validator does not validate direct wildcard query with positive response
Validator does not set AD bit if query for *.example.com. IN A
returns an signed A record.
Affected version: e806158a
Unbound version unbound-1.5.10-1.fc25.x86_64
sets the AD bit.
Test val_wild_pos.rpl
usable to reproduce the issue was taken from Unbound. git-svn-id: http://unbound.nlnetlabs.nl/svn@4008
Deckard version of the test can be found in https://gitlab.labs.nic.cz/knot/deckard/commit/2f5922d1b6f835456ecc12060a16a5cedc3f8cfa
Test logs:
> [ 0][plan] plan '*.example.com.' type 'A'
[ 5304][iter] '*.example.com.' type 'A' id was assigned, parent id 0
[ 5304][resl] => using root hints
[41834][iter] '*.example.com.' type 'A' id was assigned, parent id 0
[41834][resl] => querying: '193.0.14.129' score: 10 zone cut: '.' m12n: 'COm.' type: 'NS' proto: 'udp'
[41834][iter] <= rcode: SERVFAIL
[41834][resl] <= server: '193.0.14.129' rtt: 0 ms
[47988][iter] '*.example.com.' type 'A' id was assigned, parent id 0
[47988][resl] => querying: '193.0.14.129' score: 111 zone cut: '.' m12n: '*.exaMple.cOM.' type: 'A' proto: 'udp'
[47988][iter] <= using glue for 'a.gtld-servers.net.': '192.5.6.30'
[47988][iter] <= referral response, follow
[47988][resl] <= server: '193.0.14.129' rtt: 1 ms
[37583][iter] '*.example.com.' type 'A' id was assigned, parent id 0
[37583][resl] => querying: '192.5.6.30' score: 10 zone cut: 'com.' m12n: '*.EXAmPLE.cOm.' type: 'A' proto: 'udp'
[37583][iter] <= using glue for 'ns.example.com.': '1.2.3.4'
[37583][iter] <= referral response, follow
[37583][resl] <= server: '192.5.6.30' rtt: 1 ms
[23309][iter] '*.example.com.' type 'A' id was assigned, parent id 0
[23309][resl] >< TA: 'example.com.'
[23309][plan] plan 'example.com.' type 'DNSKEY'
[ 885][iter] 'example.com.' type 'DNSKEY' id was assigned, parent id 23309
[ 885][resl] => querying: '1.2.3.4' score: 10 zone cut: 'example.com.' m12n: 'EXamPLe.cOM.' type: 'DNSKEY' proto: 'udp'
[ 885][iter] <= using glue for 'ns.example.com.': '1.2.3.4'
[ 885][iter] <= rcode: NOERROR
[ 885][vldr] <= bad keys, broken trust chain
[ 0][resl] finished: 8, queries: 0, mempool: 16400 B
[ FAIL ] sets/resolver/val_wild_pos.rpl (sets/resolver/val_wild_pos.rpl step 10 line 139, "flags": expected 'QR RD RA AD', got 'QR RD RA' in the response:
id 51190
opcode QUERY
rcode SERVFAIL
flags QR RD RA
;QUESTION
*.example.com. IN A
;ANSWER
;AUTHORITY
;ADDITIONAL)