    Petr Špaček authored
    The test was completely reworked. The old one had many problems:
    - MATCH specification was totally ignoring the response so the test did
      effectivelly nothing.
    - Fixing MATCH clauses uncovered that delegations were incorrect.
    - Queries for localhost addresses had to be allowed for the test to work.
    
    The new test is using only one DNS zone (the root) but tests more cases:
    - valid positive wildcard answer for non-existing owner name
    - invalid answer where wildcard data + RRSIG were transplanted to
      different owner name
    - valid positive answer for explicit owner name (masking the wildcard)
    - invalid answer where wildcard data are used to mask explicit data
    1df45b3e
Name
Last commit
Last update
..
K.+008+41524.key Loading commit data...
K.+008+41524.private Loading commit data...
root.zone Loading commit data...