failure to validate No Data response for explicit wildcard
kresd 1.5.0 fails to validate No Data response for explicit wildcard.
Query for an existent type:
$ kdig @::1 -p 53530 +tcp +adflag \*.wc.dnssec.test +dnssec TXT
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 41557
;; Flags: qr rd ra ad; QUERY: 1; ANSWER: 2; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: NOERROR
;; QUESTION SECTION:
;; *.wc.dnssec.test. IN TXT
;; ANSWER SECTION:
*.wc.dnssec.test. 1200 IN TXT "wc"
*.wc.dnssec.test. 1200 IN RRSIG TXT 13 3 1200 20171124132134 20171110132134 59809 dnssec.test. X45WDd9WkTnhlB60DImXo7pdNirsaQc/wTnR5ccJJglAypL121DkvkuMJmbYCWvt1O+U+ycVAKQznmF7D/DyTg==
;; Received 163 B
;; Time 2017-11-13 16:02:29 CET
;; From ::1@53530(TCP) in 41.5 ms
Query for a non-existent type:
$ kdig @::1 -p 53530 +tcp +adflag \*.wc.dnssec.test +dnssec AAAA
;; ->>HEADER<<- opcode: QUERY; status: SERVFAIL; id: 43702
;; Flags: qr rd ra; QUERY: 1; ANSWER: 0; AUTHORITY: 0; ADDITIONAL: 0
;; QUESTION SECTION:
;; *.wc.dnssec.test. IN AAAA
;; Received 32 B
;; Time 2017-11-13 16:02:37 CET
;; From ::1@53530(TCP) in 45.2 ms
kresd trace:
[21405][iter] <= answer received:
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 21405
;; Flags: qr aa QUERY: 1; ANSWER: 0; AUTHORITY: 4; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: do; UDP size: 4096 B; ext-rcode: Unused
;; QUESTION SECTION
*.wc.dnssec.test. AAAA
;; AUTHORITY SECTION
dnssec.test. 1200 SOA a.ns.fcelda.cz. hostmaster.fcelda.cz. 344 3600 1800 2678400 1200
*.wc.dnssec.test. 1200 NSEC no.wc.dnssec.test. TXT RRSIG NSEC
dnssec.test. 1400 RRSIG SOA 13 2 1400 20171124142134 20171110142134 59809 dnssec.test. 0n0ZDgLbhEJTmcbxR6V50T1Xk+39xo8vEzjnEcIdI+m/2fWWw45/MrRU/H5oT8y+LrtFu/wiFI0crvj+lH6NbQ==
*.wc.dnssec.test. 1200 RRSIG NSEC 13 3 1200 20171124132134 20171110132134 59809 dnssec.test. wwOzuf0QBcv1w7WBHlIMvxwZi0cPXDGfYRjxnXUaHx87ekMdislJwk+6Dc1kY8wjA24TAkvY9ViYHUHAikl1aQ==
[21405][iter] <= rcode: NOERROR
[21405][vldr] <= bad NODATA proof