summaryrefslogtreecommitdiffstats
path: root/lib/dns/tests
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 07:24:22 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 07:24:22 +0000
commit45d6379135504814ab723b57f0eb8be23393a51d (patch)
treed4f2ec4acca824a8446387a758b0ce4238a4dffa /lib/dns/tests
parentInitial commit. (diff)
downloadbind9-45d6379135504814ab723b57f0eb8be23393a51d.tar.xz
bind9-45d6379135504814ab723b57f0eb8be23393a51d.zip
Adding upstream version 1:9.16.44.upstream/1%9.16.44upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/dns/tests')
-rw-r--r--lib/dns/tests/Kdh.+002+18602.key1
-rw-r--r--lib/dns/tests/Krsa.+008+29238.key5
-rw-r--r--lib/dns/tests/Kyuafile45
-rw-r--r--lib/dns/tests/Makefile.in287
-rw-r--r--lib/dns/tests/acl_test.c158
-rw-r--r--lib/dns/tests/comparekeys/Kexample-d.+008+53461.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample-d.+008+53461.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample-e.+008+53973.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample-e.+008+53973.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample-n.+008+37464.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample-n.+008+37464.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample-p.+008+53461.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample-p.+008+53461.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample-private.+002+65316.key1
-rw-r--r--lib/dns/tests/comparekeys/Kexample-private.+002+65316.private9
-rw-r--r--lib/dns/tests/comparekeys/Kexample-q.+008+53461.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample-q.+008+53461.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+002+65316.key1
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+002+65316.private9
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+008+53461.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+008+53461.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+013+19786.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+013+19786.private6
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+015+63663.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample.+015+63663.private6
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+002+19823.key1
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+002+19823.private9
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+008+37993.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+008+37993.private13
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+013+16384.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+013+16384.private6
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+015+37529.key5
-rw-r--r--lib/dns/tests/comparekeys/Kexample2.+015+37529.private6
-rw-r--r--lib/dns/tests/comparekeys/Kexample3.+002+17187.key1
-rw-r--r--lib/dns/tests/comparekeys/Kexample3.+002+17187.private9
-rw-r--r--lib/dns/tests/db_test.c428
-rw-r--r--lib/dns/tests/dbdiff_test.c185
-rw-r--r--lib/dns/tests/dbiterator_test.c394
-rw-r--r--lib/dns/tests/dbversion_test.c499
-rw-r--r--lib/dns/tests/dh_test.c112
-rw-r--r--lib/dns/tests/dispatch_test.c360
-rw-r--r--lib/dns/tests/dnstap_test.c402
-rw-r--r--lib/dns/tests/dnstest.c643
-rw-r--r--lib/dns/tests/dnstest.h132
-rw-r--r--lib/dns/tests/dst_test.c504
-rw-r--r--lib/dns/tests/geoip_test.c433
-rw-r--r--lib/dns/tests/keytable_test.c720
-rw-r--r--lib/dns/tests/master_test.c633
-rw-r--r--lib/dns/tests/mkraw.pl26
-rw-r--r--lib/dns/tests/name_test.c796
-rw-r--r--lib/dns/tests/nsec3_test.c196
-rw-r--r--lib/dns/tests/nsec3param_test.c304
-rw-r--r--lib/dns/tests/peer_test.c175
-rw-r--r--lib/dns/tests/private_test.c236
-rw-r--r--lib/dns/tests/rbt_serialize_test.c489
-rw-r--r--lib/dns/tests/rbt_test.c1390
-rw-r--r--lib/dns/tests/rbtdb_test.c423
-rw-r--r--lib/dns/tests/rdata_test.c3229
-rw-r--r--lib/dns/tests/rdataset_test.c146
-rw-r--r--lib/dns/tests/rdatasetstats_test.c312
-rw-r--r--lib/dns/tests/resolver_test.c228
-rw-r--r--lib/dns/tests/result_test.c133
-rw-r--r--lib/dns/tests/rsa_test.c242
-rw-r--r--lib/dns/tests/sigs_test.c462
-rw-r--r--lib/dns/tests/testdata/db/data.db22
-rw-r--r--lib/dns/tests/testdata/dbiterator/zone1.data30
-rw-r--r--lib/dns/tests/testdata/dbiterator/zone2.data319
-rw-r--r--lib/dns/tests/testdata/diff/zone1.data13
-rw-r--r--lib/dns/tests/testdata/diff/zone2.data14
-rw-r--r--lib/dns/tests/testdata/diff/zone3.data12
-rw-r--r--lib/dns/tests/testdata/dnstap/dnstap.savedbin0 -> 30398 bytes
-rw-r--r--lib/dns/tests/testdata/dnstap/dnstap.text96
-rw-r--r--lib/dns/tests/testdata/dnstap/query.auth4
-rw-r--r--lib/dns/tests/testdata/dnstap/query.recursive4
-rw-r--r--lib/dns/tests/testdata/dnstap/response.auth19
-rw-r--r--lib/dns/tests/testdata/dnstap/response.recursive19
-rw-r--r--lib/dns/tests/testdata/dst/Ktest.+008+11349.key5
-rw-r--r--lib/dns/tests/testdata/dst/Ktest.+008+11349.private13
-rw-r--r--lib/dns/tests/testdata/dst/Ktest.+013+49130.key5
-rw-r--r--lib/dns/tests/testdata/dst/Ktest.+013+49130.private6
-rw-r--r--lib/dns/tests/testdata/dst/test1.data3077
-rw-r--r--lib/dns/tests/testdata/dst/test1.ecdsa256sig1
-rw-r--r--lib/dns/tests/testdata/dst/test1.rsasha256sig1
-rw-r--r--lib/dns/tests/testdata/dst/test2.data3077
-rw-r--r--lib/dns/tests/testdata/dstrandom/random.databin0 -> 4096 bytes
-rw-r--r--lib/dns/tests/testdata/master/master1.data11
-rw-r--r--lib/dns/tests/testdata/master/master10.data7
-rw-r--r--lib/dns/tests/testdata/master/master11.data6
-rw-r--r--lib/dns/tests/testdata/master/master12.data.in1
-rw-r--r--lib/dns/tests/testdata/master/master13.data.in1
-rw-r--r--lib/dns/tests/testdata/master/master14.data.in1
-rw-r--r--lib/dns/tests/testdata/master/master15.data1609
-rw-r--r--lib/dns/tests/testdata/master/master16.data1609
-rw-r--r--lib/dns/tests/testdata/master/master17.data14
-rw-r--r--lib/dns/tests/testdata/master/master18.data10
-rw-r--r--lib/dns/tests/testdata/master/master2.data11
-rw-r--r--lib/dns/tests/testdata/master/master3.data11
-rw-r--r--lib/dns/tests/testdata/master/master4.data11
-rw-r--r--lib/dns/tests/testdata/master/master5.data11
-rw-r--r--lib/dns/tests/testdata/master/master6.data33
-rw-r--r--lib/dns/tests/testdata/master/master7.data17
-rw-r--r--lib/dns/tests/testdata/master/master8.data4
-rw-r--r--lib/dns/tests/testdata/master/master9.data4
-rw-r--r--lib/dns/tests/testdata/nsec3/1024.db16
-rw-r--r--lib/dns/tests/testdata/nsec3/2048.db16
-rw-r--r--lib/dns/tests/testdata/nsec3/4096.db16
-rw-r--r--lib/dns/tests/testdata/nsec3/min-1024.db20
-rw-r--r--lib/dns/tests/testdata/nsec3/min-2048.db18
-rw-r--r--lib/dns/tests/testdata/nsec3param/nsec3.db.signed73
-rw-r--r--lib/dns/tests/testdata/zt/zone1.db22
-rw-r--r--lib/dns/tests/testkeys/Kexample.+008+20386.key5
-rw-r--r--lib/dns/tests/testkeys/Kexample.+008+20386.private13
-rw-r--r--lib/dns/tests/testkeys/Kexample.+008+37464.key5
-rw-r--r--lib/dns/tests/testkeys/Kexample.+008+37464.private13
-rw-r--r--lib/dns/tests/time_test.c218
-rw-r--r--lib/dns/tests/tsig_test.c605
-rw-r--r--lib/dns/tests/update_test.c381
-rw-r--r--lib/dns/tests/zonemgr_test.c265
-rw-r--r--lib/dns/tests/zt_test.c376
119 files changed, 27108 insertions, 0 deletions
diff --git a/lib/dns/tests/Kdh.+002+18602.key b/lib/dns/tests/Kdh.+002+18602.key
new file mode 100644
index 0000000..09b4cf5
--- /dev/null
+++ b/lib/dns/tests/Kdh.+002+18602.key
@@ -0,0 +1 @@
+dh. IN KEY 0 2 2 AAEBAAAAYIHI/wjtOagNga9GILSoS02IVelgLilPE/TfhtvShsiDAXqb IfxQcj2JkuOnNLs5ttb2WZXWl5/jsSjIxHMwMF2XY4gwt/lwHBf/vgYH r7aIxnKXov1jk9rymTLHGKIOtg==
diff --git a/lib/dns/tests/Krsa.+008+29238.key b/lib/dns/tests/Krsa.+008+29238.key
new file mode 100644
index 0000000..8a09067
--- /dev/null
+++ b/lib/dns/tests/Krsa.+008+29238.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 29235, for rsa.
+; Created: 20160819191802 (Fri Aug 19 21:18:02 2016)
+; Publish: 20160819191802 (Fri Aug 19 21:18:02 2016)
+; Activate: 20160819191802 (Fri Aug 19 21:18:02 2016)
+rsa. IN DNSKEY 256 3 8 AwEAAdLT1R3qiqCqll3Xzh2qFMvehQ9FODsPftw5U4UjB3QwnJ/3+dph 9kZBBeaJagUBVYzoArk6XNydpp3HhSCFDcIiepL6r8XAifW3SqI1KCne OD38kSCl/Qm9P0+3CFWokGVubsSQ+3dpQZxqx5bzOXthbuzAr6X+gDUE LAyHtCQNmJ+4ktdCoj3DNYW0z/xLvrcB2Lns7H+/qWnGPL4f3hr7Vbak Oeay+4J4KGdY2LFxJUVts6QrgAA8gz4mV9YIJFP+C4B3b/Z7qgqZRxmT 0pic+fJC5+sq0l8KwavPn0n+HqVuJNvppVKMdTbsmmuk69RFGMjbFkP7 tnCiqC9Zi6s=
diff --git a/lib/dns/tests/Kyuafile b/lib/dns/tests/Kyuafile
new file mode 100644
index 0000000..53b4686
--- /dev/null
+++ b/lib/dns/tests/Kyuafile
@@ -0,0 +1,45 @@
+-- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+--
+-- SPDX-License-Identifier: MPL-2.0
+--
+-- This Source Code Form is subject to the terms of the Mozilla Public
+-- License, v. 2.0. If a copy of the MPL was not distributed with this
+-- file, you can obtain one at https://mozilla.org/MPL/2.0/.
+--
+-- See the COPYRIGHT file distributed with this work for additional
+-- information regarding copyright ownership.
+
+syntax(2)
+test_suite('bind9')
+
+tap_test_program{name='acl_test'}
+tap_test_program{name='db_test'}
+tap_test_program{name='dbdiff_test'}
+tap_test_program{name='dbiterator_test'}
+tap_test_program{name='dbversion_test'}
+tap_test_program{name='dh_test'}
+tap_test_program{name='dispatch_test'}
+tap_test_program{name='dnstap_test'}
+tap_test_program{name='dst_test'}
+tap_test_program{name='geoip_test'}
+tap_test_program{name='keytable_test'}
+tap_test_program{name='master_test'}
+tap_test_program{name='name_test'}
+tap_test_program{name='nsec3_test'}
+tap_test_program{name='peer_test'}
+tap_test_program{name='private_test'}
+tap_test_program{name='rbt_serialize_test', is_exclusive=true}
+tap_test_program{name='rbt_test'}
+tap_test_program{name='rbtdb_test'}
+tap_test_program{name='rdata_test'}
+tap_test_program{name='rdataset_test'}
+tap_test_program{name='rdatasetstats_test'}
+tap_test_program{name='resolver_test'}
+tap_test_program{name='result_test'}
+tap_test_program{name='rsa_test'}
+tap_test_program{name='sigs_test'}
+tap_test_program{name='time_test'}
+tap_test_program{name='tsig_test'}
+tap_test_program{name='update_test'}
+tap_test_program{name='zonemgr_test'}
+tap_test_program{name='zt_test'}
diff --git a/lib/dns/tests/Makefile.in b/lib/dns/tests/Makefile.in
new file mode 100644
index 0000000..90c1371
--- /dev/null
+++ b/lib/dns/tests/Makefile.in
@@ -0,0 +1,287 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+srcdir = @srcdir@
+VPATH = @srcdir@
+top_srcdir = @top_srcdir@
+
+VERSION=@BIND9_VERSION@
+
+@BIND9_MAKE_INCLUDES@
+
+CINCLUDES = -I. -Iinclude ${DNS_INCLUDES} ${ISC_INCLUDES} \
+ ${FSTRM_CFLAGS} ${OPENSSL_CFLAGS} \
+ ${PROTOBUF_C_CFLAGS} ${MAXMINDDB_CFLAGS} @CMOCKA_CFLAGS@
+CDEFINES = -DTESTS="\"${top_builddir}/lib/dns/tests/\""
+
+ISCLIBS = ../../isc/libisc.@A@ @NO_LIBTOOL_ISCLIBS@
+ISCDEPLIBS = ../../isc/libisc.@A@
+DNSLIBS = ../libdns.@A@ @NO_LIBTOOL_DNSLIBS@
+DNSDEPLIBS = ../libdns.@A@
+
+LIBS = @LIBS@ @CMOCKA_LIBS@
+
+OBJS = dnstest.@O@
+SRCS = acl_test.c \
+ db_test.c \
+ dbdiff_test.c \
+ dbiterator_test.c \
+ dh_test.c \
+ dispatch_test.c \
+ dnstap_test.c \
+ dst_test.c \
+ dnstest.c \
+ geoip_test.c \
+ keytable_test.c \
+ master_test.c \
+ name_test.c \
+ nsec3_test.c \
+ nsec3param_test.c \
+ peer_test.c \
+ private_test.c \
+ rbt_test.c \
+ rbt_serialize_test.c \
+ rbtdb_test.c \
+ rdata_test.c \
+ rdataset_test.c \
+ rdatasetstats_test.c \
+ resolver_test.c \
+ result_test.c \
+ rsa_test.c \
+ sigs_test.c \
+ time_test.c \
+ tsig_test.c \
+ update_test.c \
+ zonemgr_test.c \
+ zt_test.c
+
+SUBDIRS =
+TARGETS = acl_test@EXEEXT@ \
+ db_test@EXEEXT@ \
+ dbdiff_test@EXEEXT@ \
+ dbiterator_test@EXEEXT@ \
+ dbversion_test@EXEEXT@ \
+ dh_test@EXEEXT@ \
+ dispatch_test@EXEEXT@ \
+ dnstap_test@EXEEXT@ \
+ dst_test@EXEEXT@ \
+ geoip_test@EXEEXT@ \
+ keytable_test@EXEEXT@ \
+ master_test@EXEEXT@ \
+ name_test@EXEEXT@ \
+ nsec3_test@EXEEXT@ \
+ nsec3param_test@EXEEXT@ \
+ peer_test@EXEEXT@ \
+ private_test@EXEEXT@ \
+ rbt_test@EXEEXT@ \
+ rbt_serialize_test@EXEEXT@ \
+ rbtdb_test@EXEEXT@ \
+ rdata_test@EXEEXT@ \
+ rdataset_test@EXEEXT@ \
+ rdatasetstats_test@EXEEXT@ \
+ resolver_test@EXEEXT@ \
+ result_test@EXEEXT@ \
+ rsa_test@EXEEXT@ \
+ sigs_test@EXEEXT@ \
+ time_test@EXEEXT@ \
+ tsig_test@EXEEXT@ \
+ update_test@EXEEXT@ \
+ zonemgr_test@EXEEXT@ \
+ zt_test@EXEEXT@
+
+@BIND9_MAKE_RULES@
+
+LD_WRAP_TESTS=@LD_WRAP_TESTS@
+
+acl_test@EXEEXT@: acl_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ acl_test.@O@ dnstest.@O@ ${DNSLIBS} \
+ ${ISCLIBS} ${LIBS}
+
+db_test@EXEEXT@: db_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ db_test.@O@ dnstest.@O@ ${DNSLIBS} \
+ ${ISCLIBS} ${LIBS}
+
+dbdiff_test@EXEEXT@: dbdiff_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dbdiff_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+dbiterator_test@EXEEXT@: dbiterator_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dbiterator_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+dbversion_test@EXEEXT@: dbversion_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dbversion_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+dh_test@EXEEXT@: dh_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dh_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+dispatch_test@EXEEXT@: dispatch_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dispatch_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+dnstap_test@EXEEXT@: dnstap_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dnstap_test.@O@ dnstest.@O@ \
+ ${FSTRM_LIBS} ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+dst_test@EXEEXT@: dst_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ dst_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+geoip_test@EXEEXT@: geoip_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ geoip_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${MAXMINDDB_LIBS} ${ISCLIBS} ${LIBS}
+
+keytable_test@EXEEXT@: keytable_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ keytable_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+master_test@EXEEXT@: master_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ test -d testdata || mkdir testdata
+ test -d testdata/master || mkdir testdata/master
+ ${PERL} ${srcdir}/mkraw.pl < ${srcdir}/testdata/master/master12.data.in \
+ > testdata/master/master12.data
+ ${PERL} ${srcdir}/mkraw.pl < ${srcdir}/testdata/master/master13.data.in \
+ > testdata/master/master13.data
+ ${PERL} ${srcdir}/mkraw.pl < ${srcdir}/testdata/master/master14.data.in \
+ > testdata/master/master14.data
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ master_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+name_test@EXEEXT@: name_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ name_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+nsec3_test@EXEEXT@: nsec3_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ nsec3_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+nsec3param_test@EXEEXT@: nsec3param_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ nsec3param_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+peer_test@EXEEXT@: peer_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ peer_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+private_test@EXEEXT@: private_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ private_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rbt_serialize_test@EXEEXT@: rbt_serialize_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rbt_serialize_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rbt_test@EXEEXT@: rbt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rbt_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rbtdb_test@EXEEXT@: rbtdb_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rbtdb_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rdata_test@EXEEXT@: rdata_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rdata_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rdataset_test@EXEEXT@: rdataset_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rdataset_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rdatasetstats_test@EXEEXT@: rdatasetstats_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rdatasetstats_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+resolver_test@EXEEXT@: resolver_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ resolver_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+result_test@EXEEXT@: result_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ result_test.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+rsa_test@EXEEXT@: rsa_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ rsa_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+sigs_test@EXEEXT@: sigs_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ sigs_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+time_test@EXEEXT@: time_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ time_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+WRAP_OPTIONS = \
+ -Wl,--wrap=isc__mem_put \
+ -Wl,--wrap=isc__mem_get \
+ -Wl,--wrap=isc_mem_attach \
+ -Wl,--wrap=isc_mem_detach \
+ -Wl,--wrap=isc__mem_putanddetach
+
+tsig_test@EXEEXT@: tsig_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ tsig_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+update_test@EXEEXT@: update_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ update_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+zonemgr_test@EXEEXT@: zonemgr_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ zonemgr_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+zt_test@EXEEXT@: zt_test.@O@ dnstest.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
+ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} \
+ ${LDFLAGS} -o $@ zt_test.@O@ dnstest.@O@ \
+ ${DNSLIBS} ${ISCLIBS} ${LIBS}
+
+unit::
+ sh ${top_builddir}/unit/unittest.sh
+
+clean distclean::
+ rm -f ${TARGETS}
+ rm -f atf.out
+ rm -f testdata/master/master12.data testdata/master/master13.data \
+ testdata/master/master14.data
+ rm -f zone.bin
diff --git a/lib/dns/tests/acl_test.c b/lib/dns/tests/acl_test.c
new file mode 100644
index 0000000..21941a2
--- /dev/null
+++ b/lib/dns/tests/acl_test.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/acl.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+#define BUFLEN 255
+#define BIGBUFLEN (70 * 1024)
+#define TEST_ORIGIN "test"
+
+/* test that dns_acl_isinsecure works */
+static void
+dns_acl_isinsecure_test(void **state) {
+ isc_result_t result;
+ dns_acl_t *any = NULL;
+ dns_acl_t *none = NULL;
+ dns_acl_t *notnone = NULL;
+ dns_acl_t *notany = NULL;
+#if defined(HAVE_GEOIP2)
+ dns_acl_t *geoip = NULL;
+ dns_acl_t *notgeoip = NULL;
+ dns_aclelement_t *de;
+#endif /* HAVE_GEOIP2 */
+
+ UNUSED(state);
+
+ result = dns_acl_any(dt_mctx, &any);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_acl_none(dt_mctx, &none);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_acl_create(dt_mctx, 1, &notnone);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_acl_create(dt_mctx, 1, &notany);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_acl_merge(notnone, none, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_acl_merge(notany, any, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+#if defined(HAVE_GEOIP2)
+ result = dns_acl_create(dt_mctx, 1, &geoip);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ de = geoip->elements;
+ assert_non_null(de);
+ strlcpy(de->geoip_elem.as_string, "AU",
+ sizeof(de->geoip_elem.as_string));
+ de->geoip_elem.subtype = dns_geoip_country_code;
+ de->type = dns_aclelementtype_geoip;
+ de->negative = false;
+ assert_true(geoip->length < geoip->alloc);
+ dns_acl_node_count(geoip)++;
+ de->node_num = dns_acl_node_count(geoip);
+ geoip->length++;
+
+ result = dns_acl_create(dt_mctx, 1, &notgeoip);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_acl_merge(notgeoip, geoip, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+#endif /* HAVE_GEOIP2 */
+
+ assert_true(dns_acl_isinsecure(any)); /* any; */
+ assert_false(dns_acl_isinsecure(none)); /* none; */
+ assert_false(dns_acl_isinsecure(notany)); /* !any; */
+ assert_false(dns_acl_isinsecure(notnone)); /* !none; */
+
+#if defined(HAVE_GEOIP2)
+ assert_true(dns_acl_isinsecure(geoip)); /* geoip; */
+ assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */
+#endif /* HAVE_GEOIP2 */
+
+ dns_acl_detach(&any);
+ dns_acl_detach(&none);
+ dns_acl_detach(&notany);
+ dns_acl_detach(&notnone);
+#if defined(HAVE_GEOIP2)
+ dns_acl_detach(&geoip);
+ dns_acl_detach(&notgeoip);
+#endif /* HAVE_GEOIP2 */
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(dns_acl_isinsecure_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/comparekeys/Kexample-d.+008+53461.key b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.key
new file mode 100644
index 0000000..5c43165
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 53461, for example-d.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example-d. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE=
diff --git a/lib/dns/tests/comparekeys/Kexample-d.+008+53461.private b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.private
new file mode 100644
index 0000000..a693428
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-d.+008+53461.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ==
+PublicExponent: AQAB
+PrivateExponent: AhR3VvVoV6OGOjiiNUt728hidEMoX4PJWtHNWqinyRek5tSnqgaXeKC3NuU0mUIjDvBps9oH4lK3yNa5fBr/nodwP4wNyTd3obR/z6JcLersxJjHi4nYX2ju8vjdsBSIulNudqlrsPhLJe0+Tff3FRfClSQmQ/JtakHo4lIx8zxiOJY8aWFeHGdWJDkAf6NStt3eVYyOyAwISfv3muaGPZKShiIOfLyTvqFqzwYFgdTWmvFqTdwgjIMc5XAwqw73WP2BPCN+fdCiMtrw0fCrhWzw/gfMJBHdOPH0diUZysAJhM0vdVKQzEi/g3YOo00fahZiPzaxNtZnLNj2mA54YQ==
+Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE=
+Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E=
+Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE=
+Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE=
+Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample-e.+008+53973.key b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.key
new file mode 100644
index 0000000..a4b0d03
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 53973, for example-e.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example-e. IN DNSKEY 256 3 8 BQEAAAABophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2Z V7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ 4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+ m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7k VDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+ oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN 1ik92pzkr2UJAQ==
diff --git a/lib/dns/tests/comparekeys/Kexample-e.+008+53973.private b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.private
new file mode 100644
index 0000000..765ca1a
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-e.+008+53973.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ==
+PublicExponent: AQAAAAE=
+PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ==
+Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE=
+Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E=
+Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE=
+Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE=
+Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample-n.+008+37464.key b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.key
new file mode 100644
index 0000000..da2e16a
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 37464, for example-n.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example-n. IN DNSKEY 256 3 8 AwEAAbxHOF8G0xw9ekCodhL8KivuZ3o0jmGlycLiXBjBN8c5R5fjLjUh D0gy3IDbDC+kLaPhHGF/MwrSEjrgSowxZ8nrxDzsq5ZdpeUsYaNrbQEY /mqf35T/9/Ulm4v06x58v/NTugWd05Xq04aAyfm7EViyGFzmVOVfPnll h9xQtvWEWoRWPseFw+dY5/nc/+xB/IsQMihoH2rO+cek/lsP3R9DsHCG RbQ/ks/+rrp6/O+QJZyZrzsONl7mlMDXNy3Pz9J4qMW2W6Mz702LN324 7/9UsetDGGbuZfrCLMpKWXzdsJm36DOk4aMooS9111plfXaXQgQNcL5G 021utpTau+8=
diff --git a/lib/dns/tests/comparekeys/Kexample-n.+008+37464.private b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.private
new file mode 100644
index 0000000..65689a2
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-n.+008+37464.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: vEc4XwbTHD16QKh2EvwqK+5nejSOYaXJwuJcGME3xzlHl+MuNSEPSDLcgNsML6Qto+EcYX8zCtISOuBKjDFnyevEPOyrll2l5Sxho2ttARj+ap/flP/39SWbi/TrHny/81O6BZ3TlerThoDJ+bsRWLIYXOZU5V8+eWWH3FC29YRahFY+x4XD51jn+dz/7EH8ixAyKGgfas75x6T+Ww/dH0OwcIZFtD+Sz/6uunr875AlnJmvOw42XuaUwNc3Lc/P0nioxbZbozPvTYs3fbjv/1Sx60MYZu5l+sIsykpZfN2wmbfoM6ThoyihL3XXWmV9dpdCBA1wvkbTbW62lNq77w==
+PublicExponent: AQAB
+PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ==
+Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE=
+Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E=
+Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE=
+Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE=
+Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample-p.+008+53461.key b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.key
new file mode 100644
index 0000000..20ffcfd
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 53461, for example-p.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example-p. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE=
diff --git a/lib/dns/tests/comparekeys/Kexample-p.+008+53461.private b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.private
new file mode 100644
index 0000000..063c925
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-p.+008+53461.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ==
+PublicExponent: AQAB
+PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ==
+Prime1: 5YpfVjEtL1owW9gSFbIMx65POr+fiktxirgy1bc5fSsVqUgG6zhbaN/VpWcNZG0Zg5xd6S7C8V3djGlnJN8wZIyjIh7+Z3WWjqbOD9oY7rC1fR+W0OvbCmZiEzOpRJ5qoMOh1MzkkanhMy0/ICpaa8eQ9zEb80oTIQpFgoLn7K0=
+Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E=
+Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE=
+Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE=
+Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample-private.+002+65316.key b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.key
new file mode 100644
index 0000000..7cc002d
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.key
@@ -0,0 +1 @@
+example-private. IN KEY 512 3 2 AAECAAAAgKVXnUOFKMvLvwO/VdY9bq+eOPBxrRWsDpcL9FJ9+hklVvii pcLOIhiKLeHI/u9vM2nhd8+opIW92+j2pB185MRgSrINQcC+XpI/xiDG HwE78bQ+2Ykb/memG+ctkVyrFGHtaJLCUGWrUHy1jbtvYeaKeS92jR/2 4oryt3N851u5
diff --git a/lib/dns/tests/comparekeys/Kexample-private.+002+65316.private b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.private
new file mode 100644
index 0000000..1f00fa9
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-private.+002+65316.private
@@ -0,0 +1,9 @@
+Private-key-format: v1.3
+Algorithm: 2 (DH)
+Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5lOB//////////8=
+Generator(g): Ag==
+Private_value(x): dLr0sfk/P1V0DfQ7Ke3IIaSM8nHjtrBRlMcQXRMVrLhbbKeCodvpSRtI0Nwtt38Df8dbGGtP676my2Ht2UHyL7rO0+ASv98NCysL0Xp6q2a7fn67iGFUBTg3jzXC89FYv4sYNeVLDGrKC3EjtGkalzgDVuzEC8CqRkWKeys3ufc=
+Public_value(y): pVedQ4Uoy8u/A79V1j1ur5448HGtFawOlwv0Un36GSVW+KKlws4iGIot4cj+728zaeF3z6ikhb3b6PakHXzkxGBKsg1BwL5ekj/GIMYfATvxtD7ZiRv+Z6Yb5y2RXKsUYe1oksJQZatQfLWNu29h5op5L3aNH/biivK3c3znW7k=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample-q.+008+53461.key b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.key
new file mode 100644
index 0000000..5d4a0e7
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 53461, for example-q.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example-q. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE=
diff --git a/lib/dns/tests/comparekeys/Kexample-q.+008+53461.private b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.private
new file mode 100644
index 0000000..6b2e563
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample-q.+008+53461.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ==
+PublicExponent: AQAB
+PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ==
+Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE=
+Prime2: 0fs3ncL5/2qzq2dmPXLYcOfc1EGSuESO0VpREP8EpTkyPKeVw5LaF9TgZRqPWlRf2T0LPoZ766xLAn090u0pLQ5fWM96NMas7kS+rxtRssat6MiQo3YfoU3ysk3xuPzrMBHyn/N42CjSG+bJEToHR7V16KsCT6dBIPkI3tj/Yos=
+Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE=
+Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE=
+Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample.+002+65316.key b/lib/dns/tests/comparekeys/Kexample.+002+65316.key
new file mode 100644
index 0000000..c2f4703
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+002+65316.key
@@ -0,0 +1 @@
+example. IN KEY 512 3 2 AAECAAAAgKVXnUOFKMvLvwO/VdY9bq+eOPBxrRWsDpcL9FJ9+hklVvii pcLOIhiKLeHI/u9vM2nhd8+opIW92+j2pB185MRgSrINQcC+XpI/xiDG HwE78bQ+2Ykb/memG+ctkVyrFGHtaJLCUGWrUHy1jbtvYeaKeS92jR/2 4oryt3N851u5
diff --git a/lib/dns/tests/comparekeys/Kexample.+002+65316.private b/lib/dns/tests/comparekeys/Kexample.+002+65316.private
new file mode 100644
index 0000000..e872834
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+002+65316.private
@@ -0,0 +1,9 @@
+Private-key-format: v1.3
+Algorithm: 2 (DH)
+Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5lOB//////////8=
+Generator(g): Ag==
+Private_value(x): bUMVaaSCAPT0NK7AkIa0JA1SSw83x8WxS+iePECQwr4xDDMnevNHWK1nIofUM2qNbpDe2KvFIt9tu+1UgZgOTLoQFipePtHKOjoRX6XsGNzKmL8WZOlw/QJw0D5RIn7l7tvmBCeNHINl9IWVgMLTi+wgzrJxSeGe406q23Jn4Uc=
+Public_value(y): pVedQ4Uoy8u/A79V1j1ur5448HGtFawOlwv0Un36GSVW+KKlws4iGIot4cj+728zaeF3z6ikhb3b6PakHXzkxGBKsg1BwL5ekj/GIMYfATvxtD7ZiRv+Z6Yb5y2RXKsUYe1oksJQZatQfLWNu29h5op5L3aNH/biivK3c3znW7k=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample.+008+53461.key b/lib/dns/tests/comparekeys/Kexample.+008+53461.key
new file mode 100644
index 0000000..33c8188
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+008+53461.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 53461, for example.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example. IN DNSKEY 256 3 8 AwEAAaKYSOPDzZvfue5sU71xPCJKJpB5kZGl4vTp3OI8W+nN1YFtmVe2 2gM666AEutDAEB7cLkyoKCOH0+4Lh1ucPr6OmdWkHfk7uZv58eH0kOAV tNz2xhEF/YHSD7cnBEU9g0knGwpWuzSJKRhGhNoaVus9g1MaAn8efptz HIduIwgAeXV3BDCUpY6HbpwjDxOGCzCUYDRgcex37kYuCyW0PvlO5FQ0 DT0LpjcgBmIBpXol7sYpmKdOKJrm4x2lwGntr4K+bCdNYI2PRPJjPqAf jlvIvJylGUaqFJasw7PSMQIkgcQ4OQXVrhE8uGLdYvP1cusLuROIjdYp Pdqc5K9lCQE=
diff --git a/lib/dns/tests/comparekeys/Kexample.+008+53461.private b/lib/dns/tests/comparekeys/Kexample.+008+53461.private
new file mode 100644
index 0000000..dd4d9a4
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+008+53461.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: ophI48PNm9+57mxTvXE8IkomkHmRkaXi9Onc4jxb6c3VgW2ZV7baAzrroAS60MAQHtwuTKgoI4fT7guHW5w+vo6Z1aQd+Tu5m/nx4fSQ4BW03PbGEQX9gdIPtycERT2DSScbCla7NIkpGEaE2hpW6z2DUxoCfx5+m3Mch24jCAB5dXcEMJSljodunCMPE4YLMJRgNGBx7HfuRi4LJbQ++U7kVDQNPQumNyAGYgGleiXuximYp04omubjHaXAae2vgr5sJ01gjY9E8mM+oB+OW8i8nKUZRqoUlqzDs9IxAiSBxDg5BdWuETy4Yt1i8/Vy6wu5E4iN1ik92pzkr2UJAQ==
+PublicExponent: AQAB
+PrivateExponent: lFgeQHf3klxXlfkNmczDEYHXl37i2iCgZdUsqtho/3LFdfWZrxZr6ACM040dKLHiw1UdhODy5h/Zstif4Ww3LsKKBgpbMnZUTMOI9R+eQmRrhCI96XAur5AIuJCHa+jIbCiamh8xY6g0byp/sUHQxYV02I/lcTdQSeGHSOSqX3QjB835OVa18hyW6txAxM4DVGo/NvIJw2ItSl2qwHTMDHK45t4YbnKEd6suriUiveyax5dU1JtpviwHJiAFPy+L68jMo8cfr+JCLWW2OJYkrBXb8kwqaPsV0RCGZ59sePyRdSYRgNi1brBStesctVc5UfSxH6p2A6C28LdrubcXAQ==
+Prime1: z08i0sCcEpr4MZi4TReohPWp3F5vMQYVux8B3ltmJ3kKraXEmVEVmujhWa+ZDxhJmwKoba65vNEsUbSJN6WwJd7PVyskHb2GnWGK8NtlainFEuiS5CDxwULR4o2SI+Pij9thMQoA13ZTKc9s3E57VgcvJ7vaoD/1ZtpP7tdaerE=
+Prime2: yMid465M6bCXXUfWg7oq6A4MZUULbEPKvs+qGIersdiHfrFRGJ0Lviujs8KHaPS5rt4YmbpQU9tGbJBauY17T03qr/mQOBDx5gDkAJcJ0EUHudFslwqyn50THlJsKrFOxBYl7laY0v6CGCMyuZok8qyhiPHv5dhzSc9zwKaXZ1E=
+Exponent1: iresWJOzm6uAukczw7o59EYiFChIhOhKcDyOVoiYMX+ICqvqgqDEMTT1XbrnUzdwQT4lD8ej11msKzv/uXGwDZcq7GwcrZ3dTsAvZX2ZPdGXYlCnwejde/FHWi5bBJL/Tj2AqnzEFWjCuy5l7IDDfMwv3ImSADrr7ZfVdr85dvE=
+Exponent2: aULzs4ePfvw7foXI6mpRUDL9QKI/6NRpmDtam12VH7m63yqqr1K1808BlZ4oS1fxeMGq9/z7W9sbQpMzXQ/VU7Avl24os5v+lWxmHAES/gMSl9I5Mb5EAvXgLgdb+c3W02ohHKB9ojAXl/vr/e3X7Pmf/iGIeWFOn6WIs7kiquE=
+Coefficient: HS4bN41s6Ak9+6m3vhmLzgHtWMavnLpDkmd6wTBttbtKXHfjbvxMUt4RYeF8BXRtfIqIOZqJJngais1wQfOsgVhHrKVwX+MOThyOk4SD+pvnG6g1B+qUS1czPGP7Rf+7668wK8ZxV9w0+YDbTJgPgivD0lBnLXwT+KCLprMXTe4=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample.+013+19786.key b/lib/dns/tests/comparekeys/Kexample.+013+19786.key
new file mode 100644
index 0000000..ccfcc97
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+013+19786.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 19786, for example.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example. IN DNSKEY 256 3 13 S35Z1XtGlnnU7BBahMJwAZXXff+JupyIDssNfJyrugLKq5R10TJ5tU3W r3VuP6aJNs6+uL2cMPVTVT1vr1Aqwg==
diff --git a/lib/dns/tests/comparekeys/Kexample.+013+19786.private b/lib/dns/tests/comparekeys/Kexample.+013+19786.private
new file mode 100644
index 0000000..0d72cf1
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+013+19786.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: ZYcYhR5f98vI1+BFGKLIrarZrqxJM4mRy9tvwntdYoo=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample.+015+63663.key b/lib/dns/tests/comparekeys/Kexample.+015+63663.key
new file mode 100644
index 0000000..92db9fb
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+015+63663.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 63663, for example.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example. IN DNSKEY 256 3 15 ZLlkI5q8XDkP3D7Zxdbmuqh4yp90mbvdcNT0xSGLDtI=
diff --git a/lib/dns/tests/comparekeys/Kexample.+015+63663.private b/lib/dns/tests/comparekeys/Kexample.+015+63663.private
new file mode 100644
index 0000000..c2c48f3
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample.+015+63663.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 15 (ED25519)
+PrivateKey: rGYsnf8nPlg7kg7qRcIXYShPsTiMHTeWJInNrW9GwSQ=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample2.+002+19823.key b/lib/dns/tests/comparekeys/Kexample2.+002+19823.key
new file mode 100644
index 0000000..9d521f7
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+002+19823.key
@@ -0,0 +1 @@
+example2. IN KEY 512 3 2 AAECAAAAgCxVfxiyTe8C83ou8KXSu9WmzGwCYWB2NkdS87Kz0PgTuBay JkDDAEeR6CIYClA6PXBp2GXUPHoYWag9zVOVU85PYu0KRZF69EN0IVsA OCtgikOcr5yD4esSMwTTPk/OQ8qW/yGf1DvdpXuiu3P/wSpzVGL8tHFQ 2XURydYytol0
diff --git a/lib/dns/tests/comparekeys/Kexample2.+002+19823.private b/lib/dns/tests/comparekeys/Kexample2.+002+19823.private
new file mode 100644
index 0000000..f6722f6
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+002+19823.private
@@ -0,0 +1,9 @@
+Private-key-format: v1.3
+Algorithm: 2 (DH)
+Prime(p): ///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjftawv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5lOB//////////8=
+Generator(g): Ag==
+Private_value(x): W0EpuIMltmMuZAKcCmRe/Ix9WsHPU/GLfqbjHKCjgYdRFzwqHyVp6z+uf8EgmHBD1bbBjwfcnRse8xfqqmt/wZIRdDzjRq/oZdKtJHqFZSO+MQZ5DKrdojKU7UEl/j44heJzVO0qFkrPvWglRt+780LP0awkfetecXDxvJT+HIw=
+Public_value(y): LFV/GLJN7wLzei7wpdK71abMbAJhYHY2R1LzsrPQ+BO4FrImQMMAR5HoIhgKUDo9cGnYZdQ8ehhZqD3NU5VTzk9i7QpFkXr0Q3QhWwA4K2CKQ5yvnIPh6xIzBNM+T85Dypb/IZ/UO92le6K7c//BKnNUYvy0cVDZdRHJ1jK2iXQ=
+Created: 20211027221355
+Publish: 20211027221355
+Activate: 20211027221355
diff --git a/lib/dns/tests/comparekeys/Kexample2.+008+37993.key b/lib/dns/tests/comparekeys/Kexample2.+008+37993.key
new file mode 100644
index 0000000..c0e09a1
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+008+37993.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 37993, for example2.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example2. IN DNSKEY 256 3 8 AwEAAaSRhPf0XhYR52Kpi0RZJgEnpidvuz2Ywdyh8k5CKwal9nM15PNc 4ZoPEVGO+ize53hq0iUkVlBhAfhQE31Fhf4zU544fezBEaz33hiajEzL ZITux9N83WfoYSNnyufvSGzNcpNM6LHKdDwMr1kr9tTgNeuiTAlPv5z9 BNtfv2B25moVm1DoxMCd8WH0jYC452a2lGM+Fbd45o02OO7V8balPwJh MM2bbeWg5G+tbvCAot93KxtavyOMKV4siv3ZH639J0dIb10L8nNrN0Ge UjkX8yU3fgeWB4Oldtzx0SHxG75NWjRLnpVzBq5GeacLc4RsN+S+nhYW 4Wv2A066w70=
diff --git a/lib/dns/tests/comparekeys/Kexample2.+008+37993.private b/lib/dns/tests/comparekeys/Kexample2.+008+37993.private
new file mode 100644
index 0000000..887ad2b
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+008+37993.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: pJGE9/ReFhHnYqmLRFkmASemJ2+7PZjB3KHyTkIrBqX2czXk81zhmg8RUY76LN7neGrSJSRWUGEB+FATfUWF/jNTnjh97MERrPfeGJqMTMtkhO7H03zdZ+hhI2fK5+9IbM1yk0zoscp0PAyvWSv21OA166JMCU+/nP0E21+/YHbmahWbUOjEwJ3xYfSNgLjnZraUYz4Vt3jmjTY47tXxtqU/AmEwzZtt5aDkb61u8ICi33crG1q/I4wpXiyK/dkfrf0nR0hvXQvyc2s3QZ5SORfzJTd+B5YHg6V23PHRIfEbvk1aNEuelXMGrkZ5pwtzhGw35L6eFhbha/YDTrrDvQ==
+PublicExponent: AQAB
+PrivateExponent: O/HFvYwFuYRMBGQ9lmfisAkBPNw2F/nMo9FZsafohENvwgefngX3J2bVqB+sgSuwpOxEH8NcrWqojQqeDsOES1Pm4XsyY0rwZVDkVZH2CQMNWl6f6ylQfMjomTz1bAZ9GyS612zsVdapADaeqJybDG+fNHWpvLqP0V9YpY/65efTvrA3Qu+XpDvLaJ34yjkeEGUgysNP3KkDTeJTY/ksKi6ODtdzbKpufjZS8b6BL97XcFcNGiwu/gNPCvtmm/H+tXaNYyijG7bNGPOpHFhlMCT13o8XLrR/OGty6VY6PpjaEnvlZUZnWHUwn/JmNoZRJoXAAEerk3nS+tOhRmcrAQ==
+Prime1: 2W8JHYaTn7XefxxwaDZWFrVtHnnd0vUZvBBNA1PJeRfDr+yPxyWcgYx1OBxKkJsYGiob0i992W2HXuz2KS81yBCtH/uLK1Y+mkjgme4MWZupZ0RsKA1TkgIrJs174Dv3P/yqc+/R4eiwUGt10493MS1PJFF0CmisDzgjai/JLIM=
+Prime2: wcIKikgzOsq2A2Hl7qPCeA3oKTc66eFVNvB/KH91/hNFKNm0kAvhHrNe9rSoU+JywCNbX/Fs7X6SuHHJaRs+KpSBadnqfwEIngCq2Y00nT3sbETx4VNbXFD6MPPo3MWDi61/TCyrtBujutavo5ghj2oVzNGqMT3UyhaVNrJp2r8=
+Exponent1: GsEO3hMxFvXJ6toU+r202hZ41scoBE0kXX+j+kTVBZFnAr6Y8mguWcJuqfjRM/nhfVaxFavCUH6pqYR+xZKJi5SBuO26shpqmZFeEZK48k21Cn/gzwzUu6KIrL2cAHtgcP8l+h4INUPsbfjLBr0gbWyl0FI1dRJsGXNO6EH4/wE=
+Exponent2: WrgcsUQ+4E8bS5ghzUtVeVqhkfKvHeSIPpH6J58OQukI36iXNz6op/Q6CW7qxWPocHfdh52Fb+lsjvmP4SuFPvCLa2FBvzdfroMHe5b2xIzCzqq1Sdf6lc3AZv080WmVPuf8C1F7D3hFf+yXDhTj2b9E98JPWoDlyb0rHhIJKAc=
+Coefficient: aVDpGheH0UJ8aWPRIRHyjMTCIPB8zmhfwugpV11Z/OXNb2uaNRcnVKujs1mlSydoIfFQSuFf3iPs7ytaJUfcQJ+k1QAtssJC1HXF14t0p5o99QxuQLgmNtPHD7m2aeAyFJoycF24UmDnFmOPSNm1fnJs9LrBPFZFdTBGhl8plEo=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample2.+013+16384.key b/lib/dns/tests/comparekeys/Kexample2.+013+16384.key
new file mode 100644
index 0000000..b6351ad
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+013+16384.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 16384, for example2.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example2. IN DNSKEY 256 3 13 p+ohRFVh6wmdAhbU/cF2FYoE/i49FxnvKwif0Co0D7RhBui4AMFOsFYu 9AIqEBaCGurjGYl7WDYRrjRMRjWW1g==
diff --git a/lib/dns/tests/comparekeys/Kexample2.+013+16384.private b/lib/dns/tests/comparekeys/Kexample2.+013+16384.private
new file mode 100644
index 0000000..74a371c
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+013+16384.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: ZNsU73iCEeC837TA59nT/QDtd3oYsrYDWy8jfazZQkA=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample2.+015+37529.key b/lib/dns/tests/comparekeys/Kexample2.+015+37529.key
new file mode 100644
index 0000000..9a8cf77
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+015+37529.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 37529, for example2.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example2. IN DNSKEY 256 3 15 zyiLjDymEPN90rwi/y0mWXLnUm0Nq7T9Kc8VoubF2Io=
diff --git a/lib/dns/tests/comparekeys/Kexample2.+015+37529.private b/lib/dns/tests/comparekeys/Kexample2.+015+37529.private
new file mode 100644
index 0000000..aa70804
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample2.+015+37529.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 15 (ED25519)
+PrivateKey: pUR2VLqbi4XtBNImbVDRHrjugMMmaXmy6noV0/jy/rA=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/comparekeys/Kexample3.+002+17187.key b/lib/dns/tests/comparekeys/Kexample3.+002+17187.key
new file mode 100644
index 0000000..0260293
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample3.+002+17187.key
@@ -0,0 +1 @@
+example3. IN KEY 512 3 2 AIDzVP5SeKpxZmlbok6AbdFT5aCVAg3AnQln24CKoc0IXRyTdnhmIEWw VatzRrUY0V6SSwwe3740yk46/TdSvVmZkakw52yn3M661ra5L8kouAK4 rpyM6uulsS0dyjyRzomHJg2zwOukzHBVINFheKsJ25MvdPpp9E64IVji jp/x3wABBQCAFb1Je3cKpt/4gS+KRx9hxFOF5c64ytC9tf0hp2hP4OiP YCu8o5C3qh+PexZAx58m6cSaFlzf3DZ3GGsvamDj5H8YpvP4FeRVva9V jH4VeU4/VtbdNweDUHwAguGJ77MXw+bruHhpbsFVSxHrnNg99WHghaRy YzfFzphJHKBxACo=
diff --git a/lib/dns/tests/comparekeys/Kexample3.+002+17187.private b/lib/dns/tests/comparekeys/Kexample3.+002+17187.private
new file mode 100644
index 0000000..47ef4bc
--- /dev/null
+++ b/lib/dns/tests/comparekeys/Kexample3.+002+17187.private
@@ -0,0 +1,9 @@
+Private-key-format: v1.3
+Algorithm: 2 (DH)
+Prime(p): 81T+UniqcWZpW6JOgG3RU+WglQINwJ0JZ9uAiqHNCF0ck3Z4ZiBFsFWrc0a1GNFekksMHt++NMpOOv03Ur1ZmZGpMOdsp9zOuta2uS/JKLgCuK6cjOrrpbEtHco8kc6JhyYNs8DrpMxwVSDRYXirCduTL3T6afROuCFY4o6f8d8=
+Generator(g): BQ==
+Private_value(x): ccA7JRCvjAE1ASWTtObkvO5k58oKdJ+bzcd/H3cOQsPAhItUc8Pfca2ILWYzDfs+nl+WKLfODQ9cRUabp4SUh0GKPnqJVM1UgDXwme/98NEtVFhs2VawT40wHLkcdPN9jACH11l28u1qsDVb7MRj2UXGC/oszRwQ7s3rN1UlHO8=
+Public_value(y): Fb1Je3cKpt/4gS+KRx9hxFOF5c64ytC9tf0hp2hP4OiPYCu8o5C3qh+PexZAx58m6cSaFlzf3DZ3GGsvamDj5H8YpvP4FeRVva9VjH4VeU4/VtbdNweDUHwAguGJ77MXw+bruHhpbsFVSxHrnNg99WHghaRyYzfFzphJHKBxACo=
+Created: 20211027221447
+Publish: 20211027221447
+Activate: 20211027221447
diff --git a/lib/dns/tests/db_test.c b/lib/dns/tests/db_test.c
new file mode 100644
index 0000000..5b7ba64
--- /dev/null
+++ b/lib/dns/tests/db_test.c
@@ -0,0 +1,428 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/journal.h>
+#include <dns/name.h>
+#include <dns/rdatalist.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+#define BUFLEN 255
+#define BIGBUFLEN (64 * 1024)
+#define TEST_ORIGIN "test"
+
+/*
+ * Individual unit tests
+ */
+
+/* test multiple calls to dns_db_getoriginnode */
+static void
+getoriginnode_test(void **state) {
+ dns_db_t *db = NULL;
+ dns_dbnode_t *node = NULL;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+
+ UNUSED(state);
+
+ isc_mem_create(&mctx);
+
+ result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_getoriginnode(db, &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+
+ result = dns_db_getoriginnode(db, &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+
+ dns_db_detach(&db);
+ isc_mem_detach(&mctx);
+}
+
+/* test getservestalettl and setservestalettl */
+static void
+getsetservestalettl_test(void **state) {
+ dns_db_t *db = NULL;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+ dns_ttl_t ttl;
+
+ UNUSED(state);
+
+ isc_mem_create(&mctx);
+
+ result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_cache,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ ttl = 5000;
+ result = dns_db_getservestalettl(db, &ttl);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(ttl, 0);
+
+ ttl = 6 * 3600;
+ result = dns_db_setservestalettl(db, ttl);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ ttl = 5000;
+ result = dns_db_getservestalettl(db, &ttl);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(ttl, 6 * 3600);
+
+ dns_db_detach(&db);
+ isc_mem_detach(&mctx);
+}
+
+/* check DNS_DBFIND_STALEOK works */
+static void
+dns_dbfind_staleok_test(void **state) {
+ dns_db_t *db = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_fixedname_t example_fixed;
+ dns_fixedname_t found_fixed;
+ dns_name_t *example;
+ dns_name_t *found;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ int count;
+ int pass;
+ isc_mem_t *mctx = NULL;
+ isc_result_t result;
+ unsigned char data[] = { 0x0a, 0x00, 0x00, 0x01 };
+
+ UNUSED(state);
+
+ isc_mem_create(&mctx);
+
+ result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_cache,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ example = dns_fixedname_initname(&example_fixed);
+ found = dns_fixedname_initname(&found_fixed);
+
+ result = dns_name_fromstring(example, "example", 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Pass 0: default; no stale processing permitted.
+ * Pass 1: stale processing for 1 second.
+ * Pass 2: stale turned off after being on.
+ */
+ for (pass = 0; pass < 3; pass++) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+
+ /* 10.0.0.1 */
+ rdata.data = data;
+ rdata.length = 4;
+ rdata.rdclass = dns_rdataclass_in;
+ rdata.type = dns_rdatatype_a;
+
+ dns_rdatalist_init(&rdatalist);
+ rdatalist.ttl = 2;
+ rdatalist.type = dns_rdatatype_a;
+ rdatalist.rdclass = dns_rdataclass_in;
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+
+ switch (pass) {
+ case 0:
+ /* default: stale processing off */
+ break;
+ case 1:
+ /* turn on stale processing */
+ result = dns_db_setservestalettl(db, 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ break;
+ case 2:
+ /* turn off stale processing */
+ result = dns_db_setservestalettl(db, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ break;
+ }
+
+ dns_rdataset_init(&rdataset);
+ result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_findnode(db, example, true, &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_addrdataset(db, node, NULL, 0, &rdataset, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_db_detachnode(db, &node);
+ dns_rdataset_disassociate(&rdataset);
+
+ result = dns_db_find(db, example, NULL, dns_rdatatype_a, 0, 0,
+ &node, found, &rdataset, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * May loop for up to 2 seconds performing non stale lookups.
+ */
+ count = 0;
+ do {
+ count++;
+ assert_in_range(count, 1, 21); /* loop sanity */
+ assert_int_equal(rdataset.attributes &
+ DNS_RDATASETATTR_STALE,
+ 0);
+ assert_true(rdataset.ttl > 0);
+ dns_db_detachnode(db, &node);
+ dns_rdataset_disassociate(&rdataset);
+
+ usleep(100000); /* 100 ms */
+
+ result = dns_db_find(db, example, NULL, dns_rdatatype_a,
+ 0, 0, &node, found, &rdataset,
+ NULL);
+ } while (result == ISC_R_SUCCESS);
+
+ assert_int_equal(result, ISC_R_NOTFOUND);
+
+ /*
+ * Check whether we can get stale data.
+ */
+ result = dns_db_find(db, example, NULL, dns_rdatatype_a,
+ DNS_DBFIND_STALEOK, 0, &node, found,
+ &rdataset, NULL);
+ switch (pass) {
+ case 0:
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ break;
+ case 1:
+ /*
+ * Should loop for 1 second with stale lookups then
+ * stop.
+ */
+ count = 0;
+ do {
+ count++;
+ assert_in_range(count, 0, 49); /* loop sanity */
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(rdataset.attributes &
+ DNS_RDATASETATTR_STALE,
+ DNS_RDATASETATTR_STALE);
+ dns_db_detachnode(db, &node);
+ dns_rdataset_disassociate(&rdataset);
+
+ usleep(100000); /* 100 ms */
+
+ result = dns_db_find(
+ db, example, NULL, dns_rdatatype_a,
+ DNS_DBFIND_STALEOK, 0, &node, found,
+ &rdataset, NULL);
+ } while (result == ISC_R_SUCCESS);
+ /*
+ * usleep(100000) can be slightly less than 10ms so
+ * allow the count to reach 11.
+ */
+ assert_in_range(count, 1, 11);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ break;
+ case 2:
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ break;
+ }
+ }
+
+ dns_db_detach(&db);
+ isc_mem_detach(&mctx);
+}
+
+/* database class */
+static void
+class_test(void **state) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+
+ UNUSED(state);
+
+ result = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_load(db, "testdata/db/data.db", dns_masterformat_text,
+ 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_int_equal(dns_db_class(db), dns_rdataclass_in);
+
+ dns_db_detach(&db);
+}
+
+/* database type */
+static void
+dbtype_test(void **state) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+
+ UNUSED(state);
+
+ /* DB has zone semantics */
+ result = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_db_load(db, "testdata/db/data.db", dns_masterformat_text,
+ 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(dns_db_iszone(db));
+ assert_false(dns_db_iscache(db));
+ dns_db_detach(&db);
+
+ /* DB has cache semantics */
+ result = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_cache,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_db_load(db, "testdata/db/data.db", dns_masterformat_text,
+ 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(dns_db_iscache(db));
+ assert_false(dns_db_iszone(db));
+ dns_db_detach(&db);
+}
+
+/* database versions */
+static void
+version_test(void **state) {
+ isc_result_t result;
+ dns_fixedname_t fname, ffound;
+ dns_name_t *name, *foundname;
+ dns_db_t *db = NULL;
+ dns_dbversion_t *ver = NULL, *new = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_rdataset_t rdataset;
+
+ UNUSED(state);
+
+ result = dns_test_loaddb(&db, dns_dbtype_zone, "test.test",
+ "testdata/db/data.db");
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Open current version for reading */
+ dns_db_currentversion(db, &ver);
+ dns_test_namefromstring("b.test.test", &fname);
+ name = dns_fixedname_name(&fname);
+ foundname = dns_fixedname_initname(&ffound);
+ dns_rdataset_init(&rdataset);
+ result = dns_db_find(db, name, ver, dns_rdatatype_a, 0, 0, &node,
+ foundname, &rdataset, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+ dns_db_closeversion(db, &ver, false);
+
+ /* Open new version for writing */
+ dns_db_currentversion(db, &ver);
+ dns_test_namefromstring("b.test.test", &fname);
+ name = dns_fixedname_name(&fname);
+ foundname = dns_fixedname_initname(&ffound);
+ dns_rdataset_init(&rdataset);
+ result = dns_db_find(db, name, ver, dns_rdatatype_a, 0, 0, &node,
+ foundname, &rdataset, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_newversion(db, &new);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Delete the rdataset from the new version */
+ result = dns_db_deleterdataset(db, node, new, dns_rdatatype_a, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+
+ /* This should fail now */
+ result = dns_db_find(db, name, new, dns_rdatatype_a, 0, 0, &node,
+ foundname, &rdataset, NULL);
+ assert_int_equal(result, DNS_R_NXDOMAIN);
+
+ dns_db_closeversion(db, &new, true);
+
+ /* But this should still succeed */
+ result = dns_db_find(db, name, ver, dns_rdatatype_a, 0, 0, &node,
+ foundname, &rdataset, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_rdataset_disassociate(&rdataset);
+ dns_db_detachnode(db, &node);
+ dns_db_closeversion(db, &ver, false);
+
+ dns_db_detach(&db);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(getoriginnode_test),
+ cmocka_unit_test(getsetservestalettl_test),
+ cmocka_unit_test(dns_dbfind_staleok_test),
+ cmocka_unit_test_setup_teardown(class_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(dbtype_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(version_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/dbdiff_test.c b/lib/dns/tests/dbdiff_test.c
new file mode 100644
index 0000000..05bb761
--- /dev/null
+++ b/lib/dns/tests/dbdiff_test.c
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/journal.h>
+#include <dns/name.h>
+
+#include "dnstest.h"
+
+#define BUFLEN 255
+#define BIGBUFLEN (64 * 1024)
+#define TEST_ORIGIN "test"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static void
+test_create(const char *oldfile, dns_db_t **old, const char *newfile,
+ dns_db_t **newdb) {
+ isc_result_t result;
+
+ result = dns_test_loaddb(old, dns_dbtype_zone, TEST_ORIGIN, oldfile);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_test_loaddb(newdb, dns_dbtype_zone, TEST_ORIGIN, newfile);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/* dns_db_diffx of identical content */
+static void
+diffx_same(void **state) {
+ dns_db_t *newdb = NULL, *olddb = NULL;
+ isc_result_t result;
+ dns_diff_t diff;
+
+ UNUSED(state);
+
+ test_create("testdata/diff/zone1.data", &olddb,
+ "testdata/diff/zone1.data", &newdb);
+
+ dns_diff_init(dt_mctx, &diff);
+
+ result = dns_db_diffx(&diff, newdb, NULL, olddb, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_true(ISC_LIST_EMPTY(diff.tuples));
+
+ dns_diff_clear(&diff);
+ dns_db_detach(&newdb);
+ dns_db_detach(&olddb);
+}
+
+/* dns_db_diffx of zone with record added */
+static void
+diffx_add(void **state) {
+ dns_db_t *newdb = NULL, *olddb = NULL;
+ dns_difftuple_t *tuple;
+ isc_result_t result;
+ dns_diff_t diff;
+ int count = 0;
+
+ UNUSED(state);
+
+ test_create("testdata/diff/zone1.data", &olddb,
+ "testdata/diff/zone2.data", &newdb);
+
+ dns_diff_init(dt_mctx, &diff);
+
+ result = dns_db_diffx(&diff, newdb, NULL, olddb, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_false(ISC_LIST_EMPTY(diff.tuples));
+ for (tuple = ISC_LIST_HEAD(diff.tuples); tuple != NULL;
+ tuple = ISC_LIST_NEXT(tuple, link))
+ {
+ assert_int_equal(tuple->op, DNS_DIFFOP_ADD);
+ count++;
+ }
+ assert_int_equal(count, 1);
+
+ dns_diff_clear(&diff);
+ dns_db_detach(&newdb);
+ dns_db_detach(&olddb);
+}
+
+/* dns_db_diffx of zone with record removed */
+static void
+diffx_remove(void **state) {
+ dns_db_t *newdb = NULL, *olddb = NULL;
+ dns_difftuple_t *tuple;
+ isc_result_t result;
+ dns_diff_t diff;
+ int count = 0;
+
+ UNUSED(state);
+
+ test_create("testdata/diff/zone1.data", &olddb,
+ "testdata/diff/zone3.data", &newdb);
+
+ dns_diff_init(dt_mctx, &diff);
+
+ result = dns_db_diffx(&diff, newdb, NULL, olddb, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_false(ISC_LIST_EMPTY(diff.tuples));
+ for (tuple = ISC_LIST_HEAD(diff.tuples); tuple != NULL;
+ tuple = ISC_LIST_NEXT(tuple, link))
+ {
+ assert_int_equal(tuple->op, DNS_DIFFOP_DEL);
+ count++;
+ }
+ assert_int_equal(count, 1);
+
+ dns_diff_clear(&diff);
+ dns_db_detach(&newdb);
+ dns_db_detach(&olddb);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(diffx_same, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(diffx_add, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(diffx_remove, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/dbiterator_test.c b/lib/dns/tests/dbiterator_test.c
new file mode 100644
index 0000000..2182672
--- /dev/null
+++ b/lib/dns/tests/dbiterator_test.c
@@ -0,0 +1,394 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dbiterator.h>
+#include <dns/name.h>
+
+#include "dnstest.h"
+
+#define BUFLEN 255
+#define BIGBUFLEN (64 * 1024)
+#define TEST_ORIGIN "test"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static isc_result_t
+make_name(const char *src, dns_name_t *name) {
+ isc_buffer_t b;
+ isc_buffer_constinit(&b, src, strlen(src));
+ isc_buffer_add(&b, strlen(src));
+ return (dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
+}
+
+/* create: make sure we can create a dbiterator */
+static void
+test_create(const char *filename) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *iter = NULL;
+
+ result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_createiterator(db, 0, &iter);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_dbiterator_destroy(&iter);
+ dns_db_detach(&db);
+}
+
+static void
+create(void **state) {
+ UNUSED(state);
+
+ test_create("testdata/dbiterator/zone1.data");
+}
+
+static void
+create_nsec3(void **state) {
+ UNUSED(state);
+
+ test_create("testdata/dbiterator/zone2.data");
+}
+
+/* walk: walk a database */
+static void
+test_walk(const char *filename, int nodes) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *iter = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_name_t *name;
+ dns_fixedname_t f;
+ int i = 0;
+
+ name = dns_fixedname_initname(&f);
+
+ result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_createiterator(db, 0, &iter);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ for (result = dns_dbiterator_first(iter); result == ISC_R_SUCCESS;
+ result = dns_dbiterator_next(iter))
+ {
+ result = dns_dbiterator_current(iter, &node, name);
+ if (result == DNS_R_NEWORIGIN) {
+ result = ISC_R_SUCCESS;
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+ i++;
+ }
+
+ assert_int_equal(i, nodes);
+
+ dns_dbiterator_destroy(&iter);
+ dns_db_detach(&db);
+}
+
+static void
+walk(void **state) {
+ UNUSED(state);
+
+ test_walk("testdata/dbiterator/zone1.data", 12);
+}
+
+static void
+walk_nsec3(void **state) {
+ UNUSED(state);
+
+ test_walk("testdata/dbiterator/zone2.data", 33);
+}
+
+/* reverse: walk database backwards */
+static void
+test_reverse(const char *filename) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *iter = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_name_t *name;
+ dns_fixedname_t f;
+ int i = 0;
+
+ name = dns_fixedname_initname(&f);
+
+ result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_createiterator(db, 0, &iter);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ for (result = dns_dbiterator_last(iter); result == ISC_R_SUCCESS;
+ result = dns_dbiterator_prev(iter))
+ {
+ result = dns_dbiterator_current(iter, &node, name);
+ if (result == DNS_R_NEWORIGIN) {
+ result = ISC_R_SUCCESS;
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+ i++;
+ }
+
+ assert_int_equal(i, 12);
+
+ dns_dbiterator_destroy(&iter);
+ dns_db_detach(&db);
+}
+
+static void
+reverse(void **state) {
+ UNUSED(state);
+
+ test_reverse("testdata/dbiterator/zone1.data");
+}
+
+static void
+reverse_nsec3(void **state) {
+ UNUSED(state);
+
+ test_reverse("testdata/dbiterator/zone2.data");
+}
+
+/* seek: walk database starting at a particular node */
+static void
+test_seek_node(const char *filename, int nodes) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *iter = NULL;
+ dns_dbnode_t *node = NULL;
+ dns_name_t *name, *seekname;
+ dns_fixedname_t f1, f2;
+ int i = 0;
+
+ name = dns_fixedname_initname(&f1);
+ seekname = dns_fixedname_initname(&f2);
+
+ result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_createiterator(db, 0, &iter);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = make_name("c." TEST_ORIGIN, seekname);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dbiterator_seek(iter, seekname);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ while (result == ISC_R_SUCCESS) {
+ result = dns_dbiterator_current(iter, &node, name);
+ if (result == DNS_R_NEWORIGIN) {
+ result = ISC_R_SUCCESS;
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detachnode(db, &node);
+ result = dns_dbiterator_next(iter);
+ i++;
+ }
+
+ assert_int_equal(i, nodes);
+
+ dns_dbiterator_destroy(&iter);
+ dns_db_detach(&db);
+}
+
+static void
+seek_node(void **state) {
+ UNUSED(state);
+
+ test_seek_node("testdata/dbiterator/zone1.data", 9);
+}
+
+static void
+seek_node_nsec3(void **state) {
+ UNUSED(state);
+
+ test_seek_node("testdata/dbiterator/zone2.data", 30);
+}
+
+/*
+ * seek_emty: walk database starting at an empty nonterminal node
+ * (should fail)
+ */
+static void
+test_seek_empty(const char *filename) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *iter = NULL;
+ dns_name_t *seekname;
+ dns_fixedname_t f1;
+
+ seekname = dns_fixedname_initname(&f1);
+
+ result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_createiterator(db, 0, &iter);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = make_name("d." TEST_ORIGIN, seekname);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dbiterator_seek(iter, seekname);
+ assert_int_equal(result, DNS_R_PARTIALMATCH);
+
+ dns_dbiterator_destroy(&iter);
+ dns_db_detach(&db);
+}
+
+static void
+seek_empty(void **state) {
+ UNUSED(state);
+
+ test_seek_empty("testdata/dbiterator/zone1.data");
+}
+
+static void
+seek_empty_nsec3(void **state) {
+ UNUSED(state);
+
+ test_seek_empty("testdata/dbiterator/zone2.data");
+}
+
+/*
+ * seek_nx: walk database starting at a nonexistent node
+ */
+static void
+test_seek_nx(const char *filename) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbiterator_t *iter = NULL;
+ dns_name_t *seekname;
+ dns_fixedname_t f1;
+
+ seekname = dns_fixedname_initname(&f1);
+
+ result = dns_test_loaddb(&db, dns_dbtype_cache, TEST_ORIGIN, filename);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_createiterator(db, 0, &iter);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = make_name("nonexistent." TEST_ORIGIN, seekname);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dbiterator_seek(iter, seekname);
+ assert_int_equal(result, DNS_R_PARTIALMATCH);
+
+ result = make_name("nonexistent.", seekname);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dbiterator_seek(iter, seekname);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+
+ dns_dbiterator_destroy(&iter);
+ dns_db_detach(&db);
+}
+
+static void
+seek_nx(void **state) {
+ UNUSED(state);
+
+ test_seek_nx("testdata/dbiterator/zone1.data");
+}
+
+static void
+seek_nx_nsec3(void **state) {
+ UNUSED(state);
+
+ test_seek_nx("testdata/dbiterator/zone2.data");
+}
+
+/*
+ * XXX:
+ * dns_dbiterator API calls that are not yet part of this unit test:
+ *
+ * dns_dbiterator_pause
+ * dns_dbiterator_origin
+ * dns_dbiterator_setcleanmode
+ */
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(create, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(create_nsec3, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(walk, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(walk_nsec3, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(reverse, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(reverse_nsec3, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(seek_node, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(seek_node_nsec3, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(seek_empty, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(seek_empty_nsec3, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(seek_nx, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(seek_nx_nsec3, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/dbversion_test.c b/lib/dns/tests/dbversion_test.c
new file mode 100644
index 0000000..70a5124
--- /dev/null
+++ b/lib/dns/tests/dbversion_test.c
@@ -0,0 +1,499 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/file.h>
+#include <isc/result.h>
+#include <isc/serial.h>
+#include <isc/stdtime.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/nsec3.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatasetiter.h>
+
+#include "dnstest.h"
+
+static char tempname[11] = "dtXXXXXXXX";
+static dns_db_t *db1 = NULL, *db2 = NULL;
+static dns_dbversion_t *v1 = NULL, *v2 = NULL;
+
+/*
+ * The code below enables us to trap assertion failures for testing
+ * purposes. local_callback() is set as the callback function for
+ * isc_assertion_failed(). It calls mock_assert() so that CMOCKA
+ * will be able to see it, then returns to the calling function via
+ * longjmp() so that the abort() call in isc_assertion_failed() will
+ * never be reached. Use check_assertion() to check for assertions
+ * instead of expect_assert_failure().
+ */
+jmp_buf assertion;
+
+#define check_assertion(function_call) \
+ do { \
+ const int r = setjmp(assertion); \
+ if (r == 0) { \
+ expect_assert_failure(function_call); \
+ } \
+ } while (false);
+
+static void
+local_callback(const char *file, int line, isc_assertiontype_t type,
+ const char *cond) {
+ UNUSED(type);
+
+ mock_assert(1, cond, file, line);
+ longjmp(assertion, 1);
+}
+
+static int
+_setup(void **state) {
+ isc_result_t res;
+
+ UNUSED(state);
+
+ isc_assertion_setcallback(local_callback);
+
+ res = dns_test_begin(NULL, false);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db1);
+ assert_int_equal(res, ISC_R_SUCCESS);
+ dns_db_newversion(db1, &v1);
+ assert_non_null(v1);
+
+ res = dns_db_create(dt_mctx, "rbt", dns_rootname, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db2);
+ assert_int_equal(res, ISC_R_SUCCESS);
+ dns_db_newversion(db2, &v2);
+ assert_non_null(v1);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ if (strcmp(tempname, "dtXXXXXXXX") != 0) {
+ unlink(tempname);
+ }
+
+ if (v1 != NULL) {
+ dns_db_closeversion(db1, &v1, false);
+ assert_null(v1);
+ }
+ if (db1 != NULL) {
+ dns_db_detach(&db1);
+ assert_null(db1);
+ }
+
+ if (v2 != NULL) {
+ dns_db_closeversion(db2, &v2, false);
+ assert_null(v2);
+ }
+ if (db2 != NULL) {
+ dns_db_detach(&db2);
+ assert_null(db2);
+ }
+
+ dns_test_end();
+
+ return (0);
+}
+
+/*
+ * Check dns_db_attachversion() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+attachversion(void **state) {
+ dns_dbversion_t *v = NULL;
+
+ UNUSED(state);
+
+ dns_db_attachversion(db1, v1, &v);
+ assert_ptr_equal(v, v1);
+ dns_db_closeversion(db1, &v, false);
+ assert_null(v);
+
+ check_assertion(dns_db_attachversion(db1, v2, &v));
+}
+
+/*
+ * Check dns_db_closeversion() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+closeversion(void **state) {
+ UNUSED(state);
+
+ assert_non_null(v1);
+ dns_db_closeversion(db1, &v1, false);
+ assert_null(v1);
+
+ check_assertion(dns_db_closeversion(db1, &v2, false));
+}
+
+/*
+ * Check dns_db_find() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+find(void **state) {
+ isc_result_t res;
+ dns_rdataset_t rdataset;
+ dns_fixedname_t fixed;
+ dns_name_t *name = NULL;
+
+ UNUSED(state);
+
+ name = dns_fixedname_initname(&fixed);
+
+ dns_rdataset_init(&rdataset);
+ res = dns_db_find(db1, dns_rootname, v1, dns_rdatatype_soa, 0, 0, NULL,
+ name, &rdataset, NULL);
+ assert_int_equal(res, DNS_R_NXDOMAIN);
+
+ if (dns_rdataset_isassociated(&rdataset)) {
+ dns_rdataset_disassociate(&rdataset);
+ }
+
+ dns_rdataset_init(&rdataset);
+ check_assertion((void)dns_db_find(db1, dns_rootname, v2,
+ dns_rdatatype_soa, 0, 0, NULL, name,
+ &rdataset, NULL));
+}
+
+/*
+ * Check dns_db_allrdatasets() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+allrdatasets(void **state) {
+ isc_result_t res;
+ dns_dbnode_t *node = NULL;
+ dns_rdatasetiter_t *iterator = NULL;
+
+ UNUSED(state);
+
+ res = dns_db_findnode(db1, dns_rootname, false, &node);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_allrdatasets(db1, node, v1, 0, 0, &iterator);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ check_assertion(dns_db_allrdatasets(db1, node, v2, 0, 0, &iterator));
+
+ dns_rdatasetiter_destroy(&iterator);
+ assert_null(iterator);
+
+ dns_db_detachnode(db1, &node);
+ assert_null(node);
+}
+
+/*
+ * Check dns_db_findrdataset() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+findrdataset(void **state) {
+ isc_result_t res;
+ dns_rdataset_t rdataset;
+ dns_dbnode_t *node = NULL;
+
+ UNUSED(state);
+
+ res = dns_db_findnode(db1, dns_rootname, false, &node);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ dns_rdataset_init(&rdataset);
+ res = dns_db_findrdataset(db1, node, v1, dns_rdatatype_soa, 0, 0,
+ &rdataset, NULL);
+ assert_int_equal(res, ISC_R_NOTFOUND);
+
+ if (dns_rdataset_isassociated(&rdataset)) {
+ dns_rdataset_disassociate(&rdataset);
+ }
+
+ dns_rdataset_init(&rdataset);
+ check_assertion(dns_db_findrdataset(db1, node, v2, dns_rdatatype_soa, 0,
+ 0, &rdataset, NULL));
+
+ dns_db_detachnode(db1, &node);
+ assert_null(node);
+}
+
+/*
+ * Check dns_db_deleterdataset() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+deleterdataset(void **state) {
+ isc_result_t res;
+ dns_dbnode_t *node = NULL;
+
+ UNUSED(state);
+
+ res = dns_db_findnode(db1, dns_rootname, false, &node);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_deleterdataset(db1, node, v1, dns_rdatatype_soa, 0);
+ assert_int_equal(res, DNS_R_UNCHANGED);
+
+ check_assertion(
+ dns_db_deleterdataset(db1, node, v2, dns_rdatatype_soa, 0));
+ dns_db_detachnode(db1, &node);
+ assert_null(node);
+}
+
+/*
+ * Check dns_db_subtractrdataset() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+subtract(void **state) {
+ isc_result_t res;
+ dns_rdataset_t rdataset;
+ dns_rdatalist_t rdatalist;
+ dns_dbnode_t *node = NULL;
+
+ UNUSED(state);
+
+ dns_rdataset_init(&rdataset);
+ dns_rdatalist_init(&rdatalist);
+
+ rdatalist.rdclass = dns_rdataclass_in;
+
+ res = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_findnode(db1, dns_rootname, false, &node);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_subtractrdataset(db1, node, v1, &rdataset, 0, NULL);
+ assert_int_equal(res, DNS_R_UNCHANGED);
+
+ if (dns_rdataset_isassociated(&rdataset)) {
+ dns_rdataset_disassociate(&rdataset);
+ }
+
+ dns_rdataset_init(&rdataset);
+ res = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ check_assertion(
+ dns_db_subtractrdataset(db1, node, v2, &rdataset, 0, NULL));
+
+ dns_db_detachnode(db1, &node);
+ assert_null(node);
+}
+
+/*
+ * Check dns_db_dump() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+dump(void **state) {
+ isc_result_t res;
+ FILE *f = NULL;
+
+ UNUSED(state);
+
+ res = isc_file_openunique(tempname, &f);
+ fclose(f);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_dump(db1, v1, tempname);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ check_assertion(dns_db_dump(db1, v2, tempname));
+}
+
+/*
+ * Check dns_db_addrdataset() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+addrdataset(void **state) {
+ isc_result_t res;
+ dns_rdataset_t rdataset;
+ dns_dbnode_t *node = NULL;
+ dns_rdatalist_t rdatalist;
+
+ UNUSED(state);
+
+ dns_rdataset_init(&rdataset);
+ dns_rdatalist_init(&rdatalist);
+
+ rdatalist.rdclass = dns_rdataclass_in;
+
+ res = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_findnode(db1, dns_rootname, false, &node);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_addrdataset(db1, node, v1, 0, &rdataset, 0, NULL);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ check_assertion(
+ dns_db_addrdataset(db1, node, v2, 0, &rdataset, 0, NULL));
+
+ dns_db_detachnode(db1, &node);
+ assert_null(node);
+}
+
+/*
+ * Check dns_db_getnsec3parameters() passes with matching db and version,
+ * and asserts with mis-matching db and version.
+ */
+static void
+getnsec3parameters(void **state) {
+ isc_result_t res;
+ dns_hash_t hash;
+ uint8_t flags;
+ uint16_t iterations;
+ unsigned char salt[DNS_NSEC3_SALTSIZE];
+ size_t salt_length = sizeof(salt);
+
+ UNUSED(state);
+
+ res = dns_db_getnsec3parameters(db1, v1, &hash, &flags, &iterations,
+ salt, &salt_length);
+ assert_int_equal(res, ISC_R_NOTFOUND);
+
+ check_assertion(dns_db_getnsec3parameters(
+ db1, v2, &hash, &flags, &iterations, salt, &salt_length));
+}
+
+/*
+ * Check dns_db_resigned() passes with matching db and version, and
+ * asserts with mis-matching db and version.
+ */
+static void
+resigned(void **state) {
+ isc_result_t res;
+ dns_rdataset_t rdataset, added;
+ dns_dbnode_t *node = NULL;
+ dns_rdatalist_t rdatalist;
+ dns_rdata_rrsig_t rrsig;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_buffer_t b;
+ unsigned char buf[1024];
+
+ UNUSED(state);
+
+ /*
+ * Create a dummy RRSIG record and set a resigning time.
+ */
+ dns_rdataset_init(&added);
+ dns_rdataset_init(&rdataset);
+ dns_rdatalist_init(&rdatalist);
+ isc_buffer_init(&b, buf, sizeof(buf));
+
+ DNS_RDATACOMMON_INIT(&rrsig, dns_rdatatype_rrsig, dns_rdataclass_in);
+ rrsig.covered = dns_rdatatype_a;
+ rrsig.algorithm = 100;
+ rrsig.labels = 0;
+ rrsig.originalttl = 0;
+ rrsig.timeexpire = 3600;
+ rrsig.timesigned = 0;
+ rrsig.keyid = 0;
+ dns_name_init(&rrsig.signer, NULL);
+ dns_name_clone(dns_rootname, &rrsig.signer);
+ rrsig.siglen = 0;
+ rrsig.signature = NULL;
+
+ res = dns_rdata_fromstruct(&rdata, dns_rdataclass_in,
+ dns_rdatatype_rrsig, &rrsig, &b);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ rdatalist.rdclass = dns_rdataclass_in;
+ rdatalist.type = dns_rdatatype_rrsig;
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+
+ res = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ rdataset.attributes |= DNS_RDATASETATTR_RESIGN;
+ rdataset.resign = 7200;
+
+ res = dns_db_findnode(db1, dns_rootname, false, &node);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ res = dns_db_addrdataset(db1, node, v1, 0, &rdataset, 0, &added);
+ assert_int_equal(res, ISC_R_SUCCESS);
+
+ dns_db_detachnode(db1, &node);
+ assert_null(node);
+
+ check_assertion(dns_db_resigned(db1, &added, v2));
+
+ dns_db_resigned(db1, &added, v1);
+
+ dns_rdataset_disassociate(&added);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(dump, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(find, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(allrdatasets, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(findrdataset, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(deleterdataset, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(subtract, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(addrdataset, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(getnsec3parameters, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(resigned, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(attachversion, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(closeversion, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/dh_test.c b/lib/dns/tests/dh_test.c
new file mode 100644
index 0000000..bd60d6d
--- /dev/null
+++ b/lib/dns/tests/dh_test.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <pk11/site.h>
+
+#include <dns/name.h>
+
+#include <dst/result.h>
+
+#include "../dst_internal.h"
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* OpenSSL DH_compute_key() failure */
+static void
+dh_computesecret(void **state) {
+ dst_key_t *key = NULL;
+ isc_buffer_t buf;
+ unsigned char array[1024];
+ isc_result_t result;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ UNUSED(state);
+
+ name = dns_fixedname_initname(&fname);
+ isc_buffer_constinit(&buf, "dh.", 3);
+ isc_buffer_add(&buf, 3);
+ result = dns_name_fromtext(name, &buf, NULL, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dst_key_fromfile(name, 18602, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_KEY, "./", dt_mctx,
+ &key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_buffer_init(&buf, array, sizeof(array));
+ result = dst_key_computesecret(key, key, &buf);
+ assert_int_equal(result, DST_R_NOTPRIVATEKEY);
+ result = key->func->computesecret(key, key, &buf);
+ assert_int_equal(result, DST_R_COMPUTESECRETFAILURE);
+
+ dst_key_free(&key);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(dh_computesecret, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/dispatch_test.c b/lib/dns/tests/dispatch_test.c
new file mode 100644
index 0000000..9f9737b
--- /dev/null
+++ b/lib/dns/tests/dispatch_test.c
@@ -0,0 +1,360 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/refcount.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/dispatch.h>
+#include <dns/name.h>
+#include <dns/view.h>
+
+#include "dnstest.h"
+
+dns_dispatchmgr_t *dispatchmgr = NULL;
+dns_dispatchset_t *dset = NULL;
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static isc_result_t
+make_dispatchset(unsigned int ndisps) {
+ isc_result_t result;
+ isc_sockaddr_t any;
+ unsigned int attrs;
+ dns_dispatch_t *disp = NULL;
+
+ result = dns_dispatchmgr_create(dt_mctx, &dispatchmgr);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ isc_sockaddr_any(&any);
+ attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+ result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &any, 512,
+ 6, 1024, 17, 19, attrs, attrs, &disp);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ result = dns_dispatchset_create(dt_mctx, socketmgr, taskmgr, disp,
+ &dset, ndisps);
+ dns_dispatch_detach(&disp);
+
+ return (result);
+}
+
+static void
+reset(void) {
+ if (dset != NULL) {
+ dns_dispatchset_destroy(&dset);
+ }
+ if (dispatchmgr != NULL) {
+ dns_dispatchmgr_destroy(&dispatchmgr);
+ }
+}
+
+/* create dispatch set */
+static void
+dispatchset_create(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = make_dispatchset(1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ reset();
+
+ result = make_dispatchset(10);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ reset();
+}
+
+/* test dispatch set round-robin */
+static void
+dispatchset_get(void **state) {
+ isc_result_t result;
+ dns_dispatch_t *d1, *d2, *d3, *d4, *d5;
+
+ UNUSED(state);
+
+ result = make_dispatchset(1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ d1 = dns_dispatchset_get(dset);
+ d2 = dns_dispatchset_get(dset);
+ d3 = dns_dispatchset_get(dset);
+ d4 = dns_dispatchset_get(dset);
+ d5 = dns_dispatchset_get(dset);
+
+ assert_ptr_equal(d1, d2);
+ assert_ptr_equal(d2, d3);
+ assert_ptr_equal(d3, d4);
+ assert_ptr_equal(d4, d5);
+
+ reset();
+
+ result = make_dispatchset(4);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ d1 = dns_dispatchset_get(dset);
+ d2 = dns_dispatchset_get(dset);
+ d3 = dns_dispatchset_get(dset);
+ d4 = dns_dispatchset_get(dset);
+ d5 = dns_dispatchset_get(dset);
+
+ assert_ptr_equal(d1, d5);
+ assert_ptr_not_equal(d1, d2);
+ assert_ptr_not_equal(d2, d3);
+ assert_ptr_not_equal(d3, d4);
+ assert_ptr_not_equal(d4, d5);
+
+ reset();
+}
+
+static void
+senddone(isc_task_t *task, isc_event_t *event) {
+ isc_socket_t *sock = event->ev_arg;
+
+ UNUSED(task);
+
+ isc_socket_detach(&sock);
+ isc_event_free(&event);
+}
+
+static void
+nameserver(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ isc_region_t region;
+ isc_socket_t *dummy;
+ isc_socket_t *sock = event->ev_arg;
+ isc_socketevent_t *ev = (isc_socketevent_t *)event;
+ static unsigned char buf1[16];
+ static unsigned char buf2[16];
+
+ memmove(buf1, ev->region.base, 12);
+ memset(buf1 + 12, 0, 4);
+ buf1[2] |= 0x80; /* qr=1 */
+
+ memmove(buf2, ev->region.base, 12);
+ memset(buf2 + 12, 1, 4);
+ buf2[2] |= 0x80; /* qr=1 */
+
+ /*
+ * send message to be discarded.
+ */
+ region.base = buf1;
+ region.length = sizeof(buf1);
+ dummy = NULL;
+ isc_socket_attach(sock, &dummy);
+ result = isc_socket_sendto(sock, &region, task, senddone, sock,
+ &ev->address, NULL);
+ if (result != ISC_R_SUCCESS) {
+ isc_socket_detach(&dummy);
+ }
+
+ /*
+ * send nextitem message.
+ */
+ region.base = buf2;
+ region.length = sizeof(buf2);
+ dummy = NULL;
+ isc_socket_attach(sock, &dummy);
+ result = isc_socket_sendto(sock, &region, task, senddone, sock,
+ &ev->address, NULL);
+ if (result != ISC_R_SUCCESS) {
+ isc_socket_detach(&dummy);
+ }
+ isc_event_free(&event);
+}
+
+static dns_dispatch_t *dispatch = NULL;
+static dns_dispentry_t *dispentry = NULL;
+static atomic_bool first = true;
+static isc_sockaddr_t local;
+static atomic_uint_fast32_t responses;
+
+static void
+response(isc_task_t *task, isc_event_t *event) {
+ dns_dispatchevent_t *devent = (dns_dispatchevent_t *)event;
+ bool exp_true = true;
+
+ UNUSED(task);
+
+ atomic_fetch_add_relaxed(&responses, 1);
+ if (atomic_compare_exchange_strong(&first, &exp_true, false)) {
+ isc_result_t result = dns_dispatch_getnext(dispentry, &devent);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ } else {
+ dns_dispatch_removeresponse(&dispentry, &devent);
+ isc_app_shutdown();
+ }
+}
+
+static void
+startit(isc_task_t *task, isc_event_t *event) {
+ isc_result_t result;
+ isc_socket_t *sock = NULL;
+
+ isc_socket_attach(dns_dispatch_getsocket(dispatch), &sock);
+ result = isc_socket_sendto(sock, event->ev_arg, task, senddone, sock,
+ &local, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ isc_event_free(&event);
+}
+
+/* test dispatch getnext */
+static void
+dispatch_getnext(void **state) {
+ isc_region_t region;
+ isc_result_t result;
+ isc_socket_t *sock = NULL;
+ isc_task_t *task = NULL;
+ uint16_t id;
+ struct in_addr ina;
+ unsigned char message[12];
+ unsigned int attrs;
+ unsigned char rbuf[12];
+
+ UNUSED(state);
+
+ atomic_init(&responses, 0);
+
+ result = isc_task_create(taskmgr, 0, &task);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dispatchmgr_create(dt_mctx, &dispatchmgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ ina.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&local, &ina, 0);
+ attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+ result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &local,
+ 512, 6, 1024, 17, 19, attrs, attrs,
+ &dispatch);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Create a local udp nameserver on the loopback.
+ */
+ result = isc_socket_create(socketmgr, AF_INET, isc_sockettype_udp,
+ &sock);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ ina.s_addr = htonl(INADDR_LOOPBACK);
+ isc_sockaddr_fromin(&local, &ina, 0);
+ result = isc_socket_bind(sock, &local, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = isc_socket_getsockname(sock, &local);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ region.base = rbuf;
+ region.length = sizeof(rbuf);
+ result = isc_socket_recv(sock, &region, 1, task, nameserver, sock);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dispatch_addresponse(dispatch, 0, &local, task, response,
+ NULL, &id, &dispentry, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ memset(message, 0, sizeof(message));
+ message[0] = (id >> 8) & 0xff;
+ message[1] = id & 0xff;
+
+ region.base = message;
+ region.length = sizeof(message);
+ result = isc_app_onrun(dt_mctx, task, startit, &region);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = isc_app_run();
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_int_equal(atomic_load_acquire(&responses), 2);
+
+ /*
+ * Shutdown nameserver.
+ */
+ isc_socket_cancel(sock, task, ISC_SOCKCANCEL_RECV);
+ isc_socket_detach(&sock);
+ isc_task_detach(&task);
+
+ /*
+ * Shutdown the dispatch.
+ */
+ dns_dispatch_detach(&dispatch);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(dispatchset_create, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(dispatchset_get, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(dispatch_getnext, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/dnstap_test.c b/lib/dns/tests/dnstap_test.c
new file mode 100644
index 0000000..17addc6
--- /dev/null
+++ b/lib/dns/tests/dnstap_test.c
@@ -0,0 +1,402 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/buffer.h>
+#include <isc/file.h>
+#include <isc/print.h>
+#include <isc/stdio.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/dnstap.h>
+#include <dns/view.h>
+
+#include "dnstest.h"
+
+#ifdef HAVE_DNSTAP
+
+#include <fstrm.h>
+
+#include <protobuf-c/protobuf-c.h>
+
+#define TAPFILE "testdata/dnstap/dnstap.file"
+#define TAPSOCK "testdata/dnstap/dnstap.sock"
+
+#define TAPSAVED "testdata/dnstap/dnstap.saved"
+#define TAPTEXT "testdata/dnstap/dnstap.text"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static void
+cleanup() {
+ (void)isc_file_remove(TAPFILE);
+ (void)isc_file_remove(TAPSOCK);
+}
+
+/* set up dnstap environment */
+static void
+create_test(void **state) {
+ isc_result_t result;
+ dns_dtenv_t *dtenv = NULL;
+ struct fstrm_iothr_options *fopt;
+
+ UNUSED(state);
+
+ cleanup();
+
+ fopt = fstrm_iothr_options_init();
+ assert_non_null(fopt);
+ fstrm_iothr_options_set_num_input_queues(fopt, 1);
+
+ result = dns_dt_create(dt_mctx, dns_dtmode_file, TAPFILE, &fopt, NULL,
+ &dtenv);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ if (dtenv != NULL) {
+ dns_dt_detach(&dtenv);
+ }
+ if (fopt != NULL) {
+ fstrm_iothr_options_destroy(&fopt);
+ }
+
+ assert_true(isc_file_exists(TAPFILE));
+
+ fopt = fstrm_iothr_options_init();
+ assert_non_null(fopt);
+ fstrm_iothr_options_set_num_input_queues(fopt, 1);
+
+ result = dns_dt_create(dt_mctx, dns_dtmode_unix, TAPSOCK, &fopt, NULL,
+ &dtenv);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ if (dtenv != NULL) {
+ dns_dt_detach(&dtenv);
+ }
+ if (fopt != NULL) {
+ fstrm_iothr_options_destroy(&fopt);
+ }
+
+ /* 'create' should succeed, but the file shouldn't exist yet */
+ assert_false(isc_file_exists(TAPSOCK));
+
+ fopt = fstrm_iothr_options_init();
+ assert_non_null(fopt);
+ fstrm_iothr_options_set_num_input_queues(fopt, 1);
+
+ result = dns_dt_create(dt_mctx, 33, TAPSOCK, &fopt, NULL, &dtenv);
+ assert_int_equal(result, ISC_R_FAILURE);
+ assert_null(dtenv);
+ if (dtenv != NULL) {
+ dns_dt_detach(&dtenv);
+ }
+ if (fopt != NULL) {
+ fstrm_iothr_options_destroy(&fopt);
+ }
+
+ cleanup();
+}
+
+/* send dnstap messages */
+static void
+send_test(void **state) {
+ isc_result_t result;
+ dns_dtenv_t *dtenv = NULL;
+ dns_dthandle_t *handle = NULL;
+ uint8_t *data;
+ size_t dsize;
+ unsigned char zone[DNS_NAME_MAXWIRE];
+ unsigned char qambuffer[4096], rambuffer[4096];
+ unsigned char qrmbuffer[4096], rrmbuffer[4096];
+ isc_buffer_t zb, qamsg, ramsg, qrmsg, rrmsg;
+ size_t qasize, qrsize, rasize, rrsize;
+ dns_fixedname_t zfname;
+ dns_name_t *zname;
+ dns_dtmsgtype_t dt;
+ dns_view_t *view = NULL;
+ dns_compress_t cctx;
+ isc_region_t zr;
+ isc_sockaddr_t qaddr;
+ isc_sockaddr_t raddr;
+ struct in_addr in;
+ isc_stdtime_t now;
+ isc_time_t p, f;
+ struct fstrm_iothr_options *fopt;
+
+ UNUSED(state);
+
+ cleanup();
+
+ result = dns_test_makeview("test", &view);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ fopt = fstrm_iothr_options_init();
+ assert_non_null(fopt);
+ fstrm_iothr_options_set_num_input_queues(fopt, 1);
+
+ result = dns_dt_create(dt_mctx, dns_dtmode_file, TAPFILE, &fopt, NULL,
+ &dtenv);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_dt_attach(dtenv, &view->dtenv);
+ view->dttypes = DNS_DTTYPE_ALL;
+
+ /*
+ * Set up some test data
+ */
+ zname = dns_fixedname_initname(&zfname);
+ isc_buffer_constinit(&zb, "example.com.", 12);
+ isc_buffer_add(&zb, 12);
+ result = dns_name_fromtext(zname, &zb, NULL, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ memset(&zr, 0, sizeof(zr));
+ isc_buffer_init(&zb, zone, sizeof(zone));
+ result = dns_compress_init(&cctx, -1, dt_mctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, DNS_COMPRESS_NONE);
+ result = dns_name_towire(zname, &cctx, &zb);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_compress_invalidate(&cctx);
+ isc_buffer_usedregion(&zb, &zr);
+
+ in.s_addr = inet_addr("10.53.0.1");
+ isc_sockaddr_fromin(&qaddr, &in, 2112);
+ in.s_addr = inet_addr("10.53.0.2");
+ isc_sockaddr_fromin(&raddr, &in, 2112);
+
+ isc_stdtime_get(&now);
+ isc_time_set(&p, now - 3600, 0); /* past */
+ isc_time_set(&f, now + 3600, 0); /* future */
+
+ result = dns_test_getdata("testdata/dnstap/query.auth", qambuffer,
+ sizeof(qambuffer), &qasize);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ isc_buffer_init(&qamsg, qambuffer, qasize);
+ isc_buffer_add(&qamsg, qasize);
+
+ result = dns_test_getdata("testdata/dnstap/response.auth", rambuffer,
+ sizeof(rambuffer), &rasize);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ isc_buffer_init(&ramsg, rambuffer, rasize);
+ isc_buffer_add(&ramsg, rasize);
+
+ result = dns_test_getdata("testdata/dnstap/query.recursive", qrmbuffer,
+ sizeof(qrmbuffer), &qrsize);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ isc_buffer_init(&qrmsg, qrmbuffer, qrsize);
+ isc_buffer_add(&qrmsg, qrsize);
+
+ result = dns_test_getdata("testdata/dnstap/response.recursive",
+ rrmbuffer, sizeof(rrmbuffer), &rrsize);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ isc_buffer_init(&rrmsg, rrmbuffer, rrsize);
+ isc_buffer_add(&rrmsg, rrsize);
+
+ for (dt = DNS_DTTYPE_SQ; dt <= DNS_DTTYPE_TR; dt <<= 1) {
+ isc_buffer_t *m;
+ isc_sockaddr_t *q = &qaddr, *r = &raddr;
+
+ switch (dt) {
+ case DNS_DTTYPE_AQ:
+ m = &qamsg;
+ break;
+ case DNS_DTTYPE_AR:
+ m = &ramsg;
+ break;
+ default:
+ m = &qrmsg;
+ if ((dt & DNS_DTTYPE_RESPONSE) != 0) {
+ m = &ramsg;
+ }
+ break;
+ }
+
+ dns_dt_send(view, dt, q, r, false, &zr, &p, &f, m);
+ dns_dt_send(view, dt, q, r, false, &zr, NULL, &f, m);
+ dns_dt_send(view, dt, q, r, false, &zr, &p, NULL, m);
+ dns_dt_send(view, dt, q, r, false, &zr, NULL, NULL, m);
+ dns_dt_send(view, dt, q, r, true, &zr, &p, &f, m);
+ dns_dt_send(view, dt, q, r, true, &zr, NULL, &f, m);
+ dns_dt_send(view, dt, q, r, true, &zr, &p, NULL, m);
+ dns_dt_send(view, dt, q, r, true, &zr, NULL, NULL, m);
+ }
+
+ dns_dt_detach(&view->dtenv);
+ dns_dt_detach(&dtenv);
+ dns_view_detach(&view);
+
+ result = dns_dt_open(TAPFILE, dns_dtmode_file, dt_mctx, &handle);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) {
+ dns_dtdata_t *dtdata = NULL;
+ isc_region_t r;
+ static dns_dtmsgtype_t expected = DNS_DTTYPE_SQ;
+ static int n = 0;
+
+ r.base = data;
+ r.length = dsize;
+
+ result = dns_dt_parse(dt_mctx, &r, &dtdata);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS) {
+ n++;
+ continue;
+ }
+
+ assert_int_equal(dtdata->type, expected);
+ if (++n % 8 == 0) {
+ expected <<= 1;
+ }
+
+ dns_dtdata_free(&dtdata);
+ }
+
+ if (fopt != NULL) {
+ fstrm_iothr_options_destroy(&fopt);
+ }
+ if (handle != NULL) {
+ dns_dt_close(&handle);
+ }
+ cleanup();
+}
+
+/* dnstap message to text */
+static void
+totext_test(void **state) {
+ isc_result_t result;
+ dns_dthandle_t *handle = NULL;
+ uint8_t *data;
+ size_t dsize;
+ FILE *fp = NULL;
+
+ UNUSED(state);
+
+ result = dns_dt_open(TAPSAVED, dns_dtmode_file, dt_mctx, &handle);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = isc_stdio_open(TAPTEXT, "r", &fp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ while (dns_dt_getframe(handle, &data, &dsize) == ISC_R_SUCCESS) {
+ dns_dtdata_t *dtdata = NULL;
+ isc_buffer_t *b = NULL;
+ isc_region_t r;
+ char s[BUFSIZ], *p;
+
+ r.base = data;
+ r.length = dsize;
+
+ /* read the corresponding line of text */
+ p = fgets(s, sizeof(s), fp);
+ assert_ptr_equal(p, s);
+ if (p == NULL) {
+ break;
+ }
+
+ p = strchr(p, '\n');
+ if (p != NULL) {
+ *p = '\0';
+ }
+
+ /* parse dnstap frame */
+ result = dns_dt_parse(dt_mctx, &r, &dtdata);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ if (result != ISC_R_SUCCESS) {
+ continue;
+ }
+
+ isc_buffer_allocate(dt_mctx, &b, 2048);
+ assert_non_null(b);
+ if (b == NULL) {
+ break;
+ }
+
+ /* convert to text and compare */
+ result = dns_dt_datatotext(dtdata, &b);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_string_equal((char *)isc_buffer_base(b), s);
+
+ dns_dtdata_free(&dtdata);
+ isc_buffer_free(&b);
+ }
+
+ if (handle != NULL) {
+ dns_dt_close(&handle);
+ }
+ cleanup();
+}
+#endif /* HAVE_DNSTAP */
+
+int
+main(void) {
+#if HAVE_DNSTAP
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(create_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(send_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown),
+ };
+
+ /* make sure text conversion gets the right local time */
+ setenv("TZ", "PST8", 1);
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+#else /* if HAVE_DNSTAP */
+ print_message("1..0 # Skipped: dnstap not enabled\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+#endif /* HAVE_DNSTAP */
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* HAVE_CMOCKA */
diff --git a/lib/dns/tests/dnstest.c b/lib/dns/tests/dnstest.c
new file mode 100644
index 0000000..a8cd6b5
--- /dev/null
+++ b/lib/dns/tests/dnstest.c
@@ -0,0 +1,643 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#if HAVE_CMOCKA
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/file.h>
+#include <isc/hash.h>
+#include <isc/hex.h>
+#include <isc/lex.h>
+#include <isc/managers.h>
+#include <isc/mem.h>
+#include <isc/os.h>
+#include <isc/print.h>
+#include <isc/socket.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/callbacks.h>
+#include <dns/db.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/result.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+
+#include "dnstest.h"
+
+#define CHECK(r) \
+ do { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) { \
+ goto cleanup; \
+ } \
+ } while (0)
+
+isc_mem_t *dt_mctx = NULL;
+isc_log_t *lctx = NULL;
+isc_nm_t *netmgr = NULL;
+isc_taskmgr_t *taskmgr = NULL;
+isc_task_t *maintask = NULL;
+isc_timermgr_t *timermgr = NULL;
+isc_socketmgr_t *socketmgr = NULL;
+dns_zonemgr_t *zonemgr = NULL;
+bool app_running = false;
+int ncpus;
+bool debug_mem_record = true;
+
+static bool dst_active = false;
+static bool test_running = false;
+
+/*
+ * Logging categories: this needs to match the list in bin/named/log.c.
+ */
+static isc_logcategory_t categories[] = { { "", 0 },
+ { "client", 0 },
+ { "network", 0 },
+ { "update", 0 },
+ { "queries", 0 },
+ { "unmatched", 0 },
+ { "update-security", 0 },
+ { "query-errors", 0 },
+ { NULL, 0 } };
+
+static void
+cleanup_managers(void) {
+ if (maintask != NULL) {
+ isc_task_shutdown(maintask);
+ isc_task_destroy(&maintask);
+ }
+
+ isc_managers_destroy(netmgr == NULL ? NULL : &netmgr,
+ taskmgr == NULL ? NULL : &taskmgr);
+
+ if (socketmgr != NULL) {
+ isc_socketmgr_destroy(&socketmgr);
+ }
+ if (timermgr != NULL) {
+ isc_timermgr_destroy(&timermgr);
+ }
+ if (app_running) {
+ isc_app_finish();
+ }
+}
+
+static isc_result_t
+create_managers(void) {
+ isc_result_t result;
+ ncpus = isc_os_ncpus();
+
+ CHECK(isc_managers_create(dt_mctx, ncpus, 0, &netmgr, &taskmgr));
+ CHECK(isc_timermgr_create(dt_mctx, &timermgr));
+ CHECK(isc_socketmgr_create(dt_mctx, &socketmgr));
+ CHECK(isc_task_create_bound(taskmgr, 0, &maintask, 0));
+ return (ISC_R_SUCCESS);
+
+cleanup:
+ cleanup_managers();
+ return (result);
+}
+
+isc_result_t
+dns_test_begin(FILE *logfile, bool start_managers) {
+ isc_result_t result;
+
+ INSIST(!test_running);
+ test_running = true;
+
+ if (start_managers) {
+ CHECK(isc_app_start());
+ }
+ if (debug_mem_record) {
+ isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
+ }
+
+ INSIST(dt_mctx == NULL);
+ isc_mem_create(&dt_mctx);
+
+ /* Don't check the memory leaks as they hide the assertions */
+ isc_mem_setdestroycheck(dt_mctx, false);
+
+ INSIST(!dst_active);
+ CHECK(dst_lib_init(dt_mctx, NULL));
+ dst_active = true;
+
+ if (logfile != NULL) {
+ isc_logdestination_t destination;
+ isc_logconfig_t *logconfig = NULL;
+
+ INSIST(lctx == NULL);
+ isc_log_create(dt_mctx, &lctx, &logconfig);
+ isc_log_registercategories(lctx, categories);
+ isc_log_setcontext(lctx);
+ dns_log_init(lctx);
+ dns_log_setcontext(lctx);
+
+ destination.file.stream = logfile;
+ destination.file.name = NULL;
+ destination.file.versions = ISC_LOG_ROLLNEVER;
+ destination.file.maximum_size = 0;
+ isc_log_createchannel(logconfig, "stderr", ISC_LOG_TOFILEDESC,
+ ISC_LOG_DYNAMIC, &destination, 0);
+ CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL));
+ }
+
+ dns_result_register();
+
+ if (start_managers) {
+ CHECK(create_managers());
+ }
+
+ /*
+ * The caller might run from another directory, so tests
+ * that access test data files must first chdir to the proper
+ * location.
+ */
+ if (chdir(TESTS) == -1) {
+ CHECK(ISC_R_FAILURE);
+ }
+
+ return (ISC_R_SUCCESS);
+
+cleanup:
+ dns_test_end();
+ return (result);
+}
+
+void
+dns_test_end(void) {
+ cleanup_managers();
+
+ dst_lib_destroy();
+ dst_active = false;
+
+ if (lctx != NULL) {
+ isc_log_destroy(&lctx);
+ }
+
+ if (dt_mctx != NULL) {
+ isc_mem_destroy(&dt_mctx);
+ }
+
+ test_running = false;
+}
+
+/*
+ * Create a view.
+ */
+isc_result_t
+dns_test_makeview(const char *name, dns_view_t **viewp) {
+ isc_result_t result;
+ dns_view_t *view = NULL;
+
+ CHECK(dns_view_create(dt_mctx, dns_rdataclass_in, name, &view));
+ *viewp = view;
+
+ return (ISC_R_SUCCESS);
+
+cleanup:
+ if (view != NULL) {
+ dns_view_detach(&view);
+ }
+ return (result);
+}
+
+isc_result_t
+dns_test_makezone(const char *name, dns_zone_t **zonep, dns_view_t *view,
+ bool createview) {
+ dns_fixedname_t fixed_origin;
+ dns_zone_t *zone = NULL;
+ isc_result_t result;
+ dns_name_t *origin;
+
+ REQUIRE(view == NULL || !createview);
+
+ /*
+ * Create the zone structure.
+ */
+ result = dns_zone_create(&zone, dt_mctx);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ /*
+ * Set zone type and origin.
+ */
+ dns_zone_settype(zone, dns_zone_primary);
+ origin = dns_fixedname_initname(&fixed_origin);
+ result = dns_name_fromstring(origin, name, 0, NULL);
+ if (result != ISC_R_SUCCESS) {
+ goto detach_zone;
+ }
+ result = dns_zone_setorigin(zone, origin);
+ if (result != ISC_R_SUCCESS) {
+ goto detach_zone;
+ }
+
+ /*
+ * If requested, create a view.
+ */
+ if (createview) {
+ result = dns_test_makeview("view", &view);
+ if (result != ISC_R_SUCCESS) {
+ goto detach_zone;
+ }
+ }
+
+ /*
+ * If a view was passed as an argument or created above, attach the
+ * created zone to it. Otherwise, set the zone's class to IN.
+ */
+ if (view != NULL) {
+ dns_zone_setview(zone, view);
+ dns_zone_setclass(zone, view->rdclass);
+ dns_view_addzone(view, zone);
+ } else {
+ dns_zone_setclass(zone, dns_rdataclass_in);
+ }
+
+ *zonep = zone;
+
+ return (ISC_R_SUCCESS);
+
+detach_zone:
+ dns_zone_detach(&zone);
+
+ return (result);
+}
+
+isc_result_t
+dns_test_setupzonemgr(void) {
+ isc_result_t result;
+ REQUIRE(zonemgr == NULL);
+
+ result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr,
+ &zonemgr);
+ return (result);
+}
+
+isc_result_t
+dns_test_managezone(dns_zone_t *zone) {
+ isc_result_t result;
+ REQUIRE(zonemgr != NULL);
+
+ result = dns_zonemgr_setsize(zonemgr, 1);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ result = dns_zonemgr_managezone(zonemgr, zone);
+ return (result);
+}
+
+void
+dns_test_releasezone(dns_zone_t *zone) {
+ REQUIRE(zonemgr != NULL);
+ dns_zonemgr_releasezone(zonemgr, zone);
+}
+
+void
+dns_test_closezonemgr(void) {
+ REQUIRE(zonemgr != NULL);
+
+ dns_zonemgr_shutdown(zonemgr);
+ dns_zonemgr_detach(&zonemgr);
+}
+
+/*
+ * Sleep for 'usec' microseconds.
+ */
+void
+dns_test_nap(uint32_t usec) {
+ struct timespec ts;
+
+ ts.tv_sec = usec / 1000000;
+ ts.tv_nsec = (usec % 1000000) * 1000;
+ nanosleep(&ts, NULL);
+}
+
+isc_result_t
+dns_test_loaddb(dns_db_t **db, dns_dbtype_t dbtype, const char *origin,
+ const char *testfile) {
+ isc_result_t result;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+
+ name = dns_fixedname_initname(&fixed);
+
+ result = dns_name_fromstring(name, origin, 0, NULL);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ result = dns_db_create(dt_mctx, "rbt", name, dbtype, dns_rdataclass_in,
+ 0, NULL, db);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ result = dns_db_load(*db, testfile, dns_masterformat_text, 0);
+ return (result);
+}
+
+static int
+fromhex(char c) {
+ if (c >= '0' && c <= '9') {
+ return (c - '0');
+ } else if (c >= 'a' && c <= 'f') {
+ return (c - 'a' + 10);
+ } else if (c >= 'A' && c <= 'F') {
+ return (c - 'A' + 10);
+ }
+
+ printf("bad input format: %02x\n", c);
+ exit(3);
+}
+
+/*
+ * Format contents of given memory region as a hex string, using the buffer
+ * of length 'buflen' pointed to by 'buf'. 'buflen' must be at least three
+ * times 'len'. Always returns 'buf'.
+ */
+char *
+dns_test_tohex(const unsigned char *data, size_t len, char *buf,
+ size_t buflen) {
+ isc_constregion_t source = { .base = data, .length = len };
+ isc_buffer_t target;
+ isc_result_t result;
+
+ memset(buf, 0, buflen);
+ isc_buffer_init(&target, buf, buflen);
+ result = isc_hex_totext((isc_region_t *)&source, 1, " ", &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (buf);
+}
+
+isc_result_t
+dns_test_getdata(const char *file, unsigned char *buf, size_t bufsiz,
+ size_t *sizep) {
+ isc_result_t result;
+ unsigned char *bp;
+ char *rp, *wp;
+ char s[BUFSIZ];
+ size_t len, i;
+ FILE *f = NULL;
+ int n;
+
+ result = isc_stdio_open(file, "r", &f);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ bp = buf;
+ while (fgets(s, sizeof(s), f) != NULL) {
+ rp = s;
+ wp = s;
+ len = 0;
+ while (*rp != '\0') {
+ if (*rp == '#') {
+ break;
+ }
+ if (*rp != ' ' && *rp != '\t' && *rp != '\r' &&
+ *rp != '\n')
+ {
+ *wp++ = *rp;
+ len++;
+ }
+ rp++;
+ }
+ if (len == 0U) {
+ continue;
+ }
+ if (len % 2 != 0U) {
+ CHECK(ISC_R_UNEXPECTEDEND);
+ }
+ if (len > bufsiz * 2) {
+ CHECK(ISC_R_NOSPACE);
+ }
+ rp = s;
+ for (i = 0; i < len; i += 2) {
+ n = fromhex(*rp++);
+ n *= 16;
+ n += fromhex(*rp++);
+ *bp++ = n;
+ }
+ }
+
+ *sizep = bp - buf;
+
+ result = ISC_R_SUCCESS;
+
+cleanup:
+ isc_stdio_close(f);
+ return (result);
+}
+
+static void
+nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) {
+ UNUSED(cb);
+ UNUSED(fmt);
+}
+
+isc_result_t
+dns_test_rdatafromstring(dns_rdata_t *rdata, dns_rdataclass_t rdclass,
+ dns_rdatatype_t rdtype, unsigned char *dst,
+ size_t dstlen, const char *src, bool warnings) {
+ dns_rdatacallbacks_t callbacks;
+ isc_buffer_t source, target;
+ isc_lex_t *lex = NULL;
+ isc_lexspecials_t specials = { 0 };
+ isc_result_t result;
+ size_t length;
+
+ REQUIRE(rdata != NULL);
+ REQUIRE(DNS_RDATA_INITIALIZED(rdata));
+ REQUIRE(dst != NULL);
+ REQUIRE(src != NULL);
+
+ /*
+ * Set up source to hold the input string.
+ */
+ length = strlen(src);
+ isc_buffer_constinit(&source, src, length);
+ isc_buffer_add(&source, length);
+
+ /*
+ * Create a lexer as one is required by dns_rdata_fromtext().
+ */
+ result = isc_lex_create(dt_mctx, 64, &lex);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ /*
+ * Set characters which will be treated as valid multi-line RDATA
+ * delimiters while reading the source string. These should match
+ * specials from lib/dns/master.c.
+ */
+ specials[0] = 1;
+ specials['('] = 1;
+ specials[')'] = 1;
+ specials['"'] = 1;
+ isc_lex_setspecials(lex, specials);
+
+ /*
+ * Expect DNS masterfile comments.
+ */
+ isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
+
+ /*
+ * Point lexer at source.
+ */
+ result = isc_lex_openbuffer(lex, &source);
+ if (result != ISC_R_SUCCESS) {
+ goto destroy_lexer;
+ }
+
+ /*
+ * Set up target for storing uncompressed wire form of provided RDATA.
+ */
+ isc_buffer_init(&target, dst, dstlen);
+
+ /*
+ * Set up callbacks so warnings and errors are not printed.
+ */
+ if (!warnings) {
+ dns_rdatacallbacks_init(&callbacks);
+ callbacks.warn = callbacks.error = nullmsg;
+ }
+
+ /*
+ * Parse input string, determining result.
+ */
+ result = dns_rdata_fromtext(rdata, rdclass, rdtype, lex, dns_rootname,
+ 0, dt_mctx, &target, &callbacks);
+
+destroy_lexer:
+ isc_lex_destroy(&lex);
+
+ return (result);
+}
+
+void
+dns_test_namefromstring(const char *namestr, dns_fixedname_t *fname) {
+ size_t length;
+ isc_buffer_t *b = NULL;
+ isc_result_t result;
+ dns_name_t *name;
+
+ length = strlen(namestr);
+
+ name = dns_fixedname_initname(fname);
+
+ isc_buffer_allocate(dt_mctx, &b, length);
+
+ isc_buffer_putmem(b, (const unsigned char *)namestr, length);
+ result = dns_name_fromtext(name, b, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_buffer_free(&b);
+}
+
+isc_result_t
+dns_test_difffromchanges(dns_diff_t *diff, const zonechange_t *changes,
+ bool warnings) {
+ isc_result_t result = ISC_R_SUCCESS;
+ unsigned char rdata_buf[1024];
+ dns_difftuple_t *tuple = NULL;
+ isc_consttextregion_t region;
+ dns_rdatatype_t rdatatype;
+ dns_fixedname_t fixedname;
+ dns_rdata_t rdata;
+ dns_name_t *name;
+ size_t i;
+
+ REQUIRE(diff != NULL);
+ REQUIRE(changes != NULL);
+
+ dns_diff_init(dt_mctx, diff);
+
+ for (i = 0; changes[i].owner != NULL; i++) {
+ /*
+ * Parse owner name.
+ */
+ name = dns_fixedname_initname(&fixedname);
+ result = dns_name_fromstring(name, changes[i].owner, 0,
+ dt_mctx);
+ if (result != ISC_R_SUCCESS) {
+ break;
+ }
+
+ /*
+ * Parse RDATA type.
+ */
+ region.base = changes[i].type;
+ region.length = strlen(changes[i].type);
+ result = dns_rdatatype_fromtext(&rdatatype,
+ (isc_textregion_t *)&region);
+ if (result != ISC_R_SUCCESS) {
+ break;
+ }
+
+ /*
+ * Parse RDATA.
+ */
+ dns_rdata_init(&rdata);
+ result = dns_test_rdatafromstring(
+ &rdata, dns_rdataclass_in, rdatatype, rdata_buf,
+ sizeof(rdata_buf), changes[i].rdata, warnings);
+ if (result != ISC_R_SUCCESS) {
+ break;
+ }
+
+ /*
+ * Create a diff tuple for the parsed change and append it to
+ * the diff.
+ */
+ result = dns_difftuple_create(dt_mctx, changes[i].op, name,
+ changes[i].ttl, &rdata, &tuple);
+ if (result != ISC_R_SUCCESS) {
+ break;
+ }
+ dns_diff_append(diff, &tuple);
+ }
+
+ if (result != ISC_R_SUCCESS) {
+ dns_diff_clear(diff);
+ }
+
+ return (result);
+}
+#endif /* HAVE_CMOCKA */
diff --git a/lib/dns/tests/dnstest.h b/lib/dns/tests/dnstest.h
new file mode 100644
index 0000000..f19b518
--- /dev/null
+++ b/lib/dns/tests/dnstest.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <inttypes.h>
+#include <stdbool.h>
+
+#include <isc/buffer.h>
+#include <isc/hash.h>
+#include <isc/log.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/diff.h>
+#include <dns/result.h>
+#include <dns/zone.h>
+
+typedef struct {
+ dns_diffop_t op;
+ const char *owner;
+ dns_ttl_t ttl;
+ const char *type;
+ const char *rdata;
+} zonechange_t;
+
+#define ZONECHANGE_SENTINEL \
+ { \
+ 0, NULL, 0, NULL, NULL \
+ }
+
+extern isc_mem_t *dt_mctx;
+extern isc_log_t *lctx;
+extern isc_taskmgr_t *taskmgr;
+extern isc_task_t *maintask;
+extern isc_timermgr_t *timermgr;
+extern isc_socketmgr_t *socketmgr;
+extern dns_zonemgr_t *zonemgr;
+extern bool app_running;
+extern int ncpus;
+extern bool debug_mem_record;
+
+isc_result_t
+dns_test_begin(FILE *logfile, bool create_managers);
+
+void
+dns_test_end(void);
+
+isc_result_t
+dns_test_makeview(const char *name, dns_view_t **viewp);
+
+/*%
+ * Create a zone with origin 'name', return a pointer to the zone object in
+ * 'zonep'.
+ *
+ * If 'view' is set, the returned zone will be assigned to the passed view.
+ * 'createview' must be set to false when 'view' is non-NULL.
+ *
+ * If 'view' is not set and 'createview' is true, a new view is also created
+ * and the returned zone is assigned to it. This imposes two requirements on
+ * the caller: 1) the returned zone has to be subsequently assigned to a zone
+ * manager, otherwise its cleanup will fail, 2) the created view has to be
+ * cleaned up by the caller.
+ *
+ * If 'view' is not set and 'createview' is false, the returned zone will not
+ * be assigned to any view.
+ */
+isc_result_t
+dns_test_makezone(const char *name, dns_zone_t **zonep, dns_view_t *view,
+ bool createview);
+
+isc_result_t
+dns_test_setupzonemgr(void);
+
+isc_result_t
+dns_test_managezone(dns_zone_t *zone);
+
+void
+dns_test_releasezone(dns_zone_t *zone);
+
+void
+dns_test_closezonemgr(void);
+
+void
+dns_test_nap(uint32_t usec);
+
+isc_result_t
+dns_test_loaddb(dns_db_t **db, dns_dbtype_t dbtype, const char *origin,
+ const char *testfile);
+
+isc_result_t
+dns_test_getdata(const char *file, unsigned char *buf, size_t bufsiz,
+ size_t *sizep);
+
+char *
+dns_test_tohex(const unsigned char *data, size_t len, char *buf, size_t buflen);
+
+/*%
+ * Try parsing text form RDATA in "src" (of class "rdclass" and type "rdtype")
+ * into a structure representing that RDATA at "rdata", storing the
+ * uncompressed wire form of that RDATA at "dst", which is "dstlen" bytes long.
+ * Set 'warnings' to true to print logged warnings from dns_rdata_fromtext().
+ */
+isc_result_t
+dns_test_rdatafromstring(dns_rdata_t *rdata, dns_rdataclass_t rdclass,
+ dns_rdatatype_t rdtype, unsigned char *dst,
+ size_t dstlen, const char *src, bool warnings);
+
+void
+dns_test_namefromstring(const char *namestr, dns_fixedname_t *fname);
+
+/*%
+ * Given a pointer to an uninitialized dns_diff_t structure in 'diff', make it
+ * contain diff tuples representing zone database changes listed in 'changes'.
+ * Set 'warnings' to true to print logged warnings from dns_rdata_fromtext().
+ */
+isc_result_t
+dns_test_difffromchanges(dns_diff_t *diff, const zonechange_t *changes,
+ bool warnings);
diff --git a/lib/dns/tests/dst_test.c b/lib/dns/tests/dst_test.c
new file mode 100644
index 0000000..f5370cc
--- /dev/null
+++ b/lib/dns/tests/dst_test.c
@@ -0,0 +1,504 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/file.h>
+#include <isc/hex.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dst/dst.h>
+#include <dst/result.h>
+
+#include "../dst_internal.h"
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* Read sig in file at path to buf. Check signature ineffability */
+static isc_result_t
+sig_fromfile(const char *path, isc_buffer_t *buf) {
+ isc_result_t result;
+ size_t rval, len;
+ FILE *fp = NULL;
+ unsigned char val;
+ char *p, *data;
+ off_t size;
+
+ result = isc_stdio_open(path, "rb", &fp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = isc_file_getsizefd(fileno(fp), &size);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ data = isc_mem_get(dt_mctx, (size + 1));
+ assert_non_null(data);
+
+ len = (size_t)size;
+ p = data;
+ while (len != 0U) {
+ result = isc_stdio_read(p, 1, len, fp, &rval);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ len -= rval;
+ p += rval;
+ }
+ isc_stdio_close(fp);
+
+ p = data;
+ len = size;
+ while (len > 0U) {
+ if ((*p == '\r') || (*p == '\n')) {
+ ++p;
+ --len;
+ continue;
+ } else if (len < 2U) {
+ goto err;
+ }
+ if (('0' <= *p) && (*p <= '9')) {
+ val = *p - '0';
+ } else if (('A' <= *p) && (*p <= 'F')) {
+ val = *p - 'A' + 10;
+ } else {
+ result = ISC_R_BADHEX;
+ goto err;
+ }
+ ++p;
+ val <<= 4;
+ --len;
+ if (('0' <= *p) && (*p <= '9')) {
+ val |= (*p - '0');
+ } else if (('A' <= *p) && (*p <= 'F')) {
+ val |= (*p - 'A' + 10);
+ } else {
+ result = ISC_R_BADHEX;
+ goto err;
+ }
+ ++p;
+ --len;
+ isc_buffer_putuint8(buf, val);
+ }
+
+ result = ISC_R_SUCCESS;
+
+err:
+ isc_mem_put(dt_mctx, data, size + 1);
+ return (result);
+}
+
+static void
+check_sig(const char *datapath, const char *sigpath, const char *keyname,
+ dns_keytag_t id, dns_secalg_t alg, int type, bool expect) {
+ isc_result_t result;
+ size_t rval, len;
+ FILE *fp;
+ dst_key_t *key = NULL;
+ unsigned char sig[512];
+ unsigned char *p;
+ unsigned char *data;
+ off_t size;
+ isc_buffer_t b;
+ isc_buffer_t databuf, sigbuf;
+ isc_region_t datareg, sigreg;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ dst_context_t *ctx = NULL;
+
+ /*
+ * Read data from file in a form usable by dst_verify.
+ */
+ result = isc_stdio_open(datapath, "rb", &fp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = isc_file_getsizefd(fileno(fp), &size);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ data = isc_mem_get(dt_mctx, (size + 1));
+ assert_non_null(data);
+
+ p = data;
+ len = (size_t)size;
+ do {
+ result = isc_stdio_read(p, 1, len, fp, &rval);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ len -= rval;
+ p += rval;
+ } while (len);
+ isc_stdio_close(fp);
+
+ /*
+ * Read key from file in a form usable by dst_verify.
+ */
+ name = dns_fixedname_initname(&fname);
+ isc_buffer_constinit(&b, keyname, strlen(keyname));
+ isc_buffer_add(&b, strlen(keyname));
+ result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dst_key_fromfile(name, id, alg, type, "testdata/dst", dt_mctx,
+ &key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_buffer_init(&databuf, data, (unsigned int)size);
+ isc_buffer_add(&databuf, (unsigned int)size);
+ isc_buffer_usedregion(&databuf, &datareg);
+
+ memset(sig, 0, sizeof(sig));
+ isc_buffer_init(&sigbuf, sig, sizeof(sig));
+
+ /*
+ * Read precomputed signature from file in a form usable by dst_verify.
+ */
+ result = sig_fromfile(sigpath, &sigbuf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Verify that the key signed the data.
+ */
+ isc_buffer_remainingregion(&sigbuf, &sigreg);
+
+ result = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_GENERAL,
+ false, 0, &ctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dst_context_adddata(ctx, &datareg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dst_context_verify(ctx, &sigreg);
+
+ /*
+ * Compute the expected signature and emit it
+ * so the precomputed signature can be updated.
+ * This should only be done if the covered data
+ * is updated.
+ */
+ if (expect && result != ISC_R_SUCCESS) {
+ isc_result_t result2;
+
+ dst_context_destroy(&ctx);
+ result2 = dst_context_create(
+ key, dt_mctx, DNS_LOGCATEGORY_GENERAL, false, 0, &ctx);
+ assert_int_equal(result2, ISC_R_SUCCESS);
+
+ result2 = dst_context_adddata(ctx, &datareg);
+ assert_int_equal(result2, ISC_R_SUCCESS);
+
+ char sigbuf2[4096];
+ isc_buffer_t sigb;
+ isc_buffer_init(&sigb, sigbuf2, sizeof(sigbuf2));
+
+ result2 = dst_context_sign(ctx, &sigb);
+ assert_int_equal(result2, ISC_R_SUCCESS);
+
+ isc_region_t r;
+ isc_buffer_usedregion(&sigb, &r);
+
+ char hexbuf[4096] = { 0 };
+ isc_buffer_t hb;
+ isc_buffer_init(&hb, hexbuf, sizeof(hexbuf));
+
+ isc_hex_totext(&r, 0, "", &hb);
+
+ fprintf(stderr, "# %s:\n# %s\n", sigpath, hexbuf);
+ }
+
+ isc_mem_put(dt_mctx, data, size + 1);
+ dst_context_destroy(&ctx);
+ dst_key_free(&key);
+
+ assert_true((expect && (result == ISC_R_SUCCESS)) ||
+ (!expect && (result != ISC_R_SUCCESS)));
+
+ return;
+}
+
+static void
+sig_test(void **state) {
+ UNUSED(state);
+
+ struct {
+ const char *datapath;
+ const char *sigpath;
+ const char *keyname;
+ dns_keytag_t keyid;
+ dns_secalg_t alg;
+ bool expect;
+ } testcases[] = {
+ { "testdata/dst/test1.data", "testdata/dst/test1.ecdsa256sig",
+ "test.", 49130, DST_ALG_ECDSA256, true },
+ { "testdata/dst/test1.data", "testdata/dst/test1.rsasha256sig",
+ "test.", 11349, DST_ALG_RSASHA256, true },
+ { /* wrong sig */
+ "testdata/dst/test1.data", "testdata/dst/test1.ecdsa256sig",
+ "test.", 11349, DST_ALG_RSASHA256, false },
+ { /* wrong data */
+ "testdata/dst/test2.data", "testdata/dst/test1.ecdsa256sig",
+ "test.", 49130, DST_ALG_ECDSA256, false },
+ };
+ unsigned int i;
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ if (!dst_algorithm_supported(testcases[i].alg)) {
+ continue;
+ }
+
+ check_sig(testcases[i].datapath, testcases[i].sigpath,
+ testcases[i].keyname, testcases[i].keyid,
+ testcases[i].alg, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC,
+ testcases[i].expect);
+ }
+}
+
+#if !defined(USE_PKCS11)
+static void
+check_cmp(const char *key1_name, dns_keytag_t key1_id, const char *key2_name,
+ dns_keytag_t key2_id, dns_secalg_t alg, int type, bool expect) {
+ isc_result_t result;
+ dst_key_t *key1 = NULL;
+ dst_key_t *key2 = NULL;
+ isc_buffer_t b1;
+ isc_buffer_t b2;
+ dns_fixedname_t fname1;
+ dns_fixedname_t fname2;
+ dns_name_t *name1;
+ dns_name_t *name2;
+
+ /*
+ * Read key1 from the file.
+ */
+ name1 = dns_fixedname_initname(&fname1);
+ isc_buffer_constinit(&b1, key1_name, strlen(key1_name));
+ isc_buffer_add(&b1, strlen(key1_name));
+ result = dns_name_fromtext(name1, &b1, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dst_key_fromfile(name1, key1_id, alg, type, "comparekeys",
+ dt_mctx, &key1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Read key2 from the file.
+ */
+ name2 = dns_fixedname_initname(&fname2);
+ isc_buffer_constinit(&b2, key2_name, strlen(key2_name));
+ isc_buffer_add(&b2, strlen(key2_name));
+ result = dns_name_fromtext(name2, &b2, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dst_key_fromfile(name2, key2_id, alg, type, "comparekeys",
+ dt_mctx, &key2);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Compare the keys (for public-only keys).
+ */
+ if ((type & DST_TYPE_PRIVATE) == 0) {
+ assert_true(dst_key_pubcompare(key1, key2, false) == expect);
+ }
+
+ /*
+ * Compare the keys (for both public-only keys and keypairs).
+ */
+ assert_true(dst_key_compare(key1, key2) == expect);
+
+ /*
+ * Free the keys
+ */
+ dst_key_free(&key2);
+ dst_key_free(&key1);
+
+ return;
+}
+
+static void
+cmp_test(void **state) {
+ UNUSED(state);
+
+ struct {
+ const char *key1_name;
+ dns_keytag_t key1_id;
+ const char *key2_name;
+ dns_keytag_t key2_id;
+ dns_secalg_t alg;
+ int type;
+ bool expect;
+ } testcases[] = {
+ /* RSA Keypair: self */
+ { "example.", 53461, "example.", 53461, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, true },
+
+ /* RSA Keypair: different key */
+ { "example.", 53461, "example2.", 37993, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* RSA Keypair: different PublicExponent (e) */
+ { "example.", 53461, "example-e.", 53973, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* RSA Keypair: different Modulus (n) */
+ { "example.", 53461, "example-n.", 37464, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* RSA Keypair: different PrivateExponent (d) */
+ { "example.", 53461, "example-d.", 53461, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* RSA Keypair: different Prime1 (p) */
+ { "example.", 53461, "example-p.", 53461, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* RSA Keypair: different Prime2 (q) */
+ { "example.", 53461, "example-q.", 53461, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* RSA Public Key: self */
+ { "example.", 53461, "example.", 53461, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC, true },
+
+ /* RSA Public Key: different key */
+ { "example.", 53461, "example2.", 37993, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC, false },
+
+ /* RSA Public Key: different PublicExponent (e) */
+ { "example.", 53461, "example-e.", 53973, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC, false },
+
+ /* RSA Public Key: different Modulus (n) */
+ { "example.", 53461, "example-n.", 37464, DST_ALG_RSASHA256,
+ DST_TYPE_PUBLIC, false },
+
+ /* ECDSA Keypair: self */
+ { "example.", 19786, "example.", 19786, DST_ALG_ECDSA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, true },
+
+ /* ECDSA Keypair: different key */
+ { "example.", 19786, "example2.", 16384, DST_ALG_ECDSA256,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* ECDSA Public Key: self */
+ { "example.", 19786, "example.", 19786, DST_ALG_ECDSA256,
+ DST_TYPE_PUBLIC, true },
+
+ /* ECDSA Public Key: different key */
+ { "example.", 19786, "example2.", 16384, DST_ALG_ECDSA256,
+ DST_TYPE_PUBLIC, false },
+
+ /* EdDSA Keypair: self */
+ { "example.", 63663, "example.", 63663, DST_ALG_ED25519,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, true },
+
+ /* EdDSA Keypair: different key */
+ { "example.", 63663, "example2.", 37529, DST_ALG_ED25519,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, false },
+
+ /* EdDSA Public Key: self */
+ { "example.", 63663, "example.", 63663, DST_ALG_ED25519,
+ DST_TYPE_PUBLIC, true },
+
+ /* EdDSA Public Key: different key */
+ { "example.", 63663, "example2.", 37529, DST_ALG_ED25519,
+ DST_TYPE_PUBLIC, false },
+
+ /* DH Keypair: self */
+ { "example.", 65316, "example.", 65316, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, true },
+
+ /* DH Keypair: different key */
+ { "example.", 65316, "example2.", 19823, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, false },
+
+ /* DH Keypair: different key (with generator=5) */
+ { "example.", 65316, "example3.", 17187, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, false },
+
+ /* DH Keypair: different private key */
+ { "example.", 65316, "example-private.", 65316, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY, false },
+
+ /* DH Public Key: self */
+ { "example.", 65316, "example.", 65316, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_KEY, true },
+
+ /* DH Public Key: different key */
+ { "example.", 65316, "example2.", 19823, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_KEY, false },
+
+ /* DH Public Key: different key (with generator=5) */
+ { "example.", 65316, "example3.", 17187, DST_ALG_DH,
+ DST_TYPE_PUBLIC | DST_TYPE_KEY, false },
+ };
+ unsigned int i;
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ if (!dst_algorithm_supported(testcases[i].alg)) {
+ continue;
+ }
+
+ check_cmp(testcases[i].key1_name, testcases[i].key1_id,
+ testcases[i].key2_name, testcases[i].key2_id,
+ testcases[i].alg, testcases[i].type,
+ testcases[i].expect);
+ }
+}
+#endif /* #if !defined(USE_PKCS11) */
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(sig_test, _setup, _teardown),
+#if !defined(USE_PKCS11)
+ cmocka_unit_test_setup_teardown(cmp_test, _setup, _teardown),
+#endif /* #if !defined(USE_PKCS11) */
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/geoip_test.c b/lib/dns/tests/geoip_test.c
new file mode 100644
index 0000000..054213e
--- /dev/null
+++ b/lib/dns/tests/geoip_test.c
@@ -0,0 +1,433 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/geoip.h>
+
+#include "dnstest.h"
+
+#if defined(HAVE_GEOIP2)
+#include <maxminddb.h>
+
+#include "../geoip2.c"
+
+/* Use GeoIP2 databases from the 'geoip2' system test */
+#define TEST_GEOIP_DATA "../../../bin/tests/system/geoip2/data"
+
+static dns_geoip_databases_t geoip;
+
+static MMDB_s geoip_country, geoip_city, geoip_as, geoip_isp, geoip_domain;
+
+static void
+load_geoip(const char *dir);
+static void
+close_geoip(void);
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Use databases from the geoip system test */
+ load_geoip(TEST_GEOIP_DATA);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ close_geoip();
+
+ dns_test_end();
+
+ return (0);
+}
+
+static MMDB_s *
+open_geoip2(const char *dir, const char *dbfile, MMDB_s *mmdb) {
+ char pathbuf[PATH_MAX];
+ int ret;
+
+ snprintf(pathbuf, sizeof(pathbuf), "%s/%s", dir, dbfile);
+ ret = MMDB_open(pathbuf, MMDB_MODE_MMAP, mmdb);
+ if (ret == MMDB_SUCCESS) {
+ return (mmdb);
+ }
+
+ return (NULL);
+}
+
+static void
+load_geoip(const char *dir) {
+ geoip.country = open_geoip2(dir, "GeoIP2-Country.mmdb", &geoip_country);
+ geoip.city = open_geoip2(dir, "GeoIP2-City.mmdb", &geoip_city);
+ geoip.as = open_geoip2(dir, "GeoLite2-ASN.mmdb", &geoip_as);
+ geoip.isp = open_geoip2(dir, "GeoIP2-ISP.mmdb", &geoip_isp);
+ geoip.domain = open_geoip2(dir, "GeoIP2-Domain.mmdb", &geoip_domain);
+}
+
+static void
+close_geoip(void) {
+ MMDB_close(&geoip_country);
+ MMDB_close(&geoip_city);
+ MMDB_close(&geoip_as);
+ MMDB_close(&geoip_isp);
+ MMDB_close(&geoip_domain);
+}
+
+static bool
+/* Check if an MMDB entry of a given subtype exists for the given IP */
+entry_exists(dns_geoip_subtype_t subtype, const char *addr) {
+ struct in6_addr in6;
+ struct in_addr in4;
+ isc_netaddr_t na;
+ MMDB_s *db;
+
+ if (inet_pton(AF_INET6, addr, &in6) == 1) {
+ isc_netaddr_fromin6(&na, &in6);
+ } else if (inet_pton(AF_INET, addr, &in4) == 1) {
+ isc_netaddr_fromin(&na, &in4);
+ } else {
+ UNREACHABLE();
+ }
+
+ db = geoip2_database(&geoip, fix_subtype(&geoip, subtype));
+
+ return (db != NULL && get_entry_for(db, &na) != NULL);
+}
+
+/*
+ * Baseline test - check if get_entry_for() works as expected, i.e. that its
+ * return values are consistent with the contents of the test MMDBs found in
+ * bin/tests/system/geoip2/data/ (10.53.0.1 and fd92:7065:b8e:ffff::1 should be
+ * present in all databases, 192.0.2.128 should only be present in the country
+ * database, ::1 should be absent from all databases).
+ */
+static void
+baseline(void **state) {
+ dns_geoip_subtype_t subtype;
+
+ UNUSED(state);
+
+ subtype = dns_geoip_city_name;
+
+ assert_true(entry_exists(subtype, "10.53.0.1"));
+ assert_false(entry_exists(subtype, "192.0.2.128"));
+ assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1"));
+ assert_false(entry_exists(subtype, "::1"));
+
+ subtype = dns_geoip_country_name;
+
+ assert_true(entry_exists(subtype, "10.53.0.1"));
+ assert_true(entry_exists(subtype, "192.0.2.128"));
+ assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1"));
+ assert_false(entry_exists(subtype, "::1"));
+
+ subtype = dns_geoip_domain_name;
+
+ assert_true(entry_exists(subtype, "10.53.0.1"));
+ assert_false(entry_exists(subtype, "192.0.2.128"));
+ assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1"));
+ assert_false(entry_exists(subtype, "::1"));
+
+ subtype = dns_geoip_isp_name;
+
+ assert_true(entry_exists(subtype, "10.53.0.1"));
+ assert_false(entry_exists(subtype, "192.0.2.128"));
+ assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1"));
+ assert_false(entry_exists(subtype, "::1"));
+
+ subtype = dns_geoip_as_asnum;
+
+ assert_true(entry_exists(subtype, "10.53.0.1"));
+ assert_false(entry_exists(subtype, "192.0.2.128"));
+ assert_true(entry_exists(subtype, "fd92:7065:b8e:ffff::1"));
+ assert_false(entry_exists(subtype, "::1"));
+}
+
+static bool
+do_lookup_string(const char *addr, dns_geoip_subtype_t subtype,
+ const char *string) {
+ dns_geoip_elem_t elt;
+ struct in_addr in4;
+ isc_netaddr_t na;
+ int n;
+
+ n = inet_pton(AF_INET, addr, &in4);
+ assert_int_equal(n, 1);
+ isc_netaddr_fromin(&na, &in4);
+
+ elt.subtype = subtype;
+ strlcpy(elt.as_string, string, sizeof(elt.as_string));
+
+ return (dns_geoip_match(&na, &geoip, &elt));
+}
+
+static bool
+do_lookup_string_v6(const char *addr, dns_geoip_subtype_t subtype,
+ const char *string) {
+ dns_geoip_elem_t elt;
+ struct in6_addr in6;
+ isc_netaddr_t na;
+ int n;
+
+ n = inet_pton(AF_INET6, addr, &in6);
+ assert_int_equal(n, 1);
+ isc_netaddr_fromin6(&na, &in6);
+
+ elt.subtype = subtype;
+ strlcpy(elt.as_string, string, sizeof(elt.as_string));
+
+ return (dns_geoip_match(&na, &geoip, &elt));
+}
+
+/* GeoIP country matching */
+static void
+country(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.country == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_country_code, "AU");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_country_name,
+ "Australia");
+ assert_true(match);
+
+ match = do_lookup_string("192.0.2.128", dns_geoip_country_code, "O1");
+ assert_true(match);
+
+ match = do_lookup_string("192.0.2.128", dns_geoip_country_name,
+ "Other");
+ assert_true(match);
+}
+
+/* GeoIP country (ipv6) matching */
+static void
+country_v6(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.country == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_country_code, "AU");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_country_name, "Australia");
+ assert_true(match);
+}
+
+/* GeoIP city (ipv4) matching */
+static void
+city(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.city == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_continentcode,
+ "NA");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_countrycode, "US");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_countryname,
+ "United States");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_region, "CA");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_regionname,
+ "California");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_name,
+ "Redwood City");
+ assert_true(match);
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_city_postalcode,
+ "94063");
+ assert_true(match);
+}
+
+/* GeoIP city (ipv6) matching */
+static void
+city_v6(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.city == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_continentcode, "NA");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_countrycode, "US");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_countryname,
+ "United States");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_region, "CA");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_regionname, "California");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_name, "Redwood City");
+ assert_true(match);
+
+ match = do_lookup_string_v6("fd92:7065:b8e:ffff::1",
+ dns_geoip_city_postalcode, "94063");
+ assert_true(match);
+}
+
+/* GeoIP asnum matching */
+static void
+asnum(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.as == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string("10.53.0.3", dns_geoip_as_asnum, "AS100003");
+ assert_true(match);
+}
+
+/* GeoIP isp matching */
+static void
+isp(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.isp == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string("10.53.0.1", dns_geoip_isp_name,
+ "One Systems, Inc.");
+ assert_true(match);
+}
+
+/* GeoIP org matching */
+static void
+org(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.as == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string("10.53.0.2", dns_geoip_org_name,
+ "Two Technology Ltd.");
+ assert_true(match);
+}
+
+/* GeoIP domain matching */
+static void
+domain(void **state) {
+ bool match;
+
+ UNUSED(state);
+
+ if (geoip.domain == NULL) {
+ skip();
+ }
+
+ match = do_lookup_string("10.53.0.5", dns_geoip_domain_name, "five.es");
+ assert_true(match);
+}
+#endif /* HAVE_GEOIP2 */
+
+int
+main(void) {
+#if defined(HAVE_GEOIP2)
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(baseline), cmocka_unit_test(country),
+ cmocka_unit_test(country_v6), cmocka_unit_test(city),
+ cmocka_unit_test(city_v6), cmocka_unit_test(asnum),
+ cmocka_unit_test(isp), cmocka_unit_test(org),
+ cmocka_unit_test(domain),
+ };
+
+ return (cmocka_run_group_tests(tests, _setup, _teardown));
+#else /* if defined(HAVE_GEOIP2) */
+ print_message("1..0 # Skip GeoIP not enabled\n");
+#endif /* if defined(HAVE_GEOIP2) */
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* HAVE_CMOCKA */
diff --git a/lib/dns/tests/keytable_test.c b/lib/dns/tests/keytable_test.c
new file mode 100644
index 0000000..670b1b2
--- /dev/null
+++ b/lib/dns/tests/keytable_test.c
@@ -0,0 +1,720 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/base64.h>
+#include <isc/buffer.h>
+#include <isc/md.h>
+#include <isc/util.h>
+
+#include <dns/fixedname.h>
+#include <dns/keytable.h>
+#include <dns/name.h>
+#include <dns/nta.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatastruct.h>
+#include <dns/rootns.h>
+#include <dns/view.h>
+
+#include <dst/dst.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+dns_keytable_t *keytable = NULL;
+dns_ntatable_t *ntatable = NULL;
+
+static const char *keystr1 = "BQEAAAABok+vaUC9neRv8yeT/"
+ "FEGgN7svR8s7VBUVSBd8NsAiV8AlaAg "
+ "O5FHar3JQd95i/puZos6Vi6at9/"
+ "JBbN8qVmO2AuiXxVqfxMKxIcy+LEB "
+ "0Vw4NaSJ3N3uaVREso6aTSs98H/"
+ "25MjcwLOr7SFfXA7bGhZatLtYY/xu kp6Km5hMfkE=";
+
+static const char *keystr2 = "BQEAAAABwuHz9Cem0BJ0JQTO7C/a3McR6hMaufljs1dfG/"
+ "inaJpYv7vH "
+ "XTrAOm/MeKp+/x6eT4QLru0KoZkvZJnqTI8JyaFTw2OM/"
+ "ItBfh/hL2lm "
+ "Cft2O7n3MfeqYtvjPnY7dWghYW4sVfH7VVEGm958o9nfi7953"
+ "2Qeklxh x8pXWdeAaRU=";
+
+static dns_view_t *view = NULL;
+
+/*
+ * Test utilities. In general, these assume input parameters are valid
+ * (checking with assert_int_equal, thus aborting if not) and unlikely run time
+ * errors (such as memory allocation failure) won't happen. This helps keep
+ * the test code concise.
+ */
+
+/*
+ * Utility to convert C-string to dns_name_t. Return a pointer to
+ * static data, and so is not thread safe.
+ */
+static dns_name_t *
+str2name(const char *namestr) {
+ static dns_fixedname_t fname;
+ static dns_name_t *name;
+ static isc_buffer_t namebuf;
+ void *deconst_namestr;
+
+ name = dns_fixedname_initname(&fname);
+ DE_CONST(namestr, deconst_namestr); /* OK, since we don't modify it */
+ isc_buffer_init(&namebuf, deconst_namestr, strlen(deconst_namestr));
+ isc_buffer_add(&namebuf, strlen(namestr));
+ assert_int_equal(
+ dns_name_fromtext(name, &namebuf, dns_rootname, 0, NULL),
+ ISC_R_SUCCESS);
+
+ return (name);
+}
+
+static void
+create_keystruct(uint16_t flags, uint8_t proto, uint8_t alg, const char *keystr,
+ dns_rdata_dnskey_t *keystruct) {
+ unsigned char keydata[4096];
+ isc_buffer_t keydatabuf;
+ isc_region_t r;
+ const dns_rdataclass_t rdclass = dns_rdataclass_in;
+
+ keystruct->common.rdclass = rdclass;
+ keystruct->common.rdtype = dns_rdatatype_dnskey;
+ keystruct->mctx = dt_mctx;
+ ISC_LINK_INIT(&keystruct->common, link);
+ keystruct->flags = flags;
+ keystruct->protocol = proto;
+ keystruct->algorithm = alg;
+
+ isc_buffer_init(&keydatabuf, keydata, sizeof(keydata));
+ assert_int_equal(isc_base64_decodestring(keystr, &keydatabuf),
+ ISC_R_SUCCESS);
+ isc_buffer_usedregion(&keydatabuf, &r);
+ keystruct->datalen = r.length;
+ keystruct->data = isc_mem_allocate(dt_mctx, r.length);
+ memmove(keystruct->data, r.base, r.length);
+}
+
+static void
+create_dsstruct(dns_name_t *name, uint16_t flags, uint8_t proto, uint8_t alg,
+ const char *keystr, unsigned char *digest,
+ dns_rdata_ds_t *dsstruct) {
+ isc_result_t result;
+ unsigned char rrdata[4096];
+ isc_buffer_t rrdatabuf;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_dnskey_t dnskey;
+
+ /*
+ * Populate DNSKEY rdata structure.
+ */
+ create_keystruct(flags, proto, alg, keystr, &dnskey);
+
+ /*
+ * Convert to wire format.
+ */
+ isc_buffer_init(&rrdatabuf, rrdata, sizeof(rrdata));
+ result = dns_rdata_fromstruct(&rdata, dnskey.common.rdclass,
+ dnskey.common.rdtype, &dnskey,
+ &rrdatabuf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Build DS rdata struct.
+ */
+ result = dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256, digest,
+ dsstruct);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_rdata_freestruct(&dnskey);
+}
+
+/* Common setup: create a keytable and ntatable to test with a few keys */
+static void
+create_tables() {
+ isc_result_t result;
+ unsigned char digest[ISC_MAX_MD_SIZE];
+ dns_rdata_ds_t ds;
+ dns_fixedname_t fn;
+ dns_name_t *keyname = dns_fixedname_name(&fn);
+ isc_stdtime_t now;
+
+ result = dns_test_makeview("view", &view);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_int_equal(dns_keytable_create(dt_mctx, &keytable),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_ntatable_create(view, taskmgr, timermgr, &ntatable),
+ ISC_R_SUCCESS);
+
+ /* Add a normal key */
+ dns_test_namefromstring("example.com", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds),
+ ISC_R_SUCCESS);
+
+ /* Add an initializing managed key */
+ dns_test_namefromstring("managed.com", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, true, true, keyname, &ds),
+ ISC_R_SUCCESS);
+
+ /* Add a null key */
+ assert_int_equal(dns_keytable_marksecure(keytable, str2name("null."
+ "example")),
+ ISC_R_SUCCESS);
+
+ /* Add a negative trust anchor, duration 1 hour */
+ isc_stdtime_get(&now);
+ assert_int_equal(dns_ntatable_add(ntatable,
+ str2name("insecure.example"), false,
+ now, 3600),
+ ISC_R_SUCCESS);
+}
+
+static void
+destroy_tables() {
+ if (ntatable != NULL) {
+ dns_ntatable_detach(&ntatable);
+ }
+ if (keytable != NULL) {
+ dns_keytable_detach(&keytable);
+ }
+
+ dns_view_detach(&view);
+}
+
+/* add keys to the keytable */
+static void
+add_test(void **state) {
+ dns_keynode_t *keynode = NULL;
+ dns_keynode_t *null_keynode = NULL;
+ unsigned char digest[ISC_MAX_MD_SIZE];
+ dns_rdata_ds_t ds;
+ dns_fixedname_t fn;
+ dns_name_t *keyname = dns_fixedname_name(&fn);
+
+ UNUSED(state);
+
+ create_tables();
+
+ /*
+ * Getting the keynode for the example.com key should succeed.
+ */
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("example.com"), &keynode),
+ ISC_R_SUCCESS);
+
+ /*
+ * Try to add the same key. This should have no effect but
+ * report success.
+ */
+ dns_test_namefromstring("example.com", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds),
+ ISC_R_SUCCESS);
+ dns_keytable_detachkeynode(keytable, &keynode);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("example.com"), &keynode),
+ ISC_R_SUCCESS);
+
+ /* Add another key (different keydata) */
+ dns_keytable_detachkeynode(keytable, &keynode);
+ create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("example.com"), &keynode),
+ ISC_R_SUCCESS);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * Get the keynode for the managed.com key. Ensure the
+ * retrieved key is an initializing key, then mark it as trusted using
+ * dns_keynode_trust() and ensure the latter works as expected.
+ */
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("managed.com"), &keynode),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keynode_initial(keynode), true);
+ dns_keynode_trust(keynode);
+ assert_int_equal(dns_keynode_initial(keynode), false);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * Add a different managed key for managed.com, marking it as an
+ * initializing key. Since there is already a trusted key at the
+ * node, the node should *not* be marked as initializing.
+ */
+ dns_test_namefromstring("managed.com", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, true, true, keyname, &ds),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("managed.com"), &keynode),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keynode_initial(keynode), false);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * Add the same managed key again, but this time mark it as a
+ * non-initializing key. Ensure the previously added key is upgraded
+ * to a non-initializing key and make sure there are still two key
+ * nodes for managed.com, both containing non-initializing keys.
+ */
+ assert_int_equal(dns_keytable_add(keytable, true, false, keyname, &ds),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("managed.com"), &keynode),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keynode_initial(keynode), false);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * Add a managed key at a new node, two.com, marking it as an
+ * initializing key.
+ */
+ dns_test_namefromstring("two.com", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, true, true, keyname, &ds),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("two.com"), &keynode),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keynode_initial(keynode), true);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * Add a different managed key for two.com, marking it as a
+ * non-initializing key. Since there is already an iniitalizing
+ * trust anchor for two.com and we haven't run dns_keynode_trust(),
+ * the initialization status should not change.
+ */
+ create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, true, false, keyname, &ds),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("two.com"), &keynode),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keynode_initial(keynode), true);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * Add a normal key to a name that has a null key. The null key node
+ * will be updated with the normal key.
+ */
+ assert_int_equal(dns_keytable_find(keytable, str2name("null.example"),
+ &null_keynode),
+ ISC_R_SUCCESS);
+ dns_test_namefromstring("null.example", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr2, digest, &ds);
+ assert_int_equal(dns_keytable_add(keytable, false, false, keyname, &ds),
+ ISC_R_SUCCESS);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("null.example"), &keynode),
+ ISC_R_SUCCESS);
+ assert_ptr_equal(keynode, null_keynode); /* should be the same node */
+ dns_keytable_detachkeynode(keytable, &null_keynode);
+
+ /*
+ * Try to add a null key to a name that already has a key. It's
+ * effectively no-op, so the same key node is still there.
+ * (Note: this and above checks confirm that if a name has a null key
+ * that's the only key for the name).
+ */
+ assert_int_equal(dns_keytable_marksecure(keytable, str2name("null."
+ "example")),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keytable_find(keytable, str2name("null.example"),
+ &null_keynode),
+ ISC_R_SUCCESS);
+ assert_ptr_equal(keynode, null_keynode);
+ dns_keytable_detachkeynode(keytable, &null_keynode);
+
+ dns_keytable_detachkeynode(keytable, &keynode);
+ destroy_tables();
+}
+
+/* delete keys from the keytable */
+static void
+delete_test(void **state) {
+ UNUSED(state);
+
+ create_tables();
+
+ /* dns_keytable_delete requires exact match */
+ assert_int_equal(dns_keytable_delete(keytable, str2name("example.org")),
+ ISC_R_NOTFOUND);
+ assert_int_equal(dns_keytable_delete(keytable, str2name("s.example."
+ "com")),
+ ISC_R_NOTFOUND);
+ assert_int_equal(dns_keytable_delete(keytable, str2name("example.com")),
+ ISC_R_SUCCESS);
+
+ /* works also for nodes with a null key */
+ assert_int_equal(dns_keytable_delete(keytable, str2name("null."
+ "example")),
+ ISC_R_SUCCESS);
+
+ /* or a negative trust anchor */
+ assert_int_equal(dns_ntatable_delete(ntatable, str2name("insecure."
+ "example")),
+ ISC_R_SUCCESS);
+
+ destroy_tables();
+}
+
+/* delete key nodes from the keytable */
+static void
+deletekey_test(void **state) {
+ dns_rdata_dnskey_t dnskey;
+ dns_fixedname_t fn;
+ dns_name_t *keyname = dns_fixedname_name(&fn);
+
+ UNUSED(state);
+
+ create_tables();
+
+ /* key name doesn't match */
+ dns_test_namefromstring("example.org", &fn);
+ create_keystruct(257, 3, 5, keystr1, &dnskey);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ ISC_R_NOTFOUND);
+ dns_rdata_freestruct(&dnskey);
+
+ /* subdomain match is the same as no match */
+ dns_test_namefromstring("sub.example.org", &fn);
+ create_keystruct(257, 3, 5, keystr1, &dnskey);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ ISC_R_NOTFOUND);
+ dns_rdata_freestruct(&dnskey);
+
+ /* name matches but key doesn't match (resulting in PARTIALMATCH) */
+ dns_test_namefromstring("example.com", &fn);
+ create_keystruct(257, 3, 5, keystr2, &dnskey);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ DNS_R_PARTIALMATCH);
+ dns_rdata_freestruct(&dnskey);
+
+ /*
+ * exact match: should return SUCCESS on the first try, then
+ * PARTIALMATCH on the second (because the name existed but
+ * not a matching key).
+ */
+ create_keystruct(257, 3, 5, keystr1, &dnskey);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ ISC_R_SUCCESS);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ DNS_R_PARTIALMATCH);
+
+ /*
+ * after deleting the node, any deletekey or delete attempt should
+ * result in NOTFOUND.
+ */
+ assert_int_equal(dns_keytable_delete(keytable, keyname), ISC_R_SUCCESS);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ ISC_R_NOTFOUND);
+ dns_rdata_freestruct(&dnskey);
+
+ /*
+ * A null key node for a name is not deleted when searched by key;
+ * it must be deleted by dns_keytable_delete()
+ */
+ dns_test_namefromstring("null.example", &fn);
+ create_keystruct(257, 3, 5, keystr1, &dnskey);
+ assert_int_equal(dns_keytable_deletekey(keytable, keyname, &dnskey),
+ DNS_R_PARTIALMATCH);
+ assert_int_equal(dns_keytable_delete(keytable, keyname), ISC_R_SUCCESS);
+ dns_rdata_freestruct(&dnskey);
+
+ destroy_tables();
+}
+
+/* check find-variant operations */
+static void
+find_test(void **state) {
+ dns_keynode_t *keynode = NULL;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ UNUSED(state);
+
+ create_tables();
+
+ /*
+ * dns_keytable_find() requires exact name match. It matches node
+ * that has a null key, too.
+ */
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("example.org"), &keynode),
+ ISC_R_NOTFOUND);
+ assert_int_equal(dns_keytable_find(keytable,
+ str2name("sub.example.com"),
+ &keynode),
+ ISC_R_NOTFOUND);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("example.com"), &keynode),
+ ISC_R_SUCCESS);
+ dns_keytable_detachkeynode(keytable, &keynode);
+ assert_int_equal(
+ dns_keytable_find(keytable, str2name("null.example"), &keynode),
+ ISC_R_SUCCESS);
+ dns_keytable_detachkeynode(keytable, &keynode);
+
+ /*
+ * dns_keytable_finddeepestmatch() allows partial match. Also match
+ * nodes with a null key.
+ */
+ name = dns_fixedname_initname(&fname);
+ assert_int_equal(dns_keytable_finddeepestmatch(
+ keytable, str2name("example.com"), name),
+ ISC_R_SUCCESS);
+ assert_true(dns_name_equal(name, str2name("example.com")));
+ assert_int_equal(dns_keytable_finddeepestmatch(
+ keytable, str2name("s.example.com"), name),
+ ISC_R_SUCCESS);
+ assert_true(dns_name_equal(name, str2name("example.com")));
+ assert_int_equal(dns_keytable_finddeepestmatch(
+ keytable, str2name("example.org"), name),
+ ISC_R_NOTFOUND);
+ assert_int_equal(dns_keytable_finddeepestmatch(
+ keytable, str2name("null.example"), name),
+ ISC_R_SUCCESS);
+ assert_true(dns_name_equal(name, str2name("null.example")));
+
+ destroy_tables();
+}
+
+/* check issecuredomain() */
+static void
+issecuredomain_test(void **state) {
+ bool issecure;
+ const char **n;
+ const char *names[] = { "example.com", "sub.example.com",
+ "null.example", "sub.null.example", NULL };
+
+ UNUSED(state);
+ create_tables();
+
+ /*
+ * Domains that are an exact or partial match of a key name are
+ * considered secure. It's the case even if the key is null
+ * (validation will then fail, but that's actually the intended effect
+ * of installing a null key).
+ */
+ for (n = names; *n != NULL; n++) {
+ assert_int_equal(dns_keytable_issecuredomain(keytable,
+ str2name(*n), NULL,
+ &issecure),
+ ISC_R_SUCCESS);
+ assert_true(issecure);
+ }
+
+ /*
+ * If the key table has no entry (not even a null one) for a domain or
+ * any of its ancestors, that domain is considered insecure.
+ */
+ assert_int_equal(dns_keytable_issecuredomain(keytable,
+ str2name("example.org"),
+ NULL, &issecure),
+ ISC_R_SUCCESS);
+ assert_false(issecure);
+
+ destroy_tables();
+}
+
+/* check dns_keytable_dump() */
+static void
+dump_test(void **state) {
+ FILE *f = fopen("/dev/null", "w");
+
+ UNUSED(state);
+
+ create_tables();
+
+ /*
+ * Right now, we only confirm the dump attempt doesn't cause disruption
+ * (so we don't check the dump content).
+ */
+ assert_int_equal(dns_keytable_dump(keytable, f), ISC_R_SUCCESS);
+ fclose(f);
+
+ destroy_tables();
+}
+
+/* check negative trust anchors */
+static void
+nta_test(void **state) {
+ isc_result_t result;
+ bool issecure, covered;
+ dns_fixedname_t fn;
+ dns_name_t *keyname = dns_fixedname_name(&fn);
+ unsigned char digest[ISC_MAX_MD_SIZE];
+ dns_rdata_ds_t ds;
+ dns_view_t *myview = NULL;
+ isc_stdtime_t now;
+
+ UNUSED(state);
+
+ result = dns_test_makeview("view", &myview);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = isc_task_create(taskmgr, 0, &myview->task);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_view_initsecroots(myview, dt_mctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_view_getsecroots(myview, &keytable);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_view_initntatable(myview, taskmgr, timermgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_view_getntatable(myview, &ntatable);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_test_namefromstring("example", &fn);
+ create_dsstruct(keyname, 257, 3, 5, keystr1, digest, &ds);
+ result = dns_keytable_add(keytable, false, false, keyname, &ds),
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_stdtime_get(&now);
+ result = dns_ntatable_add(ntatable, str2name("insecure.example"), false,
+ now, 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Should be secure */
+ result = dns_view_issecuredomain(myview,
+ str2name("test.secure.example"), now,
+ true, &covered, &issecure);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_false(covered);
+ assert_true(issecure);
+
+ /* Should not be secure */
+ result = dns_view_issecuredomain(myview,
+ str2name("test.insecure.example"), now,
+ true, &covered, &issecure);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(covered);
+ assert_false(issecure);
+
+ /* NTA covered */
+ covered = dns_view_ntacovers(myview, now, str2name("insecure.example"),
+ dns_rootname);
+ assert_true(covered);
+
+ /* Not NTA covered */
+ covered = dns_view_ntacovers(myview, now, str2name("secure.example"),
+ dns_rootname);
+ assert_false(covered);
+
+ /* As of now + 2, the NTA should be clear */
+ result = dns_view_issecuredomain(myview,
+ str2name("test.insecure.example"),
+ now + 2, true, &covered, &issecure);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_false(covered);
+ assert_true(issecure);
+
+ /* Now check deletion */
+ result = dns_view_issecuredomain(myview, str2name("test.new.example"),
+ now, true, &covered, &issecure);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_false(covered);
+ assert_true(issecure);
+
+ result = dns_ntatable_add(ntatable, str2name("new.example"), false, now,
+ 3600);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_view_issecuredomain(myview, str2name("test.new.example"),
+ now, true, &covered, &issecure);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(covered);
+ assert_false(issecure);
+
+ result = dns_ntatable_delete(ntatable, str2name("new.example"));
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_view_issecuredomain(myview, str2name("test.new.example"),
+ now, true, &covered, &issecure);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_false(covered);
+ assert_true(issecure);
+
+ /* Clean up */
+ dns_ntatable_detach(&ntatable);
+ dns_keytable_detach(&keytable);
+ dns_view_detach(&myview);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(add_test),
+ cmocka_unit_test(delete_test),
+ cmocka_unit_test(deletekey_test),
+ cmocka_unit_test(find_test),
+ cmocka_unit_test(issecuredomain_test),
+ cmocka_unit_test(dump_test),
+ cmocka_unit_test(nta_test),
+ };
+
+ return (cmocka_run_group_tests(tests, _setup, _teardown));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/master_test.c b/lib/dns/tests/master_test.c
new file mode 100644
index 0000000..c060c0d
--- /dev/null
+++ b/lib/dns/tests/master_test.c
@@ -0,0 +1,633 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/print.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/cache.h>
+#include <dns/callbacks.h>
+#include <dns/db.h>
+#include <dns/master.h>
+#include <dns/masterdump.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static void
+nullmsg(dns_rdatacallbacks_t *cb, const char *fmt, ...) {
+ UNUSED(cb);
+ UNUSED(fmt);
+}
+
+#define BUFLEN 255
+#define BIGBUFLEN (70 * 1024)
+#define TEST_ORIGIN "test"
+
+static dns_masterrawheader_t header;
+static bool headerset;
+
+dns_name_t dns_origin;
+char origin[sizeof(TEST_ORIGIN)];
+unsigned char name_buf[BUFLEN];
+dns_rdatacallbacks_t callbacks;
+char *include_file = NULL;
+
+static void
+rawdata_callback(dns_zone_t *zone, dns_masterrawheader_t *header);
+
+static isc_result_t
+add_callback(void *arg, const dns_name_t *owner, dns_rdataset_t *dataset) {
+ char buf[BIGBUFLEN];
+ isc_buffer_t target;
+ isc_result_t result;
+
+ UNUSED(arg);
+
+ isc_buffer_init(&target, buf, BIGBUFLEN);
+ result = dns_rdataset_totext(dataset, owner, false, false, &target);
+ return (result);
+}
+
+static void
+rawdata_callback(dns_zone_t *zone, dns_masterrawheader_t *h) {
+ UNUSED(zone);
+ header = *h;
+ headerset = true;
+}
+
+static isc_result_t
+setup_master(void (*warn)(struct dns_rdatacallbacks *, const char *, ...),
+ void (*error)(struct dns_rdatacallbacks *, const char *, ...)) {
+ isc_result_t result;
+ int len;
+ isc_buffer_t source;
+ isc_buffer_t target;
+
+ strlcpy(origin, TEST_ORIGIN, sizeof(origin));
+ len = strlen(origin);
+ isc_buffer_init(&source, origin, len);
+ isc_buffer_add(&source, len);
+ isc_buffer_setactive(&source, len);
+ isc_buffer_init(&target, name_buf, BUFLEN);
+ dns_name_init(&dns_origin, NULL);
+ dns_master_initrawheader(&header);
+
+ result = dns_name_fromtext(&dns_origin, &source, dns_rootname, 0,
+ &target);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ dns_rdatacallbacks_init_stdio(&callbacks);
+ callbacks.add = add_callback;
+ callbacks.rawdata = rawdata_callback;
+ callbacks.zone = NULL;
+ if (warn != NULL) {
+ callbacks.warn = warn;
+ }
+ if (error != NULL) {
+ callbacks.error = error;
+ }
+ headerset = false;
+ return (result);
+}
+
+static isc_result_t
+test_master(const char *testfile, dns_masterformat_t format,
+ void (*warn)(struct dns_rdatacallbacks *, const char *, ...),
+ void (*error)(struct dns_rdatacallbacks *, const char *, ...)) {
+ isc_result_t result;
+
+ result = setup_master(warn, error);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ dns_rdatacallbacks_init_stdio(&callbacks);
+ callbacks.add = add_callback;
+ callbacks.rawdata = rawdata_callback;
+ callbacks.zone = NULL;
+ if (warn != NULL) {
+ callbacks.warn = warn;
+ }
+ if (error != NULL) {
+ callbacks.error = error;
+ }
+
+ result = dns_master_loadfile(testfile, &dns_origin, &dns_origin,
+ dns_rdataclass_in, true, 0, &callbacks,
+ NULL, NULL, dt_mctx, format, 0);
+ return (result);
+}
+
+static void
+include_callback(const char *filename, void *arg) {
+ char **argp = (char **)arg;
+ *argp = isc_mem_strdup(dt_mctx, filename);
+}
+
+/*
+ * Successful load test:
+ * dns_master_loadfile() loads a valid master file and returns success
+ */
+static void
+load_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master1.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/*
+ * Unexpected end of file test:
+ * dns_master_loadfile() returns DNS_R_UNEXPECTED when file ends too soon
+ */
+static void
+unexpected_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master2.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_UNEXPECTEDEND);
+}
+
+/*
+ * No owner test:
+ * dns_master_loadfile() accepts broken zones with no TTL for first record
+ * if it is an SOA
+ */
+static void
+noowner_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master3.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, DNS_R_NOOWNER);
+}
+
+/*
+ * No TTL test:
+ * dns_master_loadfile() returns DNS_R_NOOWNER when no owner name is
+ * specified
+ */
+static void
+nottl_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master4.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/*
+ * Bad class test:
+ * dns_master_loadfile() returns DNS_R_BADCLASS when record class doesn't
+ * match zone class
+ */
+static void
+badclass_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master5.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, DNS_R_BADCLASS);
+}
+
+/*
+ * Too big rdata test:
+ * dns_master_loadfile() returns ISC_R_NOSPACE when record is too big
+ */
+static void
+toobig_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master15.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_NOSPACE);
+}
+
+/*
+ * Maximum rdata test:
+ * dns_master_loadfile() returns ISC_R_SUCCESS when record is maximum size
+ */
+static void
+maxrdata_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master16.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/*
+ * DNSKEY test:
+ * dns_master_loadfile() understands DNSKEY with key material
+ */
+static void
+dnskey_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master6.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/*
+ * DNSKEY with no key material test:
+ * dns_master_loadfile() understands DNSKEY with no key material
+ *
+ * RFC 4034 removed the ability to signal NOKEY, so empty key material should
+ * be rejected.
+ */
+static void
+dnsnokey_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master7.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_UNEXPECTEDEND);
+}
+
+/*
+ * Include test:
+ * dns_master_loadfile() understands $INCLUDE
+ */
+static void
+include_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master8.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, DNS_R_SEENINCLUDE);
+}
+
+/*
+ * Include file list test:
+ * dns_master_loadfile4() returns names of included file
+ */
+static void
+master_includelist_test(void **state) {
+ isc_result_t result;
+ char *filename = NULL;
+
+ UNUSED(state);
+
+ result = setup_master(nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_master_loadfile(
+ "testdata/master/master8.data", &dns_origin, &dns_origin,
+ dns_rdataclass_in, 0, true, &callbacks, include_callback,
+ &filename, dt_mctx, dns_masterformat_text, 0);
+ assert_int_equal(result, DNS_R_SEENINCLUDE);
+ assert_non_null(filename);
+ if (filename != NULL) {
+ assert_string_equal(filename, "testdata/master/master6.data");
+ isc_mem_free(dt_mctx, filename);
+ }
+}
+
+/*
+ * Include failure test:
+ * dns_master_loadfile() understands $INCLUDE failures
+ */
+static void
+includefail_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master9.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, DNS_R_BADCLASS);
+}
+
+/*
+ * Non-empty blank lines test:
+ * dns_master_loadfile() handles non-empty blank lines
+ */
+static void
+blanklines_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master10.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/*
+ * SOA leading zeroes test:
+ * dns_master_loadfile() allows leading zeroes in SOA
+ */
+
+static void
+leadingzero_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = test_master("testdata/master/master11.data",
+ dns_masterformat_text, nullmsg, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/* masterfile totext tests */
+static void
+totext_test(void **state) {
+ isc_result_t result;
+ dns_rdataset_t rdataset;
+ dns_rdatalist_t rdatalist;
+ isc_buffer_t target;
+ unsigned char buf[BIGBUFLEN];
+
+ UNUSED(state);
+
+ /* First, test with an empty rdataset */
+ dns_rdatalist_init(&rdatalist);
+ rdatalist.rdclass = dns_rdataclass_in;
+ rdatalist.type = dns_rdatatype_none;
+ rdatalist.covers = dns_rdatatype_none;
+
+ dns_rdataset_init(&rdataset);
+ result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_buffer_init(&target, buf, BIGBUFLEN);
+ result = dns_master_rdatasettotext(dns_rootname, &rdataset,
+ &dns_master_style_debug, NULL,
+ &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(isc_buffer_usedlength(&target), 0);
+
+ /*
+ * XXX: We will also need to add tests for dumping various
+ * rdata types, classes, etc, and comparing the results against
+ * known-good output.
+ */
+}
+
+/*
+ * Raw load test:
+ * dns_master_loadfile() loads a valid raw file and returns success
+ */
+static void
+loadraw_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ /* Raw format version 0 */
+ result = test_master("testdata/master/master12.data",
+ dns_masterformat_raw, nullmsg, nullmsg);
+ assert_string_equal(isc_result_totext(result), "success");
+ assert_true(headerset);
+ assert_int_equal(header.flags, 0);
+
+ /* Raw format version 1, no source serial */
+ result = test_master("testdata/master/master13.data",
+ dns_masterformat_raw, nullmsg, nullmsg);
+ assert_string_equal(isc_result_totext(result), "success");
+ assert_true(headerset);
+ assert_int_equal(header.flags, 0);
+
+ /* Raw format version 1, source serial == 2011120101 */
+ result = test_master("testdata/master/master14.data",
+ dns_masterformat_raw, nullmsg, nullmsg);
+ assert_string_equal(isc_result_totext(result), "success");
+ assert_true(headerset);
+ assert_true((header.flags & DNS_MASTERRAW_SOURCESERIALSET) != 0);
+ assert_int_equal(header.sourceserial, 2011120101);
+}
+
+/*
+ * Raw dump test:
+ * dns_master_dump*() functions dump valid raw files
+ */
+static void
+dumpraw_test(void **state) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ dns_dbversion_t *version = NULL;
+ char myorigin[sizeof(TEST_ORIGIN)];
+ dns_name_t dnsorigin;
+ isc_buffer_t source, target;
+ unsigned char namebuf[BUFLEN];
+ int len;
+
+ UNUSED(state);
+
+ strlcpy(myorigin, TEST_ORIGIN, sizeof(myorigin));
+ len = strlen(myorigin);
+ isc_buffer_init(&source, myorigin, len);
+ isc_buffer_add(&source, len);
+ isc_buffer_setactive(&source, len);
+ isc_buffer_init(&target, namebuf, BUFLEN);
+ dns_name_init(&dnsorigin, NULL);
+ result = dns_name_fromtext(&dnsorigin, &source, dns_rootname, 0,
+ &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_create(dt_mctx, "rbt", &dnsorigin, dns_dbtype_zone,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_load(db, "testdata/master/master1.data",
+ dns_masterformat_text, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_db_currentversion(db, &version);
+
+ result = dns_master_dump(dt_mctx, db, version,
+ &dns_master_style_default, "test.dump",
+ dns_masterformat_raw, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = test_master("test.dump", dns_masterformat_raw, nullmsg,
+ nullmsg);
+ assert_string_equal(isc_result_totext(result), "success");
+ assert_true(headerset);
+ assert_int_equal(header.flags, 0);
+
+ dns_master_initrawheader(&header);
+ header.sourceserial = 12345;
+ header.flags |= DNS_MASTERRAW_SOURCESERIALSET;
+
+ unlink("test.dump");
+ result = dns_master_dump(dt_mctx, db, version,
+ &dns_master_style_default, "test.dump",
+ dns_masterformat_raw, &header);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = test_master("test.dump", dns_masterformat_raw, nullmsg,
+ nullmsg);
+ assert_string_equal(isc_result_totext(result), "success");
+ assert_true(headerset);
+ assert_true((header.flags & DNS_MASTERRAW_SOURCESERIALSET) != 0);
+ assert_int_equal(header.sourceserial, 12345);
+
+ unlink("test.dump");
+ dns_db_closeversion(db, &version, false);
+ dns_db_detach(&db);
+}
+
+static const char *warn_expect_value;
+static bool warn_expect_result;
+
+static void
+warn_expect(struct dns_rdatacallbacks *mycallbacks, const char *fmt, ...) {
+ char buf[4096];
+ va_list ap;
+
+ UNUSED(mycallbacks);
+
+ warn_expect_result = false;
+
+ va_start(ap, fmt);
+ vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+
+ if (warn_expect_value != NULL && strstr(buf, warn_expect_value) != NULL)
+ {
+ warn_expect_result = true;
+ }
+}
+
+/*
+ * Origin change test:
+ * dns_master_loadfile() rejects zones with inherited name following $ORIGIN
+ */
+static void
+neworigin_test(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ warn_expect_value = "record with inherited owner";
+ result = test_master("testdata/master/master17.data",
+ dns_masterformat_text, warn_expect, nullmsg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(warn_expect_result);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(load_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(unexpected_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(noowner_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(nottl_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(badclass_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(dnskey_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(dnsnokey_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(include_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(master_includelist_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(includefail_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(blanklines_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(leadingzero_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(totext_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(loadraw_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(dumpraw_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(toobig_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(maxrdata_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(neworigin_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/mkraw.pl b/lib/dns/tests/mkraw.pl
new file mode 100644
index 0000000..5e0db75
--- /dev/null
+++ b/lib/dns/tests/mkraw.pl
@@ -0,0 +1,26 @@
+#!/usr/bin/perl -w
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# Convert a hexdump to binary format.
+#
+# To convert binary data to the input format for this command,
+# use the following:
+#
+# perl -e 'while (read(STDIN, my $byte, 1)) {
+# print unpack("H2", $byte);
+# }
+# print "\n";' < file > file.in
+
+use strict;
+chomp(my $line = <STDIN>);
+print pack("H*", $line);
diff --git a/lib/dns/tests/name_test.c b/lib/dns/tests/name_test.c
new file mode 100644
index 0000000..e48c64e
--- /dev/null
+++ b/lib/dns/tests/name_test.c
@@ -0,0 +1,796 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/mem.h>
+#include <isc/os.h>
+#include <isc/print.h>
+#include <isc/thread.h>
+#include <isc/util.h>
+
+#include <dns/compress.h>
+#include <dns/fixedname.h>
+#include <dns/name.h>
+
+#include "dnstest.h"
+
+/* Set to true (or use -v option) for verbose output */
+static bool verbose = false;
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* dns_name_fullcompare test */
+static void
+fullcompare_test(void **state) {
+ dns_fixedname_t fixed1;
+ dns_fixedname_t fixed2;
+ dns_name_t *name1;
+ dns_name_t *name2;
+ dns_namereln_t relation;
+ int i;
+ isc_result_t result;
+ struct {
+ const char *name1;
+ const char *name2;
+ dns_namereln_t relation;
+ int order;
+ unsigned int nlabels;
+ } data[] = {
+ /* relative */
+ { "", "", dns_namereln_equal, 0, 0 },
+ { "foo", "", dns_namereln_subdomain, 1, 0 },
+ { "", "foo", dns_namereln_contains, -1, 0 },
+ { "foo", "bar", dns_namereln_none, 4, 0 },
+ { "bar", "foo", dns_namereln_none, -4, 0 },
+ { "bar.foo", "foo", dns_namereln_subdomain, 1, 1 },
+ { "foo", "bar.foo", dns_namereln_contains, -1, 1 },
+ { "baz.bar.foo", "bar.foo", dns_namereln_subdomain, 1, 2 },
+ { "bar.foo", "baz.bar.foo", dns_namereln_contains, -1, 2 },
+ { "foo.example", "bar.example", dns_namereln_commonancestor, 4,
+ 1 },
+
+ /* absolute */
+ { ".", ".", dns_namereln_equal, 0, 1 },
+ { "foo.", "bar.", dns_namereln_commonancestor, 4, 1 },
+ { "bar.", "foo.", dns_namereln_commonancestor, -4, 1 },
+ { "foo.example.", "bar.example.", dns_namereln_commonancestor,
+ 4, 2 },
+ { "bar.foo.", "foo.", dns_namereln_subdomain, 1, 2 },
+ { "foo.", "bar.foo.", dns_namereln_contains, -1, 2 },
+ { "baz.bar.foo.", "bar.foo.", dns_namereln_subdomain, 1, 3 },
+ { "bar.foo.", "baz.bar.foo.", dns_namereln_contains, -1, 3 },
+ { NULL, NULL, dns_namereln_none, 0, 0 }
+ };
+
+ UNUSED(state);
+
+ name1 = dns_fixedname_initname(&fixed1);
+ name2 = dns_fixedname_initname(&fixed2);
+ for (i = 0; data[i].name1 != NULL; i++) {
+ int order = 3000;
+ unsigned int nlabels = 3000;
+
+ if (data[i].name1[0] == 0) {
+ dns_fixedname_init(&fixed1);
+ } else {
+ result = dns_name_fromstring2(name1, data[i].name1,
+ NULL, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+ if (data[i].name2[0] == 0) {
+ dns_fixedname_init(&fixed2);
+ } else {
+ result = dns_name_fromstring2(name2, data[i].name2,
+ NULL, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+ relation = dns_name_fullcompare(name1, name1, &order, &nlabels);
+ assert_int_equal(relation, dns_namereln_equal);
+ assert_int_equal(order, 0);
+ assert_int_equal(nlabels, name1->labels);
+
+ /* Some random initializer */
+ order = 3001;
+ nlabels = 3001;
+
+ relation = dns_name_fullcompare(name1, name2, &order, &nlabels);
+ assert_int_equal(relation, data[i].relation);
+ assert_int_equal(order, data[i].order);
+ assert_int_equal(nlabels, data[i].nlabels);
+ }
+}
+
+static void
+compress_test(dns_name_t *name1, dns_name_t *name2, dns_name_t *name3,
+ unsigned char *expected, unsigned int length,
+ dns_compress_t *cctx, dns_decompress_t *dctx) {
+ isc_buffer_t source;
+ isc_buffer_t target;
+ dns_name_t name;
+ unsigned char buf1[1024];
+ unsigned char buf2[1024];
+
+ isc_buffer_init(&source, buf1, sizeof(buf1));
+ isc_buffer_init(&target, buf2, sizeof(buf2));
+
+ assert_int_equal(dns_name_towire(name1, cctx, &source), ISC_R_SUCCESS);
+
+ assert_int_equal(dns_name_towire(name2, cctx, &source), ISC_R_SUCCESS);
+ assert_int_equal(dns_name_towire(name2, cctx, &source), ISC_R_SUCCESS);
+ assert_int_equal(dns_name_towire(name3, cctx, &source), ISC_R_SUCCESS);
+
+ isc_buffer_setactive(&source, source.used);
+
+ dns_name_init(&name, NULL);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) ==
+ ISC_R_SUCCESS);
+ RUNTIME_CHECK(dns_name_fromwire(&name, &source, dctx, 0, &target) ==
+ ISC_R_SUCCESS);
+ dns_decompress_invalidate(dctx);
+
+ assert_int_equal(target.used, length);
+ assert_true(memcmp(target.base, expected, target.used) == 0);
+}
+
+/* name compression test */
+static void
+compression_test(void **state) {
+ unsigned int allowed;
+ dns_compress_t cctx;
+ dns_decompress_t dctx;
+ dns_name_t name1;
+ dns_name_t name2;
+ dns_name_t name3;
+ isc_region_t r;
+ unsigned char plain1[] = "\003yyy\003foo";
+ unsigned char plain2[] = "\003bar\003yyy\003foo";
+ unsigned char plain3[] = "\003xxx\003bar\003foo";
+ unsigned char plain[] = "\003yyy\003foo\0\003bar\003yyy\003foo\0\003"
+ "bar\003yyy\003foo\0\003xxx\003bar\003foo";
+
+ UNUSED(state);
+
+ dns_name_init(&name1, NULL);
+ r.base = plain1;
+ r.length = sizeof(plain1);
+ dns_name_fromregion(&name1, &r);
+
+ dns_name_init(&name2, NULL);
+ r.base = plain2;
+ r.length = sizeof(plain2);
+ dns_name_fromregion(&name2, &r);
+
+ dns_name_init(&name3, NULL);
+ r.base = plain3;
+ r.length = sizeof(plain3);
+ dns_name_fromregion(&name3, &r);
+
+ /* Test 1: NONE */
+ allowed = DNS_COMPRESS_NONE;
+ assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, allowed);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, allowed);
+
+ compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx,
+ &dctx);
+
+ dns_compress_rollback(&cctx, 0);
+ dns_compress_invalidate(&cctx);
+
+ /* Test2: GLOBAL14 */
+ allowed = DNS_COMPRESS_GLOBAL14;
+ assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, allowed);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, allowed);
+
+ compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx,
+ &dctx);
+
+ dns_compress_rollback(&cctx, 0);
+ dns_compress_invalidate(&cctx);
+
+ /* Test3: ALL */
+ allowed = DNS_COMPRESS_ALL;
+ assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, allowed);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, allowed);
+
+ compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx,
+ &dctx);
+
+ dns_compress_rollback(&cctx, 0);
+ dns_compress_invalidate(&cctx);
+
+ /* Test4: NONE disabled */
+ allowed = DNS_COMPRESS_NONE;
+ assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, allowed);
+ dns_compress_disable(&cctx);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, allowed);
+
+ compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx,
+ &dctx);
+
+ dns_compress_rollback(&cctx, 0);
+ dns_compress_invalidate(&cctx);
+
+ /* Test5: GLOBAL14 disabled */
+ allowed = DNS_COMPRESS_GLOBAL14;
+ assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, allowed);
+ dns_compress_disable(&cctx);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, allowed);
+
+ compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx,
+ &dctx);
+
+ dns_compress_rollback(&cctx, 0);
+ dns_compress_invalidate(&cctx);
+
+ /* Test6: ALL disabled */
+ allowed = DNS_COMPRESS_ALL;
+ assert_int_equal(dns_compress_init(&cctx, -1, dt_mctx), ISC_R_SUCCESS);
+ dns_compress_setmethods(&cctx, allowed);
+ dns_compress_disable(&cctx);
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, allowed);
+
+ compress_test(&name1, &name2, &name3, plain, sizeof(plain), &cctx,
+ &dctx);
+
+ dns_compress_rollback(&cctx, 0);
+ dns_compress_invalidate(&cctx);
+}
+
+/* is trust-anchor-telemetry test */
+static void
+istat_test(void **state) {
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_result_t result;
+ size_t i;
+ struct {
+ const char *name;
+ bool istat;
+ } data[] = { { ".", false },
+ { "_ta-", false },
+ { "_ta-1234", true },
+ { "_TA-1234", true },
+ { "+TA-1234", false },
+ { "_fa-1234", false },
+ { "_td-1234", false },
+ { "_ta_1234", false },
+ { "_ta-g234", false },
+ { "_ta-1h34", false },
+ { "_ta-12i4", false },
+ { "_ta-123j", false },
+ { "_ta-1234-abcf", true },
+ { "_ta-1234-abcf-ED89", true },
+ { "_ta-12345-abcf-ED89", false },
+ { "_ta-.example", false },
+ { "_ta-1234.example", true },
+ { "_ta-1234-abcf.example", true },
+ { "_ta-1234-abcf-ED89.example", true },
+ { "_ta-12345-abcf-ED89.example", false },
+ { "_ta-1234-abcfe-ED89.example", false },
+ { "_ta-1234-abcf-EcD89.example", false } };
+
+ UNUSED(state);
+
+ name = dns_fixedname_initname(&fixed);
+
+ for (i = 0; i < (sizeof(data) / sizeof(data[0])); i++) {
+ result = dns_name_fromstring(name, data[i].name, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dns_name_istat(name), data[i].istat);
+ }
+}
+
+/* dns_nane_init */
+static void
+init_test(void **state) {
+ dns_name_t name;
+ unsigned char offsets[1];
+
+ UNUSED(state);
+
+ dns_name_init(&name, offsets);
+
+ assert_null(name.ndata);
+ assert_int_equal(name.length, 0);
+ assert_int_equal(name.labels, 0);
+ assert_int_equal(name.attributes, 0);
+ assert_ptr_equal(name.offsets, offsets);
+ assert_null(name.buffer);
+}
+
+/* dns_nane_invalidate */
+static void
+invalidate_test(void **state) {
+ dns_name_t name;
+ unsigned char offsets[1];
+
+ UNUSED(state);
+
+ dns_name_init(&name, offsets);
+ dns_name_invalidate(&name);
+
+ assert_null(name.ndata);
+ assert_int_equal(name.length, 0);
+ assert_int_equal(name.labels, 0);
+ assert_int_equal(name.attributes, 0);
+ assert_null(name.offsets);
+ assert_null(name.buffer);
+}
+
+/* dns_nane_setbuffer/hasbuffer */
+static void
+buffer_test(void **state) {
+ dns_name_t name;
+ unsigned char buf[BUFSIZ];
+ isc_buffer_t b;
+
+ UNUSED(state);
+
+ isc_buffer_init(&b, buf, BUFSIZ);
+ dns_name_init(&name, NULL);
+ dns_name_setbuffer(&name, &b);
+ assert_ptr_equal(name.buffer, &b);
+ assert_true(dns_name_hasbuffer(&name));
+}
+
+/* dns_nane_isabsolute */
+static void
+isabsolute_test(void **state) {
+ struct {
+ const char *namestr;
+ bool expect;
+ } testcases[] = { { "x", false },
+ { "a.b.c.d.", true },
+ { "x.z", false } };
+ unsigned int i;
+
+ UNUSED(state);
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ isc_result_t result;
+ dns_name_t name;
+ unsigned char data[BUFSIZ];
+ isc_buffer_t b, nb;
+ size_t len;
+
+ len = strlen(testcases[i].namestr);
+ isc_buffer_constinit(&b, testcases[i].namestr, len);
+ isc_buffer_add(&b, len);
+
+ dns_name_init(&name, NULL);
+ isc_buffer_init(&nb, data, BUFSIZ);
+ dns_name_setbuffer(&name, &nb);
+ result = dns_name_fromtext(&name, &b, NULL, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_int_equal(dns_name_isabsolute(&name),
+ testcases[i].expect);
+ }
+}
+
+/* dns_nane_hash */
+static void
+hash_test(void **state) {
+ struct {
+ const char *name1;
+ const char *name2;
+ bool expect;
+ bool expecti;
+ } testcases[] = {
+ { "a.b.c.d", "A.B.C.D", true, false },
+ { "a.b.c.d.", "A.B.C.D.", true, false },
+ { "a.b.c.d", "a.b.c.d", true, true },
+ { "A.B.C.D.", "A.B.C.D.", true, false },
+ { "x.y.z.w", "a.b.c.d", false, false },
+ { "x.y.z.w.", "a.b.c.d.", false, false },
+ };
+ unsigned int i;
+
+ UNUSED(state);
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ isc_result_t result;
+ dns_fixedname_t f1, f2;
+ dns_name_t *n1, *n2;
+ unsigned int h1, h2;
+
+ n1 = dns_fixedname_initname(&f1);
+ n2 = dns_fixedname_initname(&f2);
+
+ result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Check case-insensitive hashing first */
+ h1 = dns_name_hash(n1, false);
+ h2 = dns_name_hash(n2, false);
+
+ if (verbose) {
+ print_message("# %s hashes to %u, "
+ "%s to %u, case insensitive\n",
+ testcases[i].name1, h1,
+ testcases[i].name2, h2);
+ }
+
+ assert_int_equal((h1 == h2), testcases[i].expect);
+
+ /* Now case-sensitive */
+ h1 = dns_name_hash(n1, false);
+ h2 = dns_name_hash(n2, false);
+
+ if (verbose) {
+ print_message("# %s hashes to %u, "
+ "%s to %u, case sensitive\n",
+ testcases[i].name1, h1,
+ testcases[i].name2, h2);
+ }
+
+ assert_int_equal((h1 == h2), testcases[i].expect);
+ }
+}
+
+/* dns_nane_issubdomain */
+static void
+issubdomain_test(void **state) {
+ struct {
+ const char *name1;
+ const char *name2;
+ bool expect;
+ } testcases[] = {
+ { "c.d", "a.b.c.d", false }, { "c.d.", "a.b.c.d.", false },
+ { "b.c.d", "c.d", true }, { "a.b.c.d.", "c.d.", true },
+ { "a.b.c", "a.b.c", true }, { "a.b.c.", "a.b.c.", true },
+ { "x.y.z", "a.b.c", false }
+ };
+ unsigned int i;
+
+ UNUSED(state);
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ isc_result_t result;
+ dns_fixedname_t f1, f2;
+ dns_name_t *n1, *n2;
+
+ n1 = dns_fixedname_initname(&f1);
+ n2 = dns_fixedname_initname(&f2);
+
+ result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ if (verbose) {
+ print_message("# check: %s %s a subdomain of %s\n",
+ testcases[i].name1,
+ testcases[i].expect ? "is" : "is not",
+ testcases[i].name2);
+ }
+
+ assert_int_equal(dns_name_issubdomain(n1, n2),
+ testcases[i].expect);
+ }
+}
+
+/* dns_nane_countlabels */
+static void
+countlabels_test(void **state) {
+ struct {
+ const char *namestr;
+ unsigned int expect;
+ } testcases[] = {
+ { "c.d", 2 }, { "c.d.", 3 }, { "a.b.c.d.", 5 },
+ { "a.b.c.d", 4 }, { "a.b.c", 3 }, { ".", 1 },
+ };
+ unsigned int i;
+
+ UNUSED(state);
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ isc_result_t result;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ name = dns_fixedname_initname(&fname);
+
+ result = dns_name_fromstring2(name, testcases[i].namestr, NULL,
+ 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ if (verbose) {
+ print_message("# %s: expect %u labels\n",
+ testcases[i].namestr,
+ testcases[i].expect);
+ }
+
+ assert_int_equal(dns_name_countlabels(name),
+ testcases[i].expect);
+ }
+}
+
+/* dns_nane_getlabel */
+static void
+getlabel_test(void **state) {
+ struct {
+ const char *name1;
+ unsigned int pos1;
+ const char *name2;
+ unsigned int pos2;
+ } testcases[] = {
+ { "c.d", 1, "a.b.c.d", 3 },
+ { "a.b.c.d", 3, "c.d", 1 },
+ { "a.b.c.", 3, "A.B.C.", 3 },
+ };
+ unsigned int i;
+
+ UNUSED(state);
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ isc_result_t result;
+ dns_fixedname_t f1, f2;
+ dns_name_t *n1, *n2;
+ dns_label_t l1, l2;
+ unsigned int j;
+
+ n1 = dns_fixedname_initname(&f1);
+ n2 = dns_fixedname_initname(&f2);
+
+ result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_name_getlabel(n1, testcases[i].pos1, &l1);
+ dns_name_getlabel(n2, testcases[i].pos2, &l2);
+ assert_int_equal(l1.length, l2.length);
+
+ for (j = 0; j < l1.length; j++) {
+ assert_int_equal(l1.base[j], l2.base[j]);
+ }
+ }
+}
+
+/* dns_nane_getlabelsequence */
+static void
+getlabelsequence_test(void **state) {
+ struct {
+ const char *name1;
+ unsigned int pos1;
+ const char *name2;
+ unsigned int pos2;
+ unsigned int range;
+ } testcases[] = {
+ { "c.d", 1, "a.b.c.d", 3, 1 },
+ { "a.b.c.d.e", 2, "c.d", 0, 2 },
+ { "a.b.c", 0, "a.b.c", 0, 3 },
+ };
+ unsigned int i;
+
+ UNUSED(state);
+
+ for (i = 0; i < (sizeof(testcases) / sizeof(testcases[0])); i++) {
+ isc_result_t result;
+ dns_name_t t1, t2;
+ dns_fixedname_t f1, f2;
+ dns_name_t *n1, *n2;
+
+ /* target names */
+ dns_name_init(&t1, NULL);
+ dns_name_init(&t2, NULL);
+
+ /* source names */
+ n1 = dns_fixedname_initname(&f1);
+ n2 = dns_fixedname_initname(&f2);
+
+ result = dns_name_fromstring2(n1, testcases[i].name1, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_name_fromstring2(n2, testcases[i].name2, NULL, 0,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_name_getlabelsequence(n1, testcases[i].pos1,
+ testcases[i].range, &t1);
+ dns_name_getlabelsequence(n2, testcases[i].pos2,
+ testcases[i].range, &t2);
+
+ assert_true(dns_name_equal(&t1, &t2));
+ }
+}
+
+#ifdef DNS_BENCHMARK_TESTS
+
+/*
+ * XXXMUKS: Don't delete this code. It is useful in benchmarking the
+ * name parser, but we don't require it as part of the unit test runs.
+ */
+
+/* Benchmark dns_name_fromwire() implementation */
+
+static void *
+fromwire_thread(void *arg) {
+ unsigned int maxval = 32000000;
+ uint8_t data[] = { 3, 'w', 'w', 'w', 7, 'e', 'x',
+ 'a', 'm', 'p', 'l', 'e', 7, 'i',
+ 'n', 'v', 'a', 'l', 'i', 'd', 0 };
+ unsigned char output_data[DNS_NAME_MAXWIRE];
+ isc_buffer_t source, target;
+ unsigned int i;
+ dns_decompress_t dctx;
+
+ UNUSED(arg);
+
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_STRICT);
+ dns_decompress_setmethods(&dctx, DNS_COMPRESS_NONE);
+
+ isc_buffer_init(&source, data, sizeof(data));
+ isc_buffer_add(&source, sizeof(data));
+ isc_buffer_init(&target, output_data, sizeof(output_data));
+
+ /* Parse 32 million names in each thread */
+ for (i = 0; i < maxval; i++) {
+ dns_name_t name;
+
+ isc_buffer_clear(&source);
+ isc_buffer_clear(&target);
+ isc_buffer_add(&source, sizeof(data));
+ isc_buffer_setactive(&source, sizeof(data));
+
+ dns_name_init(&name, NULL);
+ (void)dns_name_fromwire(&name, &source, &dctx, 0, &target);
+ }
+
+ return (NULL);
+}
+
+static void
+benchmark_test(void **state) {
+ isc_result_t result;
+ unsigned int i;
+ isc_time_t ts1, ts2;
+ double t;
+ unsigned int nthreads;
+ isc_thread_t threads[32];
+
+ UNUSED(state);
+
+ debug_mem_record = false;
+
+ result = isc_time_now(&ts1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ nthreads = ISC_MIN(isc_os_ncpus(), 32);
+ nthreads = ISC_MAX(nthreads, 1);
+ for (i = 0; i < nthreads; i++) {
+ isc_thread_create(fromwire_thread, NULL, &threads[i]);
+ }
+
+ for (i = 0; i < nthreads; i++) {
+ isc_thread_join(threads[i], NULL);
+ }
+
+ result = isc_time_now(&ts2);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ t = isc_time_microdiff(&ts2, &ts1);
+
+ printf("%u dns_name_fromwire() calls, %f seconds, %f calls/second\n",
+ nthreads * 32000000, t / 1000000.0,
+ (nthreads * 32000000) / (t / 1000000.0));
+}
+
+#endif /* DNS_BENCHMARK_TESTS */
+
+int
+main(int argc, char **argv) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(fullcompare_test),
+ cmocka_unit_test_setup_teardown(compression_test, _setup,
+ _teardown),
+ cmocka_unit_test(istat_test),
+ cmocka_unit_test(init_test),
+ cmocka_unit_test(invalidate_test),
+ cmocka_unit_test(buffer_test),
+ cmocka_unit_test(isabsolute_test),
+ cmocka_unit_test(hash_test),
+ cmocka_unit_test(issubdomain_test),
+ cmocka_unit_test(countlabels_test),
+ cmocka_unit_test(getlabel_test),
+ cmocka_unit_test(getlabelsequence_test),
+#ifdef DNS_BENCHMARK_TESTS
+ cmocka_unit_test_setup_teardown(benchmark_test, _setup,
+ _teardown),
+#endif /* DNS_BENCHMARK_TESTS */
+ };
+ int c;
+
+ while ((c = isc_commandline_parse(argc, argv, "v")) != -1) {
+ switch (c) {
+ case 'v':
+ verbose = true;
+ break;
+ default:
+ break;
+ }
+ }
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/nsec3_test.c b/lib/dns/tests/nsec3_test.c
new file mode 100644
index 0000000..69f4be5
--- /dev/null
+++ b/lib/dns/tests/nsec3_test.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/nsec3.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static void
+iteration_test(const char *file, unsigned int expected) {
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ unsigned int iterations;
+
+ result = dns_test_loaddb(&db, dns_dbtype_zone, "test", file);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ iterations = dns_nsec3_maxiterations();
+
+ assert_int_equal(iterations, expected);
+
+ dns_db_detach(&db);
+}
+
+/*%
+ * Structure containing parameters for nsec3param_salttotext_test().
+ */
+typedef struct {
+ const char *nsec3param_text; /* NSEC3PARAM RDATA in text form */
+ const char *expected_salt; /* string expected in target buffer */
+} nsec3param_salttotext_test_params_t;
+
+/*%
+ * Check whether dns_nsec3param_salttotext() handles supplied text form
+ * NSEC3PARAM RDATA correctly: test whether the result of calling the former is
+ * as expected and whether it properly checks available buffer space.
+ *
+ * Assumes supplied text form NSEC3PARAM RDATA is valid as testing handling of
+ * invalid NSEC3PARAM RDATA is out of scope of this unit test.
+ */
+static void
+nsec3param_salttotext_test(const nsec3param_salttotext_test_params_t *params) {
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdata_nsec3param_t nsec3param;
+ unsigned char buf[1024];
+ isc_result_t result;
+ char salt[64];
+ size_t length;
+
+ /*
+ * Prepare a dns_rdata_nsec3param_t structure for testing.
+ */
+ result = dns_test_rdatafromstring(
+ &rdata, dns_rdataclass_in, dns_rdatatype_nsec3param, buf,
+ sizeof(buf), params->nsec3param_text, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_rdata_tostruct(&rdata, &nsec3param, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Check typical use.
+ */
+ result = dns_nsec3param_salttotext(&nsec3param, salt, sizeof(salt));
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(salt, params->expected_salt);
+
+ /*
+ * Ensure available space in the buffer is checked before the salt is
+ * printed to it and that the amount of space checked for includes the
+ * terminating NULL byte.
+ */
+ length = strlen(params->expected_salt);
+ assert_true(length < sizeof(salt) - 1); /* prevent buffer overwrite */
+ assert_true(length > 0U); /* prevent length underflow */
+
+ result = dns_nsec3param_salttotext(&nsec3param, salt, length - 1);
+ assert_int_equal(result, ISC_R_NOSPACE);
+
+ result = dns_nsec3param_salttotext(&nsec3param, salt, length);
+ assert_int_equal(result, ISC_R_NOSPACE);
+
+ result = dns_nsec3param_salttotext(&nsec3param, salt, length + 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+/*
+ * check that appropriate max iterations is returned for different
+ * key size mixes
+ */
+static void
+max_iterations(void **state) {
+ UNUSED(state);
+
+ iteration_test("testdata/nsec3/1024.db", 150);
+ iteration_test("testdata/nsec3/2048.db", 150);
+ iteration_test("testdata/nsec3/4096.db", 150);
+ iteration_test("testdata/nsec3/min-1024.db", 150);
+ iteration_test("testdata/nsec3/min-2048.db", 150);
+}
+
+/* check dns_nsec3param_salttotext() */
+static void
+nsec3param_salttotext(void **state) {
+ size_t i;
+
+ const nsec3param_salttotext_test_params_t tests[] = {
+ /*
+ * Tests with non-empty salts.
+ */
+ { "0 0 10 0123456789abcdef", "0123456789ABCDEF" },
+ { "0 1 11 0123456789abcdef", "0123456789ABCDEF" },
+ { "1 0 12 42", "42" },
+ { "1 1 13 42", "42" },
+ /*
+ * Test with empty salt.
+ */
+ { "0 0 0 -", "-" },
+ };
+
+ UNUSED(state);
+
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ nsec3param_salttotext_test(&tests[i]);
+ }
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(max_iterations, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(nsec3param_salttotext, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/nsec3param_test.c b/lib/dns/tests/nsec3param_test.c
new file mode 100644
index 0000000..6fd1fc4
--- /dev/null
+++ b/lib/dns/tests/nsec3param_test.c
@@ -0,0 +1,304 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/hex.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/nsec3.h>
+#include <dns/result.h>
+
+#include "../zone_p.h"
+#include "dnstest.h"
+
+#define HASH 1
+#define FLAGS 0
+#define ITER 5
+#define SALTLEN 4
+#define SALT "FEDCBA98"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/*%
+ * Structures containing parameters for nsec3param_salttotext_test().
+ */
+typedef struct {
+ dns_hash_t hash;
+ unsigned char flags;
+ dns_iterations_t iterations;
+ unsigned char salt_length;
+ const char *salt;
+} nsec3param_rdata_test_params_t;
+
+typedef struct {
+ nsec3param_rdata_test_params_t lookup;
+ nsec3param_rdata_test_params_t expect;
+ bool resalt;
+ isc_result_t expected_result;
+} nsec3param_change_test_params_t;
+
+static void
+decode_salt(const char *string, unsigned char *salt, size_t saltlen) {
+ isc_buffer_t buf;
+ isc_result_t result;
+
+ isc_buffer_init(&buf, salt, saltlen);
+ result = isc_hex_decodestring(string, &buf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+static void
+copy_params(nsec3param_rdata_test_params_t from, dns_rdata_nsec3param_t *to,
+ unsigned char *saltbuf, size_t saltlen) {
+ to->hash = from.hash;
+ to->flags = from.flags;
+ to->iterations = from.iterations;
+ to->salt_length = from.salt_length;
+ if (from.salt == NULL) {
+ to->salt = NULL;
+ } else if (strcmp(from.salt, "-") == 0) {
+ DE_CONST("-", to->salt);
+ } else {
+ decode_salt(from.salt, saltbuf, saltlen);
+ to->salt = saltbuf;
+ }
+}
+
+static nsec3param_rdata_test_params_t
+rdata_fromparams(uint8_t hash, uint8_t flags, uint16_t iter, uint8_t saltlen,
+ const char *salt) {
+ nsec3param_rdata_test_params_t nsec3param;
+ nsec3param.hash = hash;
+ nsec3param.flags = flags;
+ nsec3param.iterations = iter;
+ nsec3param.salt_length = saltlen;
+ nsec3param.salt = salt;
+ return (nsec3param);
+}
+
+/*%
+ * Check whether zone_lookup_nsec3param() finds the correct NSEC3PARAM
+ * and sets the correct parameters to use in dns_zone_setnsec3param().
+ */
+static void
+nsec3param_change_test(const nsec3param_change_test_params_t *test) {
+ dns_zone_t *zone = NULL;
+ dns_rdata_nsec3param_t param, lookup, expect;
+ isc_result_t result;
+ unsigned char lookupsalt[255];
+ unsigned char expectsalt[255];
+ unsigned char saltbuf[255];
+
+ /*
+ * Prepare a zone along with its signing keys.
+ */
+ result = dns_test_makezone("nsec3", &zone, NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_zone_setfile(zone, "testdata/nsec3param/nsec3.db.signed",
+ dns_masterformat_text,
+ &dns_master_style_default);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_zone_load(zone, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Copy parameters.
+ */
+ copy_params(test->lookup, &lookup, lookupsalt, sizeof(lookupsalt));
+ copy_params(test->expect, &expect, expectsalt, sizeof(expectsalt));
+
+ /*
+ * Test dns__zone_lookup_nsec3param().
+ */
+ result = dns__zone_lookup_nsec3param(zone, &lookup, &param, saltbuf,
+ test->resalt);
+ assert_int_equal(result, test->expected_result);
+ assert_int_equal(param.hash, expect.hash);
+ assert_int_equal(param.flags, expect.flags);
+ assert_int_equal(param.iterations, expect.iterations);
+ assert_int_equal(param.salt_length, expect.salt_length);
+ assert_non_null(param.salt);
+ if (expect.salt != NULL) {
+ int ret = memcmp(param.salt, expect.salt, expect.salt_length);
+ assert_true(ret == 0);
+ } else {
+ /*
+ * We don't know what the new salt is, but we can compare it
+ * to the previous salt and test that it has changed.
+ */
+ unsigned char salt[SALTLEN];
+ int ret;
+ decode_salt(SALT, salt, SALTLEN);
+ ret = memcmp(param.salt, salt, SALTLEN);
+ assert_false(ret == 0);
+ }
+
+ /*
+ * Detach.
+ */
+ dns_zone_detach(&zone);
+}
+
+static void
+nsec3param_change(void **state) {
+ size_t i;
+
+ /*
+ * Define tests.
+ */
+ const nsec3param_change_test_params_t tests[] = {
+ /*
+ * 1. Change nothing (don't care about salt).
+ * This should return ISC_R_SUCCESS because we are already
+ * using these NSEC3 parameters.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL),
+ rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT), false,
+ ISC_R_SUCCESS },
+ /*
+ * 2. Change nothing, but force a resalt.
+ * This should change the salt. Set 'expect.salt' to NULL to
+ * test a new salt has been generated.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL),
+ rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL), true,
+ DNS_R_NSEC3RESALT },
+ /*
+ * 3. Change iterations.
+ * The NSEC3 paarameters are not found, and there is no
+ * need to resalt because an explicit salt has been set,
+ * and resalt is not enforced.
+ */
+ { rdata_fromparams(HASH, FLAGS, 10, SALTLEN, SALT),
+ rdata_fromparams(HASH, FLAGS, 10, SALTLEN, SALT), false,
+ ISC_R_NOTFOUND },
+ /*
+ * 4. Change iterations, don't care about the salt.
+ * We don't care about the salt. Since we need to change the
+ * NSEC3 parameters, we will also resalt.
+ */
+ { rdata_fromparams(HASH, FLAGS, 10, SALTLEN, NULL),
+ rdata_fromparams(HASH, FLAGS, 10, SALTLEN, NULL), false,
+ DNS_R_NSEC3RESALT },
+ /*
+ * 5. Change salt length.
+ * Changing salt length means we need to resalt.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, 16, NULL),
+ rdata_fromparams(HASH, FLAGS, ITER, 16, NULL), false,
+ DNS_R_NSEC3RESALT },
+ /*
+ * 6. Set explicit salt.
+ * A different salt, so the NSEC3 parameters are not found.
+ * No need to resalt because an explicit salt is available.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, 4, "12345678"),
+ rdata_fromparams(HASH, FLAGS, ITER, 4, "12345678"), false,
+ ISC_R_NOTFOUND },
+ /*
+ * 7. Same salt.
+ * Nothing changed, so expect ISC_R_SUCCESS as a result.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT),
+ rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT), false,
+ ISC_R_SUCCESS },
+ /*
+ * 8. Same salt, and force resalt.
+ * Nothing changed, but a resalt is enforced.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, SALT),
+ rdata_fromparams(HASH, FLAGS, ITER, SALTLEN, NULL), true,
+ DNS_R_NSEC3RESALT },
+ /*
+ * 9. No salt.
+ * Change parameters to use no salt. These parameters are
+ * not found, and no new salt needs to be generated.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, 0, NULL),
+ rdata_fromparams(HASH, FLAGS, ITER, 0, "-"), true,
+ ISC_R_NOTFOUND },
+ /*
+ * 10. No salt, explicit.
+ * Same as above, but set no salt explicitly.
+ */
+ { rdata_fromparams(HASH, FLAGS, ITER, 0, "-"),
+ rdata_fromparams(HASH, FLAGS, ITER, 0, "-"), true,
+ ISC_R_NOTFOUND },
+ };
+
+ UNUSED(state);
+
+ /*
+ * Run tests.
+ */
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ nsec3param_change_test(&tests[i]);
+ }
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(nsec3param_change, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/peer_test.c b/lib/dns/tests/peer_test.c
new file mode 100644
index 0000000..69ca8bb
--- /dev/null
+++ b/lib/dns/tests/peer_test.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/util.h>
+
+#include <dns/peer.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* Test DSCP set/get functions */
+static void
+dscp(void **state) {
+ isc_result_t result;
+ isc_netaddr_t netaddr;
+ struct in_addr ina;
+ dns_peer_t *peer = NULL;
+ isc_dscp_t dscp;
+
+ UNUSED(state);
+
+ /*
+ * Create peer structure for the loopback address.
+ */
+ ina.s_addr = INADDR_LOOPBACK;
+ isc_netaddr_fromin(&netaddr, &ina);
+ result = dns_peer_new(dt_mctx, &netaddr, &peer);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * All should be not set on creation.
+ * 'dscp' should remain unchanged.
+ */
+ dscp = 100;
+ result = dns_peer_getquerydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ assert_int_equal(dscp, 100);
+
+ result = dns_peer_getnotifydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ assert_int_equal(dscp, 100);
+
+ result = dns_peer_gettransferdscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ assert_int_equal(dscp, 100);
+
+ /*
+ * Test that setting query dscp does not affect the other
+ * dscp values. 'dscp' should remain unchanged until
+ * dns_peer_getquerydscp is called.
+ */
+ dscp = 100;
+ result = dns_peer_setquerydscp(peer, 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_peer_getnotifydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ assert_int_equal(dscp, 100);
+
+ result = dns_peer_gettransferdscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ assert_int_equal(dscp, 100);
+
+ result = dns_peer_getquerydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dscp, 1);
+
+ /*
+ * Test that setting notify dscp does not affect the other
+ * dscp values. 'dscp' should remain unchanged until
+ * dns_peer_getquerydscp is called then should change again
+ * on dns_peer_getnotifydscp.
+ */
+ dscp = 100;
+ result = dns_peer_setnotifydscp(peer, 2);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_peer_gettransferdscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+ assert_int_equal(dscp, 100);
+
+ result = dns_peer_getquerydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dscp, 1);
+
+ result = dns_peer_getnotifydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dscp, 2);
+
+ /*
+ * Test that setting notify dscp does not affect the other
+ * dscp values. Check that appropriate values are returned.
+ */
+ dscp = 100;
+ result = dns_peer_settransferdscp(peer, 3);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_peer_getquerydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dscp, 1);
+
+ result = dns_peer_getnotifydscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dscp, 2);
+
+ result = dns_peer_gettransferdscp(peer, &dscp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dscp, 3);
+
+ dns_peer_detach(&peer);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(dscp, _setup, _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/private_test.c b/lib/dns/tests/private_test.c
new file mode 100644
index 0000000..92ee391
--- /dev/null
+++ b/lib/dns/tests/private_test.c
@@ -0,0 +1,236 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/buffer.h>
+#include <isc/util.h>
+
+#include <dns/nsec3.h>
+#include <dns/private.h>
+#include <dns/rdataclass.h>
+#include <dns/rdatatype.h>
+
+#include <dst/dst.h>
+
+#include "dnstest.h"
+
+static dns_rdatatype_t privatetype = 65534;
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+typedef struct {
+ unsigned char alg;
+ dns_keytag_t keyid;
+ bool remove;
+ bool complete;
+} signing_testcase_t;
+
+typedef struct {
+ unsigned char hash;
+ unsigned char flags;
+ unsigned int iterations;
+ unsigned long salt;
+ bool remove;
+ bool pending;
+ bool nonsec;
+} nsec3_testcase_t;
+
+static void
+make_signing(signing_testcase_t *testcase, dns_rdata_t *private,
+ unsigned char *buf, size_t len) {
+ dns_rdata_init(private);
+
+ buf[0] = testcase->alg;
+ buf[1] = (testcase->keyid & 0xff00) >> 8;
+ buf[2] = (testcase->keyid & 0xff);
+ buf[3] = testcase->remove;
+ buf[4] = testcase->complete;
+ private->data = buf;
+ private->length = len;
+ private->type = privatetype;
+ private->rdclass = dns_rdataclass_in;
+}
+
+static void
+make_nsec3(nsec3_testcase_t *testcase, dns_rdata_t *private,
+ unsigned char *pbuf) {
+ dns_rdata_nsec3param_t params;
+ dns_rdata_t nsec3param = DNS_RDATA_INIT;
+ unsigned char bufdata[BUFSIZ];
+ isc_buffer_t buf;
+ uint32_t salt;
+ unsigned char *sp;
+ int slen = 4;
+
+ /* for simplicity, we're using a maximum salt length of 4 */
+ salt = htonl(testcase->salt);
+ sp = (unsigned char *)&salt;
+ while (slen > 0 && *sp == '\0') {
+ slen--;
+ sp++;
+ }
+
+ params.common.rdclass = dns_rdataclass_in;
+ params.common.rdtype = dns_rdatatype_nsec3param;
+ params.hash = testcase->hash;
+ params.iterations = testcase->iterations;
+ params.salt = sp;
+ params.salt_length = slen;
+
+ params.flags = testcase->flags;
+ if (testcase->remove) {
+ params.flags |= DNS_NSEC3FLAG_REMOVE;
+ if (testcase->nonsec) {
+ params.flags |= DNS_NSEC3FLAG_NONSEC;
+ }
+ } else {
+ params.flags |= DNS_NSEC3FLAG_CREATE;
+ if (testcase->pending) {
+ params.flags |= DNS_NSEC3FLAG_INITIAL;
+ }
+ }
+
+ isc_buffer_init(&buf, bufdata, sizeof(bufdata));
+ dns_rdata_fromstruct(&nsec3param, dns_rdataclass_in,
+ dns_rdatatype_nsec3param, &params, &buf);
+
+ dns_rdata_init(private);
+
+ dns_nsec3param_toprivate(&nsec3param, private, privatetype, pbuf,
+ DNS_NSEC3PARAM_BUFFERSIZE + 1);
+}
+
+/* convert private signing records to text */
+static void
+private_signing_totext_test(void **state) {
+ dns_rdata_t private;
+ int i;
+
+ signing_testcase_t testcases[] = { { DST_ALG_RSASHA512, 12345, 0, 0 },
+ { DST_ALG_RSASHA256, 54321, 1, 0 },
+ { DST_ALG_NSEC3RSASHA1, 22222, 0,
+ 1 },
+ { DST_ALG_RSASHA1, 33333, 1, 1 } };
+ const char *results[] = { "Signing with key 12345/RSASHA512",
+ "Removing signatures for key 54321/RSASHA256",
+ "Done signing with key 22222/NSEC3RSASHA1",
+ ("Done removing signatures for key "
+ "33333/RSASHA1") };
+ int ncases = 4;
+
+ UNUSED(state);
+
+ for (i = 0; i < ncases; i++) {
+ unsigned char data[5];
+ char output[BUFSIZ];
+ isc_buffer_t buf;
+
+ isc_buffer_init(&buf, output, sizeof(output));
+
+ make_signing(&testcases[i], &private, data, sizeof(data));
+ dns_private_totext(&private, &buf);
+ assert_string_equal(output, results[i]);
+ }
+}
+
+/* convert private chain records to text */
+static void
+private_nsec3_totext_test(void **state) {
+ dns_rdata_t private;
+ int i;
+
+ nsec3_testcase_t testcases[] = {
+ { 1, 0, 1, 0xbeef, 0, 0, 0 },
+ { 1, 1, 10, 0xdadd, 0, 0, 0 },
+ { 1, 0, 20, 0xbead, 0, 1, 0 },
+ { 1, 0, 30, 0xdeaf, 1, 0, 0 },
+ { 1, 0, 100, 0xfeedabee, 1, 0, 1 },
+ };
+ const char *results[] = { "Creating NSEC3 chain 1 0 1 BEEF",
+ "Creating NSEC3 chain 1 1 10 DADD",
+ "Pending NSEC3 chain 1 0 20 BEAD",
+ ("Removing NSEC3 chain 1 0 30 DEAF / "
+ "creating NSEC chain"),
+ "Removing NSEC3 chain 1 0 100 FEEDABEE" };
+ int ncases = 5;
+
+ UNUSED(state);
+
+ for (i = 0; i < ncases; i++) {
+ unsigned char data[DNS_NSEC3PARAM_BUFFERSIZE + 1];
+ char output[BUFSIZ];
+ isc_buffer_t buf;
+
+ isc_buffer_init(&buf, output, sizeof(output));
+
+ make_nsec3(&testcases[i], &private, data);
+ dns_private_totext(&private, &buf);
+ assert_string_equal(output, results[i]);
+ }
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(private_signing_totext_test,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(private_nsec3_totext_test,
+ _setup, _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rbt_serialize_test.c b/lib/dns/tests/rbt_serialize_test.c
new file mode 100644
index 0000000..df56981
--- /dev/null
+++ b/lib/dns/tests/rbt_serialize_test.c
@@ -0,0 +1,489 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <fcntl.h>
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/commandline.h>
+#include <isc/file.h>
+#include <isc/hash.h>
+#include <isc/mem.h>
+#include <isc/os.h>
+#include <isc/print.h>
+#include <isc/random.h>
+#include <isc/socket.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/compress.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rbt.h>
+#include <dns/result.h>
+
+#include <dst/dst.h>
+
+#include "dnstest.h"
+
+#ifndef MAP_FILE
+#define MAP_FILE 0
+#endif /* ifndef MAP_FILE */
+
+/* Set to true (or use -v option) for verbose output */
+static bool verbose = false;
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+typedef struct data_holder {
+ int len;
+ const char *data;
+} data_holder_t;
+
+typedef struct rbt_testdata {
+ const char *name;
+ size_t name_len;
+ data_holder_t data;
+} rbt_testdata_t;
+
+#define DATA_ITEM(name) \
+ { \
+ (name), sizeof(name) - 1, { sizeof(name), (name) } \
+ }
+
+rbt_testdata_t testdata[] = { DATA_ITEM("first.com."),
+ DATA_ITEM("one.net."),
+ DATA_ITEM("two.com."),
+ DATA_ITEM("three.org."),
+ DATA_ITEM("asdf.com."),
+ DATA_ITEM("ghjkl.com."),
+ DATA_ITEM("1.edu."),
+ DATA_ITEM("2.edu."),
+ DATA_ITEM("3.edu."),
+ DATA_ITEM("123.edu."),
+ DATA_ITEM("1236.com."),
+ DATA_ITEM("and_so_forth.com."),
+ DATA_ITEM("thisisalongname.com."),
+ DATA_ITEM("a.b."),
+ DATA_ITEM("test.net."),
+ DATA_ITEM("whoknows.org."),
+ DATA_ITEM("blargh.com."),
+ DATA_ITEM("www.joe.com."),
+ DATA_ITEM("test.com."),
+ DATA_ITEM("isc.org."),
+ DATA_ITEM("uiop.mil."),
+ DATA_ITEM("last.fm."),
+ { NULL, 0, { 0, NULL } } };
+
+static void
+delete_data(void *data, void *arg) {
+ UNUSED(arg);
+ UNUSED(data);
+}
+
+static isc_result_t
+write_data(FILE *file, unsigned char *datap, void *arg, uint64_t *crc) {
+ isc_result_t result;
+ size_t ret = 0;
+ data_holder_t *data;
+ data_holder_t temp;
+ off_t where;
+
+ UNUSED(arg);
+
+ REQUIRE(file != NULL);
+ REQUIRE(crc != NULL);
+ REQUIRE(datap != NULL);
+ data = (data_holder_t *)datap;
+ REQUIRE((data->len == 0 && data->data == NULL) ||
+ (data->len != 0 && data->data != NULL));
+
+ result = isc_stdio_tell(file, &where);
+ if (result != ISC_R_SUCCESS) {
+ return (result);
+ }
+
+ temp = *data;
+ temp.data = (data->len == 0 ? NULL
+ : (char *)((uintptr_t)where +
+ sizeof(data_holder_t)));
+
+ isc_crc64_update(crc, (void *)&temp, sizeof(temp));
+ ret = fwrite(&temp, sizeof(data_holder_t), 1, file);
+ if (ret != 1) {
+ return (ISC_R_FAILURE);
+ }
+ if (data->len > 0) {
+ isc_crc64_update(crc, (const void *)data->data, data->len);
+ ret = fwrite(data->data, data->len, 1, file);
+ if (ret != 1) {
+ return (ISC_R_FAILURE);
+ }
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+fix_data(dns_rbtnode_t *p, void *base, size_t max, void *arg, uint64_t *crc) {
+ data_holder_t *data;
+ size_t size;
+
+ UNUSED(base);
+ UNUSED(max);
+ UNUSED(arg);
+
+ REQUIRE(crc != NULL);
+ REQUIRE(p != NULL);
+
+ data = p->data;
+
+ if (data == NULL || (data->len == 0 && data->data != NULL) ||
+ (data->len != 0 && data->data == NULL))
+ {
+ return (ISC_R_INVALIDFILE);
+ }
+
+ size = max - ((char *)p - (char *)base);
+
+ if (data->len > (int)size || data->data > (const char *)max) {
+ return (ISC_R_INVALIDFILE);
+ }
+
+ isc_crc64_update(crc, (void *)data, sizeof(*data));
+
+ data->data = NULL;
+ if (data->len != 0) {
+ data->data = (char *)data + sizeof(data_holder_t);
+ }
+
+ if (data->len > 0) {
+ isc_crc64_update(crc, (const void *)data->data, data->len);
+ }
+
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * Load test data into the RBT.
+ */
+static void
+add_test_data(isc_mem_t *mctx, dns_rbt_t *rbt) {
+ char buffer[1024];
+ isc_buffer_t b;
+ isc_result_t result;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ dns_compress_t cctx;
+ rbt_testdata_t *testdatap = testdata;
+
+ dns_compress_init(&cctx, -1, mctx);
+
+ while (testdatap->name != NULL && testdatap->data.data != NULL) {
+ memmove(buffer, testdatap->name, testdatap->name_len);
+
+ isc_buffer_init(&b, buffer, testdatap->name_len);
+ isc_buffer_add(&b, testdatap->name_len);
+ name = dns_fixedname_initname(&fname);
+ result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
+ if (result != ISC_R_SUCCESS) {
+ testdatap++;
+ continue;
+ }
+
+ if (name != NULL) {
+ result = dns_rbt_addname(rbt, name, &testdatap->data);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+ testdatap++;
+ }
+
+ dns_compress_invalidate(&cctx);
+}
+
+/*
+ * Walk the tree and ensure that all the test nodes are present.
+ */
+static void
+check_test_data(dns_rbt_t *rbt) {
+ char buffer[1024];
+ char *arg;
+ dns_fixedname_t fname;
+ dns_fixedname_t fixed;
+ dns_name_t *name;
+ isc_buffer_t b;
+ data_holder_t *data;
+ isc_result_t result;
+ dns_name_t *foundname;
+ rbt_testdata_t *testdatap = testdata;
+
+ foundname = dns_fixedname_initname(&fixed);
+
+ while (testdatap->name != NULL && testdatap->data.data != NULL) {
+ memmove(buffer, testdatap->name, testdatap->name_len + 1);
+ arg = buffer;
+
+ isc_buffer_init(&b, arg, testdatap->name_len);
+ isc_buffer_add(&b, testdatap->name_len);
+ name = dns_fixedname_initname(&fname);
+ result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
+ if (result != ISC_R_SUCCESS) {
+ testdatap++;
+ continue;
+ }
+
+ data = NULL;
+ result = dns_rbt_findname(rbt, name, 0, foundname,
+ (void *)&data);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ testdatap++;
+ }
+}
+
+static void
+data_printer(FILE *out, void *datap) {
+ data_holder_t *data = (data_holder_t *)datap;
+
+ fprintf(out, "%d bytes, %s", data->len, data->data);
+}
+
+/* Test writing an rbt to file */
+static void
+serialize_test(void **state) {
+ dns_rbt_t *rbt = NULL;
+ isc_result_t result;
+ FILE *rbtfile = NULL;
+ dns_rbt_t *rbt_deserialized = NULL;
+ off_t offset;
+ int fd;
+ off_t filesize = 0;
+ char *base;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &rbt);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ add_test_data(dt_mctx, rbt);
+
+ if (verbose) {
+ dns_rbt_printtext(rbt, data_printer, stdout);
+ }
+
+ /*
+ * Serialize the tree.
+ */
+ rbtfile = fopen("./zone.bin", "w+b");
+ assert_non_null(rbtfile);
+ result = dns_rbt_serialize_tree(rbtfile, rbt, write_data, NULL,
+ &offset);
+ assert_true(result == ISC_R_SUCCESS);
+ dns_rbt_destroy(&rbt);
+
+ /*
+ * Deserialize the tree.
+ * Map in the whole file in one go
+ */
+ fd = open("zone.bin", O_RDWR);
+ assert_int_not_equal(fd, -1);
+ isc_file_getsizefd(fd, &filesize);
+ base = mmap(NULL, filesize, PROT_READ | PROT_WRITE,
+ MAP_FILE | MAP_PRIVATE, fd, 0);
+ assert_true(base != NULL && base != MAP_FAILED);
+ close(fd);
+
+ result = dns_rbt_deserialize_tree(base, filesize, 0, dt_mctx,
+ delete_data, NULL, fix_data, NULL,
+ NULL, &rbt_deserialized);
+
+ /* Test to make sure we have a valid tree */
+ assert_true(result == ISC_R_SUCCESS);
+ if (rbt_deserialized == NULL) {
+ fail_msg("deserialized rbt is null!"); /* Abort execution. */
+ }
+
+ check_test_data(rbt_deserialized);
+
+ if (verbose) {
+ dns_rbt_printtext(rbt_deserialized, data_printer, stdout);
+ }
+
+ dns_rbt_destroy(&rbt_deserialized);
+ munmap(base, filesize);
+ unlink("zone.bin");
+}
+
+/* Test reading a corrupt map file */
+static void
+deserialize_corrupt_test(void **state) {
+ dns_rbt_t *rbt = NULL;
+ isc_result_t result;
+ FILE *rbtfile = NULL;
+ off_t offset;
+ int fd;
+ off_t filesize = 0;
+ char *base, *p, *q;
+ int i;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ /* Set up map file */
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &rbt);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ add_test_data(dt_mctx, rbt);
+ rbtfile = fopen("./zone.bin", "w+b");
+ assert_non_null(rbtfile);
+ result = dns_rbt_serialize_tree(rbtfile, rbt, write_data, NULL,
+ &offset);
+ assert_true(result == ISC_R_SUCCESS);
+ dns_rbt_destroy(&rbt);
+
+ /* Read back with random fuzzing */
+ for (i = 0; i < 256; i++) {
+ dns_rbt_t *rbt_deserialized = NULL;
+
+ fd = open("zone.bin", O_RDWR);
+ assert_int_not_equal(fd, -1);
+ isc_file_getsizefd(fd, &filesize);
+ base = mmap(NULL, filesize, PROT_READ | PROT_WRITE,
+ MAP_FILE | MAP_PRIVATE, fd, 0);
+ assert_true(base != NULL && base != MAP_FAILED);
+ close(fd);
+
+ /* Randomly fuzz a portion of the memory */
+ /* cppcheck-suppress nullPointerArithmeticRedundantCheck */
+ p = base + (isc_random_uniform(filesize));
+ /* cppcheck-suppress nullPointerArithmeticRedundantCheck */
+ q = base + filesize;
+ q -= (isc_random_uniform(q - p));
+ while (p++ < q) {
+ *p = isc_random8();
+ }
+
+ result = dns_rbt_deserialize_tree(
+ base, filesize, 0, dt_mctx, delete_data, NULL, fix_data,
+ NULL, NULL, &rbt_deserialized);
+
+ /* Test to make sure we have a valid tree */
+ assert_true(result == ISC_R_SUCCESS ||
+ result == ISC_R_INVALIDFILE);
+ if (result != ISC_R_SUCCESS) {
+ assert_null(rbt_deserialized);
+ }
+
+ if (rbt_deserialized != NULL) {
+ dns_rbt_destroy(&rbt_deserialized);
+ }
+
+ munmap(base, filesize);
+ }
+
+ unlink("zone.bin");
+}
+
+/* Test the dns_rbt_serialize_align() function */
+static void
+serialize_align_test(void **state) {
+ UNUSED(state);
+
+ assert_true(dns_rbt_serialize_align(0) == 0);
+ assert_true(dns_rbt_serialize_align(1) == 8);
+ assert_true(dns_rbt_serialize_align(2) == 8);
+ assert_true(dns_rbt_serialize_align(3) == 8);
+ assert_true(dns_rbt_serialize_align(4) == 8);
+ assert_true(dns_rbt_serialize_align(5) == 8);
+ assert_true(dns_rbt_serialize_align(6) == 8);
+ assert_true(dns_rbt_serialize_align(7) == 8);
+ assert_true(dns_rbt_serialize_align(8) == 8);
+ assert_true(dns_rbt_serialize_align(9) == 16);
+ assert_true(dns_rbt_serialize_align(0xff) == 0x100);
+ assert_true(dns_rbt_serialize_align(0x301) == 0x308);
+}
+
+int
+main(int argc, char **argv) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(serialize_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(deserialize_corrupt_test,
+ _setup, _teardown),
+ cmocka_unit_test(serialize_align_test),
+ };
+ int c;
+
+ while ((c = isc_commandline_parse(argc, argv, "v")) != -1) {
+ switch (c) {
+ case 'v':
+ verbose = true;
+ break;
+ default:
+ break;
+ }
+ }
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rbt_test.c b/lib/dns/tests/rbt_test.c
new file mode 100644
index 0000000..e73ac09
--- /dev/null
+++ b/lib/dns/tests/rbt_test.c
@@ -0,0 +1,1390 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <ctype.h>
+#include <fcntl.h>
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/file.h>
+#include <isc/hash.h>
+#include <isc/mem.h>
+#include <isc/os.h>
+#include <isc/print.h>
+#include <isc/random.h>
+#include <isc/socket.h>
+#include <isc/stdio.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/thread.h>
+#include <isc/time.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/compress.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/name.h>
+#include <dns/rbt.h>
+#include <dns/result.h>
+
+#include <dst/dst.h>
+
+#include "dnstest.h"
+
+typedef struct {
+ dns_rbt_t *rbt;
+ dns_rbt_t *rbt_distances;
+} test_context_t;
+
+/* The initial structure of domain tree will be as follows:
+ *
+ * .
+ * |
+ * b
+ * / \
+ * a d.e.f
+ * / | \
+ * c | g.h
+ * | |
+ * w.y i
+ * / | \ \
+ * x | z k
+ * | |
+ * p j
+ * / \
+ * o q
+ */
+
+/* The full absolute names of the nodes in the tree (the tree also
+ * contains "." which is not included in this list).
+ */
+static const char *const domain_names[] = {
+ "c", "b", "a", "x.d.e.f",
+ "z.d.e.f", "g.h", "i.g.h", "o.w.y.d.e.f",
+ "j.z.d.e.f", "p.w.y.d.e.f", "q.w.y.d.e.f", "k.g.h"
+};
+
+static const size_t domain_names_count =
+ (sizeof(domain_names) / sizeof(domain_names[0]));
+
+/* These are set as the node data for the tree used in distances check
+ * (for the names in domain_names[] above).
+ */
+static const int node_distances[] = { 3, 1, 2, 2, 2, 3, 1, 2, 1, 1, 2, 2 };
+
+/*
+ * The domain order should be:
+ * ., a, b, c, d.e.f, x.d.e.f, w.y.d.e.f, o.w.y.d.e.f, p.w.y.d.e.f,
+ * q.w.y.d.e.f, z.d.e.f, j.z.d.e.f, g.h, i.g.h, k.g.h
+ * . (no data, can't be found)
+ * |
+ * b
+ * / \
+ * a d.e.f
+ * / | \
+ * c | g.h
+ * | |
+ * w.y i
+ * / | \ \
+ * x | z k
+ * | |
+ * p j
+ * / \
+ * o q
+ */
+
+static const char *const ordered_names[] = {
+ "a", "b", "c", "d.e.f", "x.d.e.f",
+ "w.y.d.e.f", "o.w.y.d.e.f", "p.w.y.d.e.f", "q.w.y.d.e.f", "z.d.e.f",
+ "j.z.d.e.f", "g.h", "i.g.h", "k.g.h"
+};
+
+static const size_t ordered_names_count =
+ (sizeof(ordered_names) / sizeof(*ordered_names));
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+static void
+delete_data(void *data, void *arg) {
+ UNUSED(arg);
+
+ isc_mem_put(dt_mctx, data, sizeof(size_t));
+}
+
+static test_context_t *
+test_context_setup(void) {
+ test_context_t *ctx;
+ isc_result_t result;
+ size_t i;
+
+ ctx = isc_mem_get(dt_mctx, sizeof(*ctx));
+ assert_non_null(ctx);
+
+ ctx->rbt = NULL;
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &ctx->rbt);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ ctx->rbt_distances = NULL;
+ result = dns_rbt_create(dt_mctx, delete_data, NULL,
+ &ctx->rbt_distances);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ for (i = 0; i < domain_names_count; i++) {
+ size_t *n;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ dns_test_namefromstring(domain_names[i], &fname);
+
+ name = dns_fixedname_name(&fname);
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = i + 1;
+ result = dns_rbt_addname(ctx->rbt, name, n);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = node_distances[i];
+ result = dns_rbt_addname(ctx->rbt_distances, name, n);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+
+ return (ctx);
+}
+
+static void
+test_context_teardown(test_context_t *ctx) {
+ dns_rbt_destroy(&ctx->rbt);
+ dns_rbt_destroy(&ctx->rbt_distances);
+
+ isc_mem_put(dt_mctx, ctx, sizeof(*ctx));
+}
+
+/*
+ * Walk the tree and ensure that all the test nodes are present.
+ */
+static void
+check_test_data(dns_rbt_t *rbt) {
+ dns_fixedname_t fixed;
+ isc_result_t result;
+ dns_name_t *foundname;
+ size_t i;
+
+ foundname = dns_fixedname_initname(&fixed);
+
+ for (i = 0; i < domain_names_count; i++) {
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ size_t *n;
+
+ dns_test_namefromstring(domain_names[i], &fname);
+
+ name = dns_fixedname_name(&fname);
+ n = NULL;
+ result = dns_rbt_findname(rbt, name, 0, foundname, (void *)&n);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(*n, i + 1);
+ }
+}
+
+/* Test the creation of an rbt */
+static void
+rbt_create(void **state) {
+ test_context_t *ctx;
+ bool tree_ok;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ check_test_data(ctx->rbt);
+
+ tree_ok = dns__rbt_checkproperties(ctx->rbt);
+ assert_true(tree_ok);
+
+ test_context_teardown(ctx);
+}
+
+/* Test dns_rbt_nodecount() on a tree */
+static void
+rbt_nodecount(void **state) {
+ test_context_t *ctx;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ assert_int_equal(15, dns_rbt_nodecount(ctx->rbt));
+
+ test_context_teardown(ctx);
+}
+
+/* Test dns_rbtnode_get_distance() on a tree */
+static void
+rbtnode_get_distance(void **state) {
+ isc_result_t result;
+ test_context_t *ctx;
+ const char *name_str = "a";
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ dns_rbtnode_t *node = NULL;
+ dns_rbtnodechain_t chain;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ dns_test_namefromstring(name_str, &fname);
+ name = dns_fixedname_name(&fname);
+
+ dns_rbtnodechain_init(&chain);
+
+ result = dns_rbt_findnode(ctx->rbt_distances, name, NULL, &node, &chain,
+ 0, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ while (node != NULL) {
+ const size_t *distance = (const size_t *)node->data;
+ if (distance != NULL) {
+ assert_int_equal(*distance,
+ dns__rbtnode_getdistance(node));
+ }
+ result = dns_rbtnodechain_next(&chain, NULL, NULL);
+ if (result == ISC_R_NOMORE) {
+ break;
+ }
+ dns_rbtnodechain_current(&chain, NULL, NULL, &node);
+ }
+
+ assert_int_equal(result, ISC_R_NOMORE);
+
+ dns_rbtnodechain_invalidate(&chain);
+
+ test_context_teardown(ctx);
+}
+
+/*
+ * Test tree balance, inserting names in random order.
+ *
+ * This test checks an important performance-related property of
+ * the red-black tree, which is important for us: the longest
+ * path from a sub-tree's root to a node is no more than
+ * 2log(n). This check verifies that the tree is balanced.
+ */
+static void
+rbt_check_distance_random(void **state) {
+ dns_rbt_t *mytree = NULL;
+ const unsigned int log_num_nodes = 16;
+ isc_result_t result;
+ bool tree_ok;
+ int i;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Names are inserted in random order. */
+
+ /* Make a large 65536 node top-level domain tree, i.e., the
+ * following code inserts names such as:
+ *
+ * savoucnsrkrqzpkqypbygwoiliawpbmz.
+ * wkadamcbbpjtundbxcmuayuycposvngx.
+ * wzbpznemtooxdpjecdxynsfztvnuyfao.
+ * yueojmhyffslpvfmgyfwioxegfhepnqq.
+ */
+ for (i = 0; i < (1 << log_num_nodes); i++) {
+ size_t *n;
+ char namebuf[34];
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = i + 1;
+
+ while (1) {
+ int j;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ for (j = 0; j < 32; j++) {
+ uint32_t v = isc_random_uniform(26);
+ namebuf[j] = 'a' + v;
+ }
+ namebuf[32] = '.';
+ namebuf[33] = 0;
+
+ dns_test_namefromstring(namebuf, &fname);
+ name = dns_fixedname_name(&fname);
+
+ result = dns_rbt_addname(mytree, name, n);
+ if (result == ISC_R_SUCCESS) {
+ break;
+ }
+ }
+ }
+
+ /* 1 (root . node) + (1 << log_num_nodes) */
+ assert_int_equal(1U + (1U << log_num_nodes), dns_rbt_nodecount(mytree));
+
+ /* The distance from each node to its sub-tree root must be less
+ * than 2 * log(n).
+ */
+ assert_true((2U * log_num_nodes) >= dns__rbt_getheight(mytree));
+
+ /* Also check RB tree properties */
+ tree_ok = dns__rbt_checkproperties(mytree);
+ assert_true(tree_ok);
+
+ dns_rbt_destroy(&mytree);
+}
+
+/*
+ * Test tree balance, inserting names in sorted order.
+ *
+ * This test checks an important performance-related property of
+ * the red-black tree, which is important for us: the longest
+ * path from a sub-tree's root to a node is no more than
+ * 2log(n). This check verifies that the tree is balanced.
+ */
+static void
+rbt_check_distance_ordered(void **state) {
+ dns_rbt_t *mytree = NULL;
+ const unsigned int log_num_nodes = 16;
+ isc_result_t result;
+ bool tree_ok;
+ int i;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Names are inserted in sorted order. */
+
+ /* Make a large 65536 node top-level domain tree, i.e., the
+ * following code inserts names such as:
+ *
+ * name00000000.
+ * name00000001.
+ * name00000002.
+ * name00000003.
+ */
+ for (i = 0; i < (1 << log_num_nodes); i++) {
+ size_t *n;
+ char namebuf[14];
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = i + 1;
+
+ snprintf(namebuf, sizeof(namebuf), "name%08x.", i);
+ dns_test_namefromstring(namebuf, &fname);
+ name = dns_fixedname_name(&fname);
+
+ result = dns_rbt_addname(mytree, name, n);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+
+ /* 1 (root . node) + (1 << log_num_nodes) */
+ assert_int_equal(1U + (1U << log_num_nodes), dns_rbt_nodecount(mytree));
+
+ /* The distance from each node to its sub-tree root must be less
+ * than 2 * log(n).
+ */
+ assert_true((2U * log_num_nodes) >= dns__rbt_getheight(mytree));
+
+ /* Also check RB tree properties */
+ tree_ok = dns__rbt_checkproperties(mytree);
+ assert_true(tree_ok);
+
+ dns_rbt_destroy(&mytree);
+}
+
+static isc_result_t
+insert_helper(dns_rbt_t *rbt, const char *namestr, dns_rbtnode_t **node) {
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ dns_test_namefromstring(namestr, &fname);
+ name = dns_fixedname_name(&fname);
+
+ return (dns_rbt_addnode(rbt, name, node));
+}
+
+static bool
+compare_labelsequences(dns_rbtnode_t *node, const char *labelstr) {
+ dns_name_t name;
+ isc_result_t result;
+ char *nodestr = NULL;
+ bool is_equal;
+
+ dns_name_init(&name, NULL);
+ dns_rbt_namefromnode(node, &name);
+
+ result = dns_name_tostring(&name, &nodestr, dt_mctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ is_equal = strcmp(labelstr, nodestr) == 0 ? true : false;
+
+ isc_mem_free(dt_mctx, nodestr);
+
+ return (is_equal);
+}
+
+/* Test insertion into a tree */
+static void
+rbt_insert(void **state) {
+ isc_result_t result;
+ test_context_t *ctx;
+ dns_rbtnode_t *node;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ /* Check node count before beginning. */
+ assert_int_equal(15, dns_rbt_nodecount(ctx->rbt));
+
+ /* Try to insert a node that already exists. */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "d.e.f", &node);
+ assert_int_equal(result, ISC_R_EXISTS);
+
+ /* Node count must not have changed. */
+ assert_int_equal(15, dns_rbt_nodecount(ctx->rbt));
+
+ /* Try to insert a node that doesn't exist. */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "0", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(compare_labelsequences(node, "0"));
+
+ /* Node count must have increased. */
+ assert_int_equal(16, dns_rbt_nodecount(ctx->rbt));
+
+ /* Another. */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "example.com", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(node);
+ assert_null(node->data);
+
+ /* Node count must have increased. */
+ assert_int_equal(17, dns_rbt_nodecount(ctx->rbt));
+
+ /* Re-adding it should return EXISTS */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "example.com", &node);
+ assert_int_equal(result, ISC_R_EXISTS);
+
+ /* Node count must not have changed. */
+ assert_int_equal(17, dns_rbt_nodecount(ctx->rbt));
+
+ /* Fission the node d.e.f */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "k.e.f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(compare_labelsequences(node, "k"));
+
+ /* Node count must have incremented twice ("d.e.f" fissioned to
+ * "d" and "e.f", and the newly added "k").
+ */
+ assert_int_equal(19, dns_rbt_nodecount(ctx->rbt));
+
+ /* Fission the node "g.h" */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "h", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(compare_labelsequences(node, "h"));
+
+ /* Node count must have incremented ("g.h" fissioned to "g" and
+ * "h").
+ */
+ assert_int_equal(20, dns_rbt_nodecount(ctx->rbt));
+
+ /* Add child domains */
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "m.p.w.y.d.e.f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(compare_labelsequences(node, "m"));
+ assert_int_equal(21, dns_rbt_nodecount(ctx->rbt));
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "n.p.w.y.d.e.f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(compare_labelsequences(node, "n"));
+ assert_int_equal(22, dns_rbt_nodecount(ctx->rbt));
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "l.a", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(compare_labelsequences(node, "l"));
+ assert_int_equal(23, dns_rbt_nodecount(ctx->rbt));
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "r.d.e.f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ node = NULL;
+ result = insert_helper(ctx->rbt, "s.d.e.f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(25, dns_rbt_nodecount(ctx->rbt));
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "h.w.y.d.e.f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Add more nodes one by one to cover left and right rotation
+ * functions.
+ */
+ node = NULL;
+ result = insert_helper(ctx->rbt, "f", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "m", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "nm", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "om", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "k", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "l", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "fe", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "ge", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "i", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "ae", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "n", &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ test_context_teardown(ctx);
+}
+
+/*
+ * Test removal from a tree
+ *
+ * This testcase checks that after node removal, the binary-search tree is
+ * valid and all nodes that are supposed to exist are present in the
+ * correct order. It mainly tests DomainTree as a BST, and not particularly
+ * as a red-black tree. This test checks node deletion when upper nodes
+ * have data.
+ */
+static void
+rbt_remove(void **state) {
+ isc_result_t result;
+ size_t j;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ /*
+ * Delete single nodes and check if the rest of the nodes exist.
+ */
+ for (j = 0; j < ordered_names_count; j++) {
+ dns_rbt_t *mytree = NULL;
+ dns_rbtnode_t *node;
+ size_t i;
+ size_t *n;
+ bool tree_ok;
+ dns_rbtnodechain_t chain;
+ size_t start_node;
+
+ /* Create a tree. */
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Insert test data into the tree. */
+ for (i = 0; i < domain_names_count; i++) {
+ node = NULL;
+ result = insert_helper(mytree, domain_names[i], &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+
+ /* Check that all names exist in order. */
+ for (i = 0; i < ordered_names_count; i++) {
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ dns_test_namefromstring(ordered_names[i], &fname);
+
+ name = dns_fixedname_name(&fname);
+ node = NULL;
+ result = dns_rbt_findnode(mytree, name, NULL, &node,
+ NULL, DNS_RBTFIND_EMPTYDATA,
+ NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Add node data */
+ assert_non_null(node);
+ assert_null(node->data);
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = i;
+
+ node->data = n;
+ }
+
+ /* Now, delete the j'th node from the tree. */
+ {
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ dns_test_namefromstring(ordered_names[j], &fname);
+
+ name = dns_fixedname_name(&fname);
+
+ result = dns_rbt_deletename(mytree, name, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+
+ /* Check RB tree properties. */
+ tree_ok = dns__rbt_checkproperties(mytree);
+ assert_true(tree_ok);
+
+ dns_rbtnodechain_init(&chain);
+
+ /* Now, walk through nodes in order. */
+ if (j == 0) {
+ /*
+ * Node for ordered_names[0] was already deleted
+ * above. We start from node 1.
+ */
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ dns_test_namefromstring(ordered_names[0], &fname);
+ name = dns_fixedname_name(&fname);
+ node = NULL;
+ result = dns_rbt_findnode(mytree, name, NULL, &node,
+ NULL, 0, NULL, NULL);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+
+ dns_test_namefromstring(ordered_names[1], &fname);
+ name = dns_fixedname_name(&fname);
+ node = NULL;
+ result = dns_rbt_findnode(mytree, name, NULL, &node,
+ &chain, 0, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ start_node = 1;
+ } else {
+ /* Start from node 0. */
+ dns_fixedname_t fname;
+ dns_name_t *name;
+
+ dns_test_namefromstring(ordered_names[0], &fname);
+ name = dns_fixedname_name(&fname);
+ node = NULL;
+ result = dns_rbt_findnode(mytree, name, NULL, &node,
+ &chain, 0, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ start_node = 0;
+ }
+
+ /*
+ * node and chain have been set by the code above at
+ * this point.
+ */
+ for (i = start_node; i < ordered_names_count; i++) {
+ dns_fixedname_t fname_j, fname_i;
+ dns_name_t *name_j, *name_i;
+
+ dns_test_namefromstring(ordered_names[j], &fname_j);
+ name_j = dns_fixedname_name(&fname_j);
+ dns_test_namefromstring(ordered_names[i], &fname_i);
+ name_i = dns_fixedname_name(&fname_i);
+
+ if (dns_name_equal(name_i, name_j)) {
+ /*
+ * This may be true for the last node if
+ * we seek ahead in the loop using
+ * dns_rbtnodechain_next() below.
+ */
+ if (node == NULL) {
+ break;
+ }
+
+ /* All ordered nodes have data
+ * initially. If any node is empty, it
+ * means it was removed, but an empty
+ * node exists because it is a
+ * super-domain. Just skip it.
+ */
+ if (node->data == NULL) {
+ result = dns_rbtnodechain_next(
+ &chain, NULL, NULL);
+ if (result == ISC_R_NOMORE) {
+ node = NULL;
+ } else {
+ dns_rbtnodechain_current(
+ &chain, NULL, NULL,
+ &node);
+ }
+ }
+ continue;
+ }
+
+ assert_non_null(node);
+
+ n = (size_t *)node->data;
+ if (n != NULL) {
+ /* printf("n=%zu, i=%zu\n", *n, i); */
+ assert_int_equal(*n, i);
+ }
+
+ result = dns_rbtnodechain_next(&chain, NULL, NULL);
+ if (result == ISC_R_NOMORE) {
+ node = NULL;
+ } else {
+ dns_rbtnodechain_current(&chain, NULL, NULL,
+ &node);
+ }
+ }
+
+ /* We should have reached the end of the tree. */
+ assert_null(node);
+
+ dns_rbt_destroy(&mytree);
+ }
+}
+
+static void
+insert_nodes(dns_rbt_t *mytree, char **names, size_t *names_count,
+ uint32_t num_names) {
+ uint32_t i;
+ dns_rbtnode_t *node;
+
+ for (i = 0; i < num_names; i++) {
+ size_t *n;
+ char namebuf[34];
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+
+ *n = i; /* Unused value */
+
+ while (1) {
+ int j;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_result_t result;
+
+ for (j = 0; j < 32; j++) {
+ uint32_t v = isc_random_uniform(26);
+ namebuf[j] = 'a' + v;
+ }
+ namebuf[32] = '.';
+ namebuf[33] = 0;
+
+ dns_test_namefromstring(namebuf, &fname);
+ name = dns_fixedname_name(&fname);
+
+ node = NULL;
+ result = dns_rbt_addnode(mytree, name, &node);
+ if (result == ISC_R_SUCCESS) {
+ node->data = n;
+ names[*names_count] = isc_mem_strdup(dt_mctx,
+ namebuf);
+ assert_non_null(names[*names_count]);
+ *names_count += 1;
+ break;
+ }
+ }
+ }
+}
+
+static void
+remove_nodes(dns_rbt_t *mytree, char **names, size_t *names_count,
+ uint32_t num_names) {
+ uint32_t i;
+
+ UNUSED(mytree);
+
+ for (i = 0; i < num_names; i++) {
+ uint32_t node;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ isc_result_t result;
+
+ node = isc_random_uniform(*names_count);
+
+ dns_test_namefromstring(names[node], &fname);
+ name = dns_fixedname_name(&fname);
+
+ result = dns_rbt_deletename(mytree, name, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_mem_free(dt_mctx, names[node]);
+ if (*names_count > 0) {
+ names[node] = names[*names_count - 1];
+ names[*names_count - 1] = NULL;
+ *names_count -= 1;
+ }
+ }
+}
+
+static void
+check_tree(dns_rbt_t *mytree, char **names, size_t names_count) {
+ bool tree_ok;
+
+ UNUSED(names);
+
+ assert_int_equal(names_count + 1, dns_rbt_nodecount(mytree));
+
+ /*
+ * The distance from each node to its sub-tree root must be less
+ * than 2 * log_2(1024).
+ */
+ assert_true((2 * 10) >= dns__rbt_getheight(mytree));
+
+ /* Also check RB tree properties */
+ tree_ok = dns__rbt_checkproperties(mytree);
+ assert_true(tree_ok);
+}
+
+/*
+ * Test insert and remove in a loop.
+ *
+ * What is the best way to test our red-black tree code? It is
+ * not a good method to test every case handled in the actual
+ * code itself. This is because our approach itself may be
+ * incorrect.
+ *
+ * We test our code at the interface level here by exercising the
+ * tree randomly multiple times, checking that red-black tree
+ * properties are valid, and all the nodes that are supposed to be
+ * in the tree exist and are in order.
+ *
+ * NOTE: These tests are run within a single tree level in the
+ * forest. The number of nodes in the tree level doesn't grow
+ * over 1024.
+ */
+static void
+rbt_insert_and_remove(void **state) {
+ isc_result_t result;
+ dns_rbt_t *mytree = NULL;
+ size_t *n;
+ char *names[1024];
+ size_t names_count;
+ int i;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ result = dns_rbt_create(dt_mctx, delete_data, NULL, &mytree);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ result = dns_rbt_addname(mytree, dns_rootname, n);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ memset(names, 0, sizeof(names));
+ names_count = 0;
+
+ /* Repeat the insert/remove test some 4096 times */
+ for (i = 0; i < 4096; i++) {
+ uint32_t num_names;
+
+ if (names_count < 1024) {
+ num_names = isc_random_uniform(1024 - names_count);
+ num_names++;
+ } else {
+ num_names = 0;
+ }
+
+ insert_nodes(mytree, names, &names_count, num_names);
+ check_tree(mytree, names, names_count);
+
+ if (names_count > 0) {
+ num_names = isc_random_uniform(names_count);
+ num_names++;
+ } else {
+ num_names = 0;
+ }
+
+ remove_nodes(mytree, names, &names_count, num_names);
+ check_tree(mytree, names, names_count);
+ }
+
+ /* Remove the rest of the nodes */
+ remove_nodes(mytree, names, &names_count, names_count);
+ check_tree(mytree, names, names_count);
+
+ for (i = 0; i < 1024; i++) {
+ if (names[i] != NULL) {
+ isc_mem_free(dt_mctx, names[i]);
+ }
+ }
+
+ result = dns_rbt_deletename(mytree, dns_rootname, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(dns_rbt_nodecount(mytree), 0);
+
+ dns_rbt_destroy(&mytree);
+}
+
+/* Test findname return values */
+static void
+rbt_findname(void **state) {
+ isc_result_t result;
+ test_context_t *ctx = NULL;
+ dns_fixedname_t fname, found;
+ dns_name_t *name = NULL, *foundname = NULL;
+ size_t *n = NULL;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ /* Try to find a name that exists. */
+ dns_test_namefromstring("d.e.f", &fname);
+ name = dns_fixedname_name(&fname);
+
+ foundname = dns_fixedname_initname(&found);
+
+ result = dns_rbt_findname(ctx->rbt, name, DNS_RBTFIND_EMPTYDATA,
+ foundname, (void *)&n);
+ assert_true(dns_name_equal(foundname, name));
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Now without EMPTYDATA */
+ result = dns_rbt_findname(ctx->rbt, name, 0, foundname, (void *)&n);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+
+ /* Now one that partially matches */
+ dns_test_namefromstring("d.e.f.g.h.i.j", &fname);
+ name = dns_fixedname_name(&fname);
+ result = dns_rbt_findname(ctx->rbt, name, DNS_RBTFIND_EMPTYDATA,
+ foundname, (void *)&n);
+ assert_int_equal(result, DNS_R_PARTIALMATCH);
+
+ /* Now one that doesn't match */
+ dns_test_namefromstring("1.2", &fname);
+ name = dns_fixedname_name(&fname);
+ result = dns_rbt_findname(ctx->rbt, name, DNS_RBTFIND_EMPTYDATA,
+ foundname, (void *)&n);
+ assert_int_equal(result, DNS_R_PARTIALMATCH);
+ assert_true(dns_name_equal(foundname, dns_rootname));
+
+ test_context_teardown(ctx);
+}
+
+/* Test addname return values */
+static void
+rbt_addname(void **state) {
+ isc_result_t result;
+ test_context_t *ctx = NULL;
+ dns_fixedname_t fname;
+ dns_name_t *name = NULL;
+ size_t *n;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = 1;
+
+ dns_test_namefromstring("d.e.f.g.h.i.j.k", &fname);
+ name = dns_fixedname_name(&fname);
+
+ /* Add a name that doesn't exist */
+ result = dns_rbt_addname(ctx->rbt, name, n);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Now add again, should get ISC_R_EXISTS */
+ n = isc_mem_get(dt_mctx, sizeof(size_t));
+ assert_non_null(n);
+ *n = 2;
+ result = dns_rbt_addname(ctx->rbt, name, n);
+ assert_int_equal(result, ISC_R_EXISTS);
+ isc_mem_put(dt_mctx, n, sizeof(size_t));
+
+ test_context_teardown(ctx);
+}
+
+/* Test deletename return values */
+static void
+rbt_deletename(void **state) {
+ isc_result_t result;
+ test_context_t *ctx = NULL;
+ dns_fixedname_t fname;
+ dns_name_t *name = NULL;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ /* Delete a name that doesn't exist */
+ dns_test_namefromstring("z.x.y.w", &fname);
+ name = dns_fixedname_name(&fname);
+ result = dns_rbt_deletename(ctx->rbt, name, false);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+
+ /* Now one that does */
+ dns_test_namefromstring("d.e.f", &fname);
+ name = dns_fixedname_name(&fname);
+ result = dns_rbt_deletename(ctx->rbt, name, false);
+ assert_int_equal(result, ISC_R_NOTFOUND);
+
+ test_context_teardown(ctx);
+}
+
+/* Test nodechain */
+static void
+rbt_nodechain(void **state) {
+ isc_result_t result;
+ test_context_t *ctx;
+ dns_fixedname_t fname, found, expect;
+ dns_name_t *name, *foundname, *expected;
+ dns_rbtnode_t *node = NULL;
+ dns_rbtnodechain_t chain;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ dns_rbtnodechain_init(&chain);
+
+ dns_test_namefromstring("a", &fname);
+ name = dns_fixedname_name(&fname);
+
+ result = dns_rbt_findnode(ctx->rbt, name, NULL, &node, &chain, 0, NULL,
+ NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ foundname = dns_fixedname_initname(&found);
+
+ dns_test_namefromstring("a", &expect);
+ expected = dns_fixedname_name(&expect);
+ UNUSED(expected);
+
+ result = dns_rbtnodechain_first(&chain, ctx->rbt, foundname, NULL);
+ assert_int_equal(result, DNS_R_NEWORIGIN);
+ assert_int_equal(dns_name_countlabels(foundname), 0);
+
+ result = dns_rbtnodechain_prev(&chain, NULL, NULL);
+ assert_int_equal(result, ISC_R_NOMORE);
+
+ result = dns_rbtnodechain_next(&chain, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_rbtnodechain_next(&chain, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_rbtnodechain_last(&chain, ctx->rbt, NULL, NULL);
+ assert_int_equal(result, DNS_R_NEWORIGIN);
+
+ result = dns_rbtnodechain_next(&chain, NULL, NULL);
+ assert_int_equal(result, ISC_R_NOMORE);
+
+ result = dns_rbtnodechain_last(&chain, ctx->rbt, NULL, NULL);
+ assert_int_equal(result, DNS_R_NEWORIGIN);
+
+ result = dns_rbtnodechain_prev(&chain, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_rbtnodechain_invalidate(&chain);
+
+ test_context_teardown(ctx);
+}
+
+/* Test addname return values */
+static void
+rbtnode_namelen(void **state) {
+ isc_result_t result;
+ test_context_t *ctx = NULL;
+ dns_rbtnode_t *node;
+ unsigned int len;
+
+ UNUSED(state);
+
+ isc_mem_debugging = ISC_MEM_DEBUGRECORD;
+
+ ctx = test_context_setup();
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, ".", &node);
+ len = dns__rbtnode_namelen(node);
+ assert_int_equal(result, ISC_R_EXISTS);
+ assert_int_equal(len, 1);
+ node = NULL;
+
+ result = insert_helper(ctx->rbt, "a.b.c.d.e.f.g.h.i.j.k.l.m", &node);
+ len = dns__rbtnode_namelen(node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(len, 27);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "isc.org", &node);
+ len = dns__rbtnode_namelen(node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(len, 9);
+
+ node = NULL;
+ result = insert_helper(ctx->rbt, "example.com", &node);
+ len = dns__rbtnode_namelen(node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(len, 13);
+
+ test_context_teardown(ctx);
+}
+
+#if defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__)
+
+/*
+ * XXXMUKS: Don't delete this code. It is useful in benchmarking the
+ * RBT, but we don't require it as part of the unit test runs.
+ */
+
+static dns_fixedname_t *fnames;
+static dns_name_t **names;
+static int *values;
+
+static void *
+find_thread(void *arg) {
+ dns_rbt_t *mytree;
+ isc_result_t result;
+ dns_rbtnode_t *node;
+ unsigned int j, i;
+ unsigned int start = 0;
+
+ mytree = (dns_rbt_t *)arg;
+ while (start == 0) {
+ start = random() % 4000000;
+ }
+
+ /* Query 32 million random names from it in each thread */
+ for (j = 0; j < 8; j++) {
+ for (i = start; i != start - 1; i = (i + 1) % 4000000) {
+ node = NULL;
+ result = dns_rbt_findnode(mytree, names[i], NULL, &node,
+ NULL, DNS_RBTFIND_EMPTYDATA,
+ NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(node);
+ assert_int_equal(values[i], (intptr_t)node->data);
+ }
+ }
+
+ return (NULL);
+}
+
+/* Benchmark RBT implementation */
+static void
+benchmark(void **state) {
+ isc_result_t result;
+ char namestr[sizeof("name18446744073709551616.example.org.")];
+ unsigned int r;
+ dns_rbt_t *mytree;
+ dns_rbtnode_t *node;
+ unsigned int i;
+ unsigned int maxvalue = 1000000;
+ isc_time_t ts1, ts2;
+ double t;
+ unsigned int nthreads;
+ isc_thread_t threads[32];
+
+ UNUSED(state);
+
+ srandom(time(NULL));
+
+ debug_mem_record = false;
+
+ fnames = (dns_fixedname_t *)malloc(4000000 * sizeof(dns_fixedname_t));
+ names = (dns_name_t **)malloc(4000000 * sizeof(dns_name_t *));
+ values = (int *)malloc(4000000 * sizeof(int));
+
+ for (i = 0; i < 4000000; i++) {
+ r = ((unsigned long)random()) % maxvalue;
+ snprintf(namestr, sizeof(namestr), "name%u.example.org.", r);
+ dns_test_namefromstring(namestr, &fnames[i]);
+ names[i] = dns_fixedname_name(&fnames[i]);
+ values[i] = r;
+ }
+
+ /* Create a tree. */
+ mytree = NULL;
+ result = dns_rbt_create(dt_mctx, NULL, NULL, &mytree);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Insert test data into the tree. */
+ for (i = 0; i < maxvalue; i++) {
+ snprintf(namestr, sizeof(namestr), "name%u.example.org.", i);
+ node = NULL;
+ result = insert_helper(mytree, namestr, &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ node->data = (void *)(intptr_t)i;
+ }
+
+ result = isc_time_now(&ts1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ nthreads = ISC_MIN(isc_os_ncpus(), 32);
+ nthreads = ISC_MAX(nthreads, 1);
+ for (i = 0; i < nthreads; i++) {
+ isc_thread_create(find_thread, mytree, &threads[i]);
+ }
+
+ for (i = 0; i < nthreads; i++) {
+ isc_thread_join(threads[i], NULL);
+ }
+
+ result = isc_time_now(&ts2);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ t = isc_time_microdiff(&ts2, &ts1);
+
+ printf("%u findnode calls, %f seconds, %f calls/second\n",
+ nthreads * 8 * 4000000, t / 1000000.0,
+ (nthreads * 8 * 4000000) / (t / 1000000.0));
+
+ free(values);
+ free(names);
+ free(fnames);
+
+ dns_rbt_destroy(&mytree);
+}
+#endif /* defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__) */
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(rbt_create, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rbt_nodecount, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(rbtnode_get_distance, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(rbt_check_distance_random,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rbt_check_distance_ordered,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rbt_insert, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rbt_remove, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rbt_insert_and_remove, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(rbt_findname, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(rbt_addname, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rbt_deletename, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(rbt_nodechain, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(rbtnode_namelen, _setup,
+ _teardown),
+#if defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__)
+ cmocka_unit_test_setup_teardown(benchmark, _setup, _teardown),
+#endif /* defined(DNS_BENCHMARK_TESTS) && !defined(__SANITIZE_THREAD__) */
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rbtdb_test.c b/lib/dns/tests/rbtdb_test.c
new file mode 100644
index 0000000..ac7b776
--- /dev/null
+++ b/lib/dns/tests/rbtdb_test.c
@@ -0,0 +1,423 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/print.h>
+#include <isc/util.h>
+
+#include <dns/rbt.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+
+#include "dnstest.h"
+
+/* Include the main file */
+
+#include "../rbtdb.c"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+const char *ownercase_vectors[12][2] = {
+ {
+ "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz",
+ "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz",
+ },
+ {
+ "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz",
+ "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ",
+ },
+ {
+ "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUVVWWXXYYZZ",
+ "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz",
+ },
+ {
+ "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ",
+ "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz",
+ },
+ {
+ "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVxXyYzZ",
+ "aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvxxyyzz",
+ },
+ {
+ "WwW.ExAmPlE.OrG",
+ "wWw.eXaMpLe.oRg",
+ },
+ {
+ "_SIP.tcp.example.org",
+ "_sip.TCP.example.org",
+ },
+ {
+ "bind-USERS.lists.example.org",
+ "bind-users.lists.example.org",
+ },
+ {
+ "a0123456789.example.org",
+ "A0123456789.example.org",
+ },
+ {
+ "\\000.example.org",
+ "\\000.example.org",
+ },
+ {
+ "wWw.\\000.isc.org",
+ "www.\\000.isc.org",
+ },
+ {
+ "\255.example.org",
+ "\255.example.ORG",
+ }
+};
+
+static bool
+ownercase_test_one(const char *str1, const char *str2) {
+ isc_result_t result;
+ rbtdb_nodelock_t node_locks[1];
+ dns_rbtdb_t rbtdb = { .node_locks = node_locks };
+ dns_rbtnode_t rbtnode = { .locknum = 0 };
+ rdatasetheader_t header = { 0 };
+ unsigned char *raw = (unsigned char *)(&header) + sizeof(header);
+ dns_rdataset_t rdataset = {
+ .magic = DNS_RDATASET_MAGIC,
+ .private1 = &rbtdb,
+ .private2 = &rbtnode,
+ .private3 = raw,
+ .methods = &rdataset_methods,
+ };
+
+ isc_buffer_t b;
+ dns_fixedname_t fname1, fname2;
+ dns_name_t *name1, *name2;
+
+ memset(node_locks, 0, sizeof(node_locks));
+ /* Minimal initialization of the mock objects */
+ NODE_INITLOCK(&rbtdb.node_locks[0].lock);
+
+ name1 = dns_fixedname_initname(&fname1);
+ isc_buffer_constinit(&b, str1, strlen(str1));
+ isc_buffer_add(&b, strlen(str1));
+ result = dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ name2 = dns_fixedname_initname(&fname2);
+ isc_buffer_constinit(&b, str2, strlen(str2));
+ isc_buffer_add(&b, strlen(str2));
+ result = dns_name_fromtext(name2, &b, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Store the case from name1 */
+ dns_rdataset_setownercase(&rdataset, name1);
+
+ assert_true(CASESET(&header));
+
+ /* Retrieve the case to name2 */
+ dns_rdataset_getownercase(&rdataset, name2);
+
+ NODE_DESTROYLOCK(&rbtdb.node_locks[0].lock);
+
+ return (dns_name_caseequal(name1, name2));
+}
+
+static void
+ownercase_test(void **state) {
+ UNUSED(state);
+
+ for (size_t n = 0; n < ARRAY_SIZE(ownercase_vectors); n++) {
+ assert_true(ownercase_test_one(ownercase_vectors[n][0],
+ ownercase_vectors[n][1]));
+ }
+
+ assert_false(ownercase_test_one("W.example.org", "\\000.example.org"));
+
+ /* Ö and ö in ISO Latin 1 */
+ assert_false(ownercase_test_one("\\216", "\\246"));
+}
+
+static void
+setownercase_test(void **state) {
+ isc_result_t result;
+ rbtdb_nodelock_t node_locks[1];
+ dns_rbtdb_t rbtdb = { .node_locks = node_locks };
+ dns_rbtnode_t rbtnode = { .locknum = 0 };
+ rdatasetheader_t header = { 0 };
+ unsigned char *raw = (unsigned char *)(&header) + sizeof(header);
+ dns_rdataset_t rdataset = {
+ .magic = DNS_RDATASET_MAGIC,
+ .private1 = &rbtdb,
+ .private2 = &rbtnode,
+ .private3 = raw,
+ .methods = &rdataset_methods,
+ };
+ const char *str1 =
+ "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz";
+
+ isc_buffer_t b;
+ dns_fixedname_t fname1, fname2;
+ dns_name_t *name1, *name2;
+
+ UNUSED(state);
+
+ /* Minimal initialization of the mock objects */
+ memset(node_locks, 0, sizeof(node_locks));
+ NODE_INITLOCK(&rbtdb.node_locks[0].lock);
+
+ name1 = dns_fixedname_initname(&fname1);
+ isc_buffer_constinit(&b, str1, strlen(str1));
+ isc_buffer_add(&b, strlen(str1));
+ result = dns_name_fromtext(name1, &b, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ name2 = dns_fixedname_initname(&fname2);
+ isc_buffer_constinit(&b, str1, strlen(str1));
+ isc_buffer_add(&b, strlen(str1));
+ result = dns_name_fromtext(name2, &b, dns_rootname, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_false(CASESET(&header));
+
+ /* Retrieve the case to name2 */
+ dns_rdataset_getownercase(&rdataset, name2);
+
+ NODE_DESTROYLOCK(&rbtdb.node_locks[0].lock);
+
+ assert_true(dns_name_caseequal(name1, name2));
+}
+
+/*
+ * No operation water() callback. We need it to cause overmem condition, but
+ * nothing has to be done in the callback.
+ */
+static void
+overmempurge_water(void *arg, int mark) {
+ UNUSED(arg);
+ UNUSED(mark);
+}
+
+/*
+ * Add to a cache DB 'db' an rdataset of type 'rtype' at a name
+ * <idx>.example.com. The rdataset would contain one data, and rdata_len is
+ * its length. 'rtype' is supposed to be some private type whose data can be
+ * arbitrary (and it doesn't matter in this test).
+ */
+static void
+overmempurge_addrdataset(dns_db_t *db, isc_stdtime_t now, int idx,
+ dns_rdatatype_t rtype, size_t rdata_len,
+ bool longname) {
+ isc_result_t result;
+ dns_rdata_t rdata;
+ dns_dbnode_t *node = NULL;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ dns_fixedname_t fname;
+ dns_name_t *name;
+ char namebuf[DNS_NAME_FORMATSIZE];
+ unsigned char rdatabuf[65535]; /* large enough for any valid RDATA */
+
+ REQUIRE(rdata_len <= sizeof(rdatabuf));
+
+ if (longname) {
+ /*
+ * Build a longest possible name (in wire format) that would
+ * result in a new rbt node with the long name data.
+ */
+ snprintf(namebuf, sizeof(namebuf),
+ "%010d.%010dabcdef%010dabcdef%010dabcdef%010dabcde."
+ "%010dabcdef%010dabcdef%010dabcdef%010dabcde."
+ "%010dabcdef%010dabcdef%010dabcdef%010dabcde."
+ "%010dabcdef%010dabcdef%010dabcdef01.",
+ idx, idx, idx, idx, idx, idx, idx, idx, idx, idx, idx,
+ idx, idx, idx, idx, idx);
+ } else {
+ snprintf(namebuf, sizeof(namebuf), "%d.example.com.", idx);
+ }
+
+ dns_test_namefromstring(namebuf, &fname);
+ name = dns_fixedname_name(&fname);
+
+ result = dns_db_findnode(db, name, true, &node);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(node);
+
+ dns_rdata_init(&rdata);
+ rdata.length = rdata_len;
+ rdata.data = rdatabuf;
+ rdata.rdclass = dns_rdataclass_in;
+ rdata.type = rtype;
+
+ dns_rdatalist_init(&rdatalist);
+ rdatalist.rdclass = dns_rdataclass_in;
+ rdatalist.type = rtype;
+ rdatalist.ttl = 3600;
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+
+ dns_rdataset_init(&rdataset);
+ result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_db_addrdataset(db, node, NULL, now, &rdataset, 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_db_detachnode(db, &node);
+}
+
+static void
+overmempurge_bigrdata_test(void **state) {
+ size_t maxcache = 2097152U; /* 2MB - same as DNS_CACHE_MINSIZE */
+ size_t hiwater = maxcache - (maxcache >> 3); /* borrowed from cache.c */
+ size_t lowater = maxcache - (maxcache >> 2); /* ditto */
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ isc_mem_t *mctx2 = NULL;
+ isc_stdtime_t now;
+ size_t i;
+
+ UNUSED(state);
+
+ isc_stdtime_get(&now);
+
+ isc_mem_create(&mctx2);
+
+ result = dns_db_create(mctx2, "rbt", dns_rootname, dns_dbtype_cache,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_mem_setwater(mctx2, overmempurge_water, NULL, hiwater, lowater);
+
+ /*
+ * Add cache entries with minimum size of data until 'overmem'
+ * condition is triggered.
+ * This should eventually happen, but we also limit the number of
+ * iteration to avoid an infinite loop in case something gets wrong.
+ */
+ for (i = 0; !isc_mem_isovermem(mctx2) && i < (maxcache / 10); i++) {
+ overmempurge_addrdataset(db, now, i, 50053, 0, false);
+ }
+ assert_true(isc_mem_isovermem(mctx2));
+
+ /*
+ * Then try to add the same number of entries, each has very large data.
+ * 'overmem purge' should keep the total cache size from not exceeding
+ * the 'hiwater' mark too much. So we should be able to assume the
+ * cache size doesn't reach the "max".
+ */
+ while (i-- > 0) {
+ overmempurge_addrdataset(db, now, i, 50054, 65535, false);
+ assert_true(isc_mem_inuse(mctx2) < maxcache);
+ }
+
+ dns_db_detach(&db);
+ isc_mem_destroy(&mctx2);
+}
+
+static void
+overmempurge_longname_test(void **state) {
+ size_t maxcache = 2097152U; /* 2MB - same as DNS_CACHE_MINSIZE */
+ size_t hiwater = maxcache - (maxcache >> 3); /* borrowed from cache.c */
+ size_t lowater = maxcache - (maxcache >> 2); /* ditto */
+ isc_result_t result;
+ dns_db_t *db = NULL;
+ isc_mem_t *mctx2 = NULL;
+ isc_stdtime_t now;
+ size_t i;
+
+ UNUSED(state);
+
+ isc_stdtime_get(&now);
+ isc_mem_create(&mctx2);
+
+ result = dns_db_create(mctx2, "rbt", dns_rootname, dns_dbtype_cache,
+ dns_rdataclass_in, 0, NULL, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_mem_setwater(mctx2, overmempurge_water, NULL, hiwater, lowater);
+
+ /*
+ * Add cache entries with minimum size of data until 'overmem'
+ * condition is triggered.
+ * This should eventually happen, but we also limit the number of
+ * iteration to avoid an infinite loop in case something gets wrong.
+ */
+ for (i = 0; !isc_mem_isovermem(mctx2) && i < (maxcache / 10); i++) {
+ overmempurge_addrdataset(db, now, i, 50053, 0, false);
+ }
+ assert_true(isc_mem_isovermem(mctx2));
+
+ /*
+ * Then try to add the same number of entries, each has very large data.
+ * 'overmem purge' should keep the total cache size from not exceeding
+ * the 'hiwater' mark too much. So we should be able to assume the
+ * cache size doesn't reach the "max".
+ */
+ while (i-- > 0) {
+ overmempurge_addrdataset(db, now, i, 50054, 0, true);
+ assert_true(isc_mem_inuse(mctx2) < maxcache);
+ }
+
+ dns_db_detach(&db);
+ isc_mem_destroy(&mctx2);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(ownercase_test),
+ cmocka_unit_test(setownercase_test),
+ cmocka_unit_test(overmempurge_bigrdata_test),
+ cmocka_unit_test(overmempurge_longname_test),
+ };
+
+ return (cmocka_run_group_tests(tests, _setup, _teardown));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c
new file mode 100644
index 0000000..9bcac99
--- /dev/null
+++ b/lib/dns/tests/rdata_test.c
@@ -0,0 +1,3229 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+
+#include <isc/cmocka.h>
+#include <isc/commandline.h>
+#include <isc/hex.h>
+#include <isc/lex.h>
+#include <isc/print.h>
+#include <isc/stdio.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/rdata.h>
+
+#include "dnstest.h"
+
+static bool debug = false;
+
+/*
+ * An array of these structures is passed to compare_ok().
+ */
+struct compare_ok {
+ const char *text1; /* text passed to fromtext_*() */
+ const char *text2; /* text passed to fromtext_*() */
+ int answer; /* -1, 0, 1 */
+ int lineno; /* source line defining this RDATA */
+};
+typedef struct compare_ok compare_ok_t;
+
+struct textvsunknown {
+ const char *text1;
+ const char *text2;
+};
+typedef struct textvsunknown textvsunknown_t;
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/*
+ * An array of these structures is passed to check_text_ok().
+ */
+typedef struct text_ok {
+ const char *text_in; /* text passed to fromtext_*() */
+ const char *text_out; /* text expected from totext_*();
+ * NULL indicates text_in is invalid */
+ unsigned int loop;
+} text_ok_t;
+
+/*
+ * An array of these structures is passed to check_wire_ok().
+ */
+typedef struct wire_ok {
+ unsigned char data[512]; /* RDATA in wire format */
+ size_t len; /* octets of data to parse */
+ bool ok; /* is this RDATA valid? */
+ unsigned int loop;
+} wire_ok_t;
+
+#define COMPARE(r1, r2, answer) \
+ { \
+ r1, r2, answer, __LINE__ \
+ }
+#define COMPARE_SENTINEL() \
+ { \
+ NULL, NULL, 0, __LINE__ \
+ }
+
+#define TEXT_VALID_CHANGED(data_in, data_out) \
+ { \
+ data_in, data_out, 0 \
+ }
+#define TEXT_VALID(data) \
+ { \
+ data, data, 0 \
+ }
+#define TEXT_VALID_LOOP(loop, data) \
+ { \
+ data, data, loop \
+ }
+#define TEXT_VALID_LOOPCHG(loop, data_in, data_out) \
+ { \
+ data_in, data_out, loop \
+ }
+#define TEXT_INVALID(data) \
+ { \
+ data, NULL, 0 \
+ }
+#define TEXT_SENTINEL() TEXT_INVALID(NULL)
+
+#define VARGC(...) (sizeof((unsigned char[]){ __VA_ARGS__ }))
+#define WIRE_TEST(ok, loop, ...) \
+ { \
+ { __VA_ARGS__ }, VARGC(__VA_ARGS__), ok, loop \
+ }
+#define WIRE_VALID(...) WIRE_TEST(true, 0, __VA_ARGS__)
+#define WIRE_VALID_LOOP(loop, ...) WIRE_TEST(true, loop, __VA_ARGS__)
+/*
+ * WIRE_INVALID() test cases must always have at least one octet specified to
+ * distinguish them from WIRE_SENTINEL(). Use the 'empty_ok' parameter passed
+ * to check_wire_ok() for indicating whether empty RDATA is allowed for a given
+ * RR type or not.
+ */
+#define WIRE_INVALID(FIRST, ...) WIRE_TEST(false, 0, FIRST, __VA_ARGS__)
+#define WIRE_SENTINEL() WIRE_TEST(false, 0)
+
+/*
+ * Call dns_rdata_fromwire() for data in 'src', which is 'srclen' octets in
+ * size and represents RDATA of given 'type' and 'class'. Store the resulting
+ * uncompressed wire form in 'dst', which is 'dstlen' octets in size, and make
+ * 'rdata' refer to that uncompressed wire form.
+ */
+static isc_result_t
+wire_to_rdata(const unsigned char *src, size_t srclen, dns_rdataclass_t rdclass,
+ dns_rdatatype_t type, unsigned char *dst, size_t dstlen,
+ dns_rdata_t *rdata) {
+ isc_buffer_t source, target;
+ dns_decompress_t dctx;
+ isc_result_t result;
+
+ /*
+ * Set up len-octet buffer pointing at data.
+ */
+ isc_buffer_constinit(&source, src, srclen);
+ isc_buffer_add(&source, srclen);
+ isc_buffer_setactive(&source, srclen);
+
+ /*
+ * Initialize target buffer.
+ */
+ isc_buffer_init(&target, dst, dstlen);
+
+ /*
+ * Try converting input data into uncompressed wire form.
+ */
+ dns_decompress_init(&dctx, -1, DNS_DECOMPRESS_ANY);
+ result = dns_rdata_fromwire(rdata, rdclass, type, &source, &dctx, 0,
+ &target);
+ dns_decompress_invalidate(&dctx);
+
+ return (result);
+}
+
+/*
+ * Call dns_rdata_towire() for rdata and write to result to dst.
+ */
+static isc_result_t
+rdata_towire(dns_rdata_t *rdata, unsigned char *dst, size_t dstlen,
+ size_t *length) {
+ isc_buffer_t target;
+ dns_compress_t cctx;
+ isc_result_t result;
+
+ /*
+ * Initialize target buffer.
+ */
+ isc_buffer_init(&target, dst, dstlen);
+
+ /*
+ * Try converting input data into uncompressed wire form.
+ */
+ dns_compress_init(&cctx, -1, dt_mctx);
+ result = dns_rdata_towire(rdata, &cctx, &target);
+ dns_compress_invalidate(&cctx);
+
+ *length = isc_buffer_usedlength(&target);
+
+ return (result);
+}
+
+static isc_result_t
+additionaldata_cb(void *arg, const dns_name_t *name, dns_rdatatype_t qtype) {
+ UNUSED(arg);
+ UNUSED(name);
+ UNUSED(qtype);
+ return (ISC_R_SUCCESS);
+}
+
+/*
+ * call dns_rdata_additionaldata() for rdata.
+ */
+static isc_result_t
+rdata_additionadata(dns_rdata_t *rdata) {
+ return (dns_rdata_additionaldata(rdata, additionaldata_cb, NULL));
+}
+
+/*
+ * Call dns_rdata_checknames() with various owner names chosen to
+ * match well known forms.
+ *
+ * We are currently only checking that the calls do not trigger
+ * assertion failures.
+ *
+ * XXXMPA A future extension could be to record the expected
+ * result and the expected value of 'bad'.
+ */
+static void
+rdata_checknames(dns_rdata_t *rdata) {
+ dns_fixedname_t fixed, bfixed;
+ dns_name_t *name, *bad;
+ isc_result_t result;
+
+ name = dns_fixedname_initname(&fixed);
+ bad = dns_fixedname_initname(&bfixed);
+
+ (void)dns_rdata_checknames(rdata, dns_rootname, NULL);
+ (void)dns_rdata_checknames(rdata, dns_rootname, bad);
+
+ result = dns_name_fromstring(name, "example.net", 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ (void)dns_rdata_checknames(rdata, name, NULL);
+ (void)dns_rdata_checknames(rdata, name, bad);
+
+ result = dns_name_fromstring(name, "in-addr.arpa", 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ (void)dns_rdata_checknames(rdata, name, NULL);
+ (void)dns_rdata_checknames(rdata, name, bad);
+
+ result = dns_name_fromstring(name, "ip6.arpa", 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ (void)dns_rdata_checknames(rdata, name, NULL);
+ (void)dns_rdata_checknames(rdata, name, bad);
+}
+
+/*
+ * Test whether converting rdata to a type-specific struct and then back to
+ * rdata results in the same uncompressed wire form. This checks whether
+ * tostruct_*() and fromstruct_*() routines for given RR class and type behave
+ * consistently.
+ *
+ * This function is called for every correctly processed input RDATA, from both
+ * check_text_ok_single() and check_wire_ok_single().
+ */
+static void
+check_struct_conversions(dns_rdata_t *rdata, size_t structsize,
+ unsigned int loop) {
+ dns_rdataclass_t rdclass = rdata->rdclass;
+ dns_rdatatype_t type = rdata->type;
+ isc_result_t result;
+ isc_buffer_t target;
+ void *rdata_struct;
+ char buf[1024];
+ unsigned int count = 0;
+
+ rdata_struct = isc_mem_allocate(dt_mctx, structsize);
+ assert_non_null(rdata_struct);
+
+ /*
+ * Convert from uncompressed wire form into type-specific struct.
+ */
+ result = dns_rdata_tostruct(rdata, rdata_struct, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Convert from type-specific struct into uncompressed wire form.
+ */
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_rdata_fromstruct(NULL, rdclass, type, rdata_struct,
+ &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Ensure results are consistent.
+ */
+ assert_int_equal(isc_buffer_usedlength(&target), rdata->length);
+
+ assert_memory_equal(buf, rdata->data, rdata->length);
+
+ /*
+ * Check that one can walk hip rendezvous servers and
+ * https/svcb parameters.
+ */
+ switch (type) {
+ case dns_rdatatype_hip: {
+ dns_rdata_hip_t *hip = rdata_struct;
+
+ for (result = dns_rdata_hip_first(hip); result == ISC_R_SUCCESS;
+ result = dns_rdata_hip_next(hip))
+ {
+ dns_name_t name;
+ dns_name_init(&name, NULL);
+ dns_rdata_hip_current(hip, &name);
+ assert_int_not_equal(dns_name_countlabels(&name), 0);
+ assert_true(dns_name_isabsolute(&name));
+ count++;
+ }
+ assert_int_equal(result, ISC_R_NOMORE);
+ assert_int_equal(count, loop);
+ break;
+ }
+ case dns_rdatatype_https: {
+ dns_rdata_in_https_t *https = rdata_struct;
+
+ for (result = dns_rdata_in_https_first(https);
+ result == ISC_R_SUCCESS;
+ result = dns_rdata_in_https_next(https))
+ {
+ isc_region_t region;
+ dns_rdata_in_https_current(https, &region);
+ assert_true(region.length >= 4);
+ count++;
+ }
+ assert_int_equal(result, ISC_R_NOMORE);
+ assert_int_equal(count, loop);
+ break;
+ }
+ case dns_rdatatype_svcb: {
+ dns_rdata_in_svcb_t *svcb = rdata_struct;
+
+ for (result = dns_rdata_in_svcb_first(svcb);
+ result == ISC_R_SUCCESS;
+ result = dns_rdata_in_svcb_next(svcb))
+ {
+ isc_region_t region;
+ dns_rdata_in_svcb_current(svcb, &region);
+ assert_true(region.length >= 4);
+ count++;
+ }
+ assert_int_equal(result, ISC_R_NOMORE);
+ assert_int_equal(count, loop);
+ break;
+ }
+ }
+
+ isc_mem_free(dt_mctx, rdata_struct);
+}
+
+/*
+ * Check whether converting supplied text form RDATA into uncompressed wire
+ * form succeeds (tests fromtext_*()). If so, try converting it back into text
+ * form and see if it results in the original text (tests totext_*()).
+ */
+static void
+check_text_ok_single(const text_ok_t *text_ok, dns_rdataclass_t rdclass,
+ dns_rdatatype_t type, size_t structsize) {
+ unsigned char buf_fromtext[1024], buf_fromwire[1024], buf_towire[1024];
+ dns_rdata_t rdata = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT;
+ char buf_totext[1024] = { 0 };
+ isc_buffer_t target;
+ isc_result_t result;
+ size_t length = 0;
+
+ if (debug) {
+ fprintf(stdout, "#check_text_ok_single(%s)\n",
+ text_ok->text_in);
+ }
+ /*
+ * Try converting text form RDATA into uncompressed wire form.
+ */
+ result = dns_test_rdatafromstring(&rdata, rdclass, type, buf_fromtext,
+ sizeof(buf_fromtext),
+ text_ok->text_in, false);
+ /*
+ * Check whether result is as expected.
+ */
+ if (text_ok->text_out != NULL) {
+ if (debug && result != ISC_R_SUCCESS) {
+ fprintf(stdout, "# '%s'\n", text_ok->text_in);
+ fprintf(stdout, "# result=%s\n",
+ dns_result_totext(result));
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ } else {
+ if (debug && result == ISC_R_SUCCESS) {
+ fprintf(stdout, "#'%s'\n", text_ok->text_in);
+ }
+ assert_int_not_equal(result, ISC_R_SUCCESS);
+ }
+
+ /*
+ * If text form RDATA was not parsed correctly, performing any
+ * additional checks is pointless.
+ */
+ if (result != ISC_R_SUCCESS) {
+ return;
+ }
+
+ /*
+ * Try converting uncompressed wire form RDATA back into text form and
+ * check whether the resulting text is the same as the original one.
+ */
+ isc_buffer_init(&target, buf_totext, sizeof(buf_totext));
+ result = dns_rdata_totext(&rdata, NULL, &target);
+ if (result != ISC_R_SUCCESS && debug) {
+ size_t i;
+ fprintf(stdout, "# dns_rdata_totext -> %s",
+ dns_result_totext(result));
+ for (i = 0; i < rdata.length; i++) {
+ if ((i % 16) == 0) {
+ fprintf(stdout, "\n#");
+ }
+ fprintf(stdout, " %02x", rdata.data[i]);
+ }
+ fprintf(stdout, "\n");
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ /*
+ * Ensure buf_totext is properly NUL terminated as dns_rdata_totext()
+ * may attempt different output formats writing into the apparently
+ * unused part of the buffer.
+ */
+ isc_buffer_putuint8(&target, 0);
+ if (debug && strcmp(buf_totext, text_ok->text_out) != 0) {
+ fprintf(stdout, "# '%s' != '%s'\n", buf_totext,
+ text_ok->text_out);
+ }
+ assert_string_equal(buf_totext, text_ok->text_out);
+
+ if (debug) {
+ fprintf(stdout, "#dns_rdata_totext -> '%s'\n", buf_totext);
+ }
+
+ /*
+ * Ensure that fromtext_*() output is valid input for fromwire_*().
+ */
+ result = wire_to_rdata(rdata.data, rdata.length, rdclass, type,
+ buf_fromwire, sizeof(buf_fromwire), &rdata2);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(rdata.length, rdata2.length);
+ assert_memory_equal(rdata.data, buf_fromwire, rdata.length);
+
+ /*
+ * Ensure that fromtext_*() output is valid input for towire_*().
+ */
+ result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(rdata.length, length);
+ assert_memory_equal(rdata.data, buf_towire, length);
+
+ /*
+ * Test that additionaldata_*() succeeded.
+ */
+ result = rdata_additionadata(&rdata);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Exercise checknames_*().
+ */
+ rdata_checknames(&rdata);
+
+ /*
+ * Perform two-way conversion checks between uncompressed wire form and
+ * type-specific struct.
+ */
+ check_struct_conversions(&rdata, structsize, text_ok->loop);
+}
+
+/*
+ * Test whether converting rdata to text form and then parsing the result of
+ * that conversion again results in the same uncompressed wire form. This
+ * checks whether totext_*() output is parsable by fromtext_*() for given RR
+ * class and type.
+ *
+ * This function is called for every input RDATA which is successfully parsed
+ * by check_wire_ok_single() and whose type is not a meta-type.
+ */
+static void
+check_text_conversions(dns_rdata_t *rdata) {
+ char buf_totext[1024] = { 0 };
+ unsigned char buf_fromtext[1024];
+ isc_result_t result;
+ isc_buffer_t target;
+ dns_rdata_t rdata2 = DNS_RDATA_INIT;
+
+ /*
+ * Convert uncompressed wire form RDATA into text form. This
+ * conversion must succeed since input RDATA was successfully
+ * parsed by check_wire_ok_single().
+ */
+ isc_buffer_init(&target, buf_totext, sizeof(buf_totext));
+ result = dns_rdata_totext(rdata, NULL, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ /*
+ * Ensure buf_totext is properly NUL terminated as dns_rdata_totext()
+ * may attempt different output formats writing into the apparently
+ * unused part of the buffer.
+ */
+ isc_buffer_putuint8(&target, 0);
+ if (debug) {
+ fprintf(stdout, "#'%s'\n", buf_totext);
+ }
+
+ /*
+ * Try parsing text form RDATA output by dns_rdata_totext() again.
+ */
+ result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type,
+ buf_fromtext, sizeof(buf_fromtext),
+ buf_totext, false);
+ if (debug && result != ISC_R_SUCCESS) {
+ fprintf(stdout, "# result = %s\n", dns_result_totext(result));
+ fprintf(stdout, "# '%s'\n", buf_fromtext);
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(rdata2.length, rdata->length);
+ assert_memory_equal(buf_fromtext, rdata->data, rdata->length);
+}
+
+/*
+ * Test whether converting rdata to multi-line text form and then parsing the
+ * result of that conversion again results in the same uncompressed wire form.
+ * This checks whether multi-line totext_*() output is parsable by fromtext_*()
+ * for given RR class and type.
+ *
+ * This function is called for every input RDATA which is successfully parsed
+ * by check_wire_ok_single() and whose type is not a meta-type.
+ */
+static void
+check_multiline_text_conversions(dns_rdata_t *rdata) {
+ char buf_totext[1024] = { 0 };
+ unsigned char buf_fromtext[1024];
+ isc_result_t result;
+ isc_buffer_t target;
+ dns_rdata_t rdata2 = DNS_RDATA_INIT;
+ unsigned int flags;
+
+ /*
+ * Convert uncompressed wire form RDATA into multi-line text form.
+ * This conversion must succeed since input RDATA was successfully
+ * parsed by check_wire_ok_single().
+ */
+ isc_buffer_init(&target, buf_totext, sizeof(buf_totext));
+ flags = dns_master_styleflags(&dns_master_style_default);
+ result = dns_rdata_tofmttext(rdata, dns_rootname, flags, 80 - 32, 4,
+ "\n", &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ /*
+ * Ensure buf_totext is properly NUL terminated as
+ * dns_rdata_tofmttext() may attempt different output formats
+ * writing into the apparently unused part of the buffer.
+ */
+ isc_buffer_putuint8(&target, 0);
+ if (debug) {
+ fprintf(stdout, "#'%s'\n", buf_totext);
+ }
+
+ /*
+ * Try parsing multi-line text form RDATA output by
+ * dns_rdata_tofmttext() again.
+ */
+ result = dns_test_rdatafromstring(&rdata2, rdata->rdclass, rdata->type,
+ buf_fromtext, sizeof(buf_fromtext),
+ buf_totext, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(rdata2.length, rdata->length);
+ assert_memory_equal(buf_fromtext, rdata->data, rdata->length);
+}
+
+/*
+ * Test whether supplied wire form RDATA is properly handled as being either
+ * valid or invalid for an RR of given rdclass and type.
+ */
+static void
+check_wire_ok_single(const wire_ok_t *wire_ok, dns_rdataclass_t rdclass,
+ dns_rdatatype_t type, size_t structsize) {
+ unsigned char buf[1024], buf_towire[1024];
+ isc_result_t result;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ size_t length = 0;
+
+ /*
+ * Try converting wire data into uncompressed wire form.
+ */
+ result = wire_to_rdata(wire_ok->data, wire_ok->len, rdclass, type, buf,
+ sizeof(buf), &rdata);
+ /*
+ * Check whether result is as expected.
+ */
+ if (wire_ok->ok) {
+ assert_int_equal(result, ISC_R_SUCCESS);
+ } else {
+ assert_int_not_equal(result, ISC_R_SUCCESS);
+ }
+
+ if (result != ISC_R_SUCCESS) {
+ return;
+ }
+
+ /*
+ * If data was parsed correctly, perform two-way conversion checks
+ * between uncompressed wire form and type-specific struct.
+ *
+ * If the RR type is not a meta-type, additionally perform two-way
+ * conversion checks between:
+ *
+ * - uncompressed wire form and text form,
+ * - uncompressed wire form and multi-line text form.
+ */
+ check_struct_conversions(&rdata, structsize, wire_ok->loop);
+ if (!dns_rdatatype_ismeta(rdata.type)) {
+ check_text_conversions(&rdata);
+ check_multiline_text_conversions(&rdata);
+ }
+
+ /*
+ * Ensure that fromwire_*() output is valid input for towire_*().
+ */
+ result = rdata_towire(&rdata, buf_towire, sizeof(buf_towire), &length);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(rdata.length, length);
+ assert_memory_equal(rdata.data, buf_towire, length);
+
+ /*
+ * Test that additionaldata_*() succeeded.
+ */
+ result = rdata_additionadata(&rdata);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Exercise checknames_*().
+ */
+ rdata_checknames(&rdata);
+}
+
+/*
+ * Test fromtext_*() and totext_*() routines for given RR class and type for
+ * each text form RDATA in the supplied array. See the comment for
+ * check_text_ok_single() for an explanation of how exactly these routines are
+ * tested.
+ */
+static void
+check_text_ok(const text_ok_t *text_ok, dns_rdataclass_t rdclass,
+ dns_rdatatype_t type, size_t structsize) {
+ size_t i;
+
+ /*
+ * Check all entries in the supplied array.
+ */
+ for (i = 0; text_ok[i].text_in != NULL; i++) {
+ check_text_ok_single(&text_ok[i], rdclass, type, structsize);
+ }
+}
+
+/*
+ * For each wire form RDATA in the supplied array, check whether it is properly
+ * handled as being either valid or invalid for an RR of given rdclass and
+ * type, then check whether trying to process a zero-length wire data buffer
+ * yields the expected result. This checks whether the fromwire_*() routine
+ * for given RR class and type behaves as expected.
+ */
+static void
+check_wire_ok(const wire_ok_t *wire_ok, bool empty_ok, dns_rdataclass_t rdclass,
+ dns_rdatatype_t type, size_t structsize) {
+ wire_ok_t empty_wire = WIRE_TEST(empty_ok, 0);
+ size_t i;
+
+ /*
+ * Check all entries in the supplied array.
+ */
+ for (i = 0; wire_ok[i].len != 0; i++) {
+ if (debug) {
+ fprintf(stderr, "calling check_wire_ok_single on %zu\n",
+ i);
+ }
+ check_wire_ok_single(&wire_ok[i], rdclass, type, structsize);
+ }
+
+ /*
+ * Check empty wire data.
+ */
+ check_wire_ok_single(&empty_wire, rdclass, type, structsize);
+}
+
+/*
+ * Check that two records compare as expected with dns_rdata_compare().
+ */
+static void
+check_compare_ok_single(const compare_ok_t *compare_ok,
+ dns_rdataclass_t rdclass, dns_rdatatype_t type) {
+ dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT;
+ unsigned char buf1[1024], buf2[1024];
+ isc_result_t result;
+ int answer;
+
+ result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1,
+ sizeof(buf1), compare_ok->text1,
+ false);
+ if (result != ISC_R_SUCCESS) {
+ fail_msg("# line %d: '%s': expected success, got failure",
+ compare_ok->lineno, compare_ok->text1);
+ }
+
+ result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2,
+ sizeof(buf2), compare_ok->text2,
+ false);
+
+ if (result != ISC_R_SUCCESS) {
+ fail_msg("# line %d: '%s': expected success, got failure",
+ compare_ok->lineno, compare_ok->text2);
+ }
+
+ answer = dns_rdata_compare(&rdata1, &rdata2);
+ if (compare_ok->answer == 0 && answer != 0) {
+ fail_msg("# line %d: dns_rdata_compare('%s', '%s'): "
+ "expected equal, got %s",
+ compare_ok->lineno, compare_ok->text1,
+ compare_ok->text2,
+ (answer > 0) ? "greater than" : "less than");
+ }
+ if (compare_ok->answer < 0 && answer >= 0) {
+ fail_msg("# line %d: dns_rdata_compare('%s', '%s'): "
+ "expected less than, got %s",
+ compare_ok->lineno, compare_ok->text1,
+ compare_ok->text2,
+ (answer == 0) ? "equal" : "greater than");
+ }
+ if (compare_ok->answer > 0 && answer <= 0) {
+ fail_msg("line %d: dns_rdata_compare('%s', '%s'): "
+ "expected greater than, got %s",
+ compare_ok->lineno, compare_ok->text1,
+ compare_ok->text2,
+ (answer == 0) ? "equal" : "less than");
+ }
+}
+
+/*
+ * Check that all the records sets in compare_ok compare as expected
+ * with dns_rdata_compare().
+ */
+static void
+check_compare_ok(const compare_ok_t *compare_ok, dns_rdataclass_t rdclass,
+ dns_rdatatype_t type) {
+ size_t i;
+ /*
+ * Check all entries in the supplied array.
+ */
+ for (i = 0; compare_ok[i].text1 != NULL; i++) {
+ check_compare_ok_single(&compare_ok[i], rdclass, type);
+ }
+}
+
+/*
+ * Test whether supplied sets of text form and/or wire form RDATA are handled
+ * as expected.
+ *
+ * The empty_ok argument denotes whether an attempt to parse a zero-length wire
+ * data buffer should succeed or not (it is valid for some RR types). There is
+ * no point in performing a similar check for empty text form RDATA, because
+ * dns_rdata_fromtext() returns ISC_R_UNEXPECTEDEND before calling fromtext_*()
+ * for the given RR class and type.
+ */
+static void
+check_rdata(const text_ok_t *text_ok, const wire_ok_t *wire_ok,
+ const compare_ok_t *compare_ok, bool empty_ok,
+ dns_rdataclass_t rdclass, dns_rdatatype_t type, size_t structsize) {
+ if (text_ok != NULL) {
+ check_text_ok(text_ok, rdclass, type, structsize);
+ }
+ if (wire_ok != NULL) {
+ check_wire_ok(wire_ok, empty_ok, rdclass, type, structsize);
+ }
+ if (compare_ok != NULL) {
+ check_compare_ok(compare_ok, rdclass, type);
+ }
+}
+
+/*
+ * Check presentation vs unknown format of the record.
+ */
+static void
+check_textvsunknown_single(const textvsunknown_t *textvsunknown,
+ dns_rdataclass_t rdclass, dns_rdatatype_t type) {
+ dns_rdata_t rdata1 = DNS_RDATA_INIT, rdata2 = DNS_RDATA_INIT;
+ unsigned char buf1[1024], buf2[1024];
+ isc_result_t result;
+
+ result = dns_test_rdatafromstring(&rdata1, rdclass, type, buf1,
+ sizeof(buf1), textvsunknown->text1,
+ false);
+ if (debug && result != ISC_R_SUCCESS) {
+ fprintf(stdout, "# '%s'\n", textvsunknown->text1);
+ fprintf(stdout, "# result=%s\n", dns_result_totext(result));
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_test_rdatafromstring(&rdata2, rdclass, type, buf2,
+ sizeof(buf2), textvsunknown->text2,
+ false);
+ if (debug && result != ISC_R_SUCCESS) {
+ fprintf(stdout, "# '%s'\n", textvsunknown->text2);
+ fprintf(stdout, "# result=%s\n", dns_result_totext(result));
+ }
+ assert_int_equal(result, ISC_R_SUCCESS);
+ if (debug && rdata1.length != rdata2.length) {
+ fprintf(stdout, "# '%s'\n", textvsunknown->text1);
+ fprintf(stdout, "# rdata1.length (%u) != rdata2.length (%u)\n",
+ rdata1.length, rdata2.length);
+ }
+ assert_int_equal(rdata1.length, rdata2.length);
+ if (debug && memcmp(rdata1.data, rdata2.data, rdata1.length) != 0) {
+ unsigned int i;
+ fprintf(stdout, "# '%s'\n", textvsunknown->text1);
+ for (i = 0; i < rdata1.length; i++) {
+ if (rdata1.data[i] != rdata2.data[i]) {
+ fprintf(stderr, "# %u: %02x != %02x\n", i,
+ rdata1.data[i], rdata2.data[i]);
+ }
+ }
+ }
+ assert_memory_equal(rdata1.data, rdata2.data, rdata1.length);
+}
+
+static void
+check_textvsunknown(const textvsunknown_t *textvsunknown,
+ dns_rdataclass_t rdclass, dns_rdatatype_t type) {
+ size_t i;
+
+ /*
+ * Check all entries in the supplied array.
+ */
+ for (i = 0; textvsunknown[i].text1 != NULL; i++) {
+ check_textvsunknown_single(&textvsunknown[i], rdclass, type);
+ }
+}
+
+/*
+ * Common tests for RR types based on KEY that require key data:
+ *
+ * - CDNSKEY (RFC 7344)
+ * - DNSKEY (RFC 4034)
+ * - RKEY (draft-reid-dnsext-rkey-00)
+ */
+static void
+key_required(void **state, dns_rdatatype_t type, size_t size) {
+ wire_ok_t wire_ok[] = { /*
+ * RDATA must be at least 5 octets in size:
+ *
+ * - 2 octets for Flags,
+ * - 1 octet for Protocol,
+ * - 1 octet for Algorithm,
+ * - Public Key must not be empty.
+ *
+ * RFC 2535 section 3.1.2 allows the Public Key
+ * to be empty if bits 0-1 of Flags are both
+ * set, but that only applies to KEY records:
+ * for the RR types tested here, the Public Key
+ * must not be empty.
+ */
+ WIRE_INVALID(0x00),
+ WIRE_INVALID(0x00, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00),
+ WIRE_INVALID(0xc0, 0x00, 0x00, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in, type, size);
+}
+
+/* APL RDATA manipulations */
+static void
+apl(void **state) {
+ text_ok_t text_ok[] = {
+ /* empty list */
+ TEXT_VALID(""),
+ /* min,max prefix IPv4 */
+ TEXT_VALID("1:0.0.0.0/0"), TEXT_VALID("1:127.0.0.1/32"),
+ /* min,max prefix IPv6 */
+ TEXT_VALID("2:::/0"), TEXT_VALID("2:::1/128"),
+ /* negated */
+ TEXT_VALID("!1:0.0.0.0/0"), TEXT_VALID("!1:127.0.0.1/32"),
+ TEXT_VALID("!2:::/0"), TEXT_VALID("!2:::1/128"),
+ /* bits set after prefix length - not disallowed */
+ TEXT_VALID("1:127.0.0.0/0"), TEXT_VALID("2:8000::/0"),
+ /* multiple */
+ TEXT_VALID("1:0.0.0.0/0 1:127.0.0.1/32"),
+ TEXT_VALID("1:0.0.0.0/0 !1:127.0.0.1/32"),
+ /* family 0, prefix 0, positive */
+ TEXT_VALID("\\# 4 00000000"),
+ /* family 0, prefix 0, negative */
+ TEXT_VALID("\\# 4 00000080"),
+ /* prefix too long */
+ TEXT_INVALID("1:0.0.0.0/33"), TEXT_INVALID("2:::/129"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = { /* zero length */
+ WIRE_VALID(),
+ /* prefix too big IPv4 */
+ WIRE_INVALID(0x00, 0x01, 33U, 0x00),
+ /* prefix too big IPv6 */
+ WIRE_INVALID(0x00, 0x02, 129U, 0x00),
+ /* trailing zero octet in afdpart */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, true, dns_rdataclass_in,
+ dns_rdatatype_apl, sizeof(dns_rdata_in_apl_t));
+}
+
+/*
+ * http://broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf
+ *
+ * ATMA RR’s have the following RDATA format:
+ *
+ * 1 1 1 1 1 1
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ * | FORMAT | |
+ * +--+--+--+--+--+--+--+--+ |
+ * / ADDRESS /
+ * | |
+ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *
+ * The fields have the following meaning:
+ *
+ * * FORMAT: One octet that indicates the format of ADDRESS. The two
+ * possible values for FORMAT are value 0 indicating ATM End System Address
+ * (AESA) format and value 1 indicating E.164 format.
+ *
+ * * ADDRESS: Variable length string of octets containing the ATM address of
+ * the node to which this RR pertains.
+ *
+ * When the format value is 0, indicating that the address is in AESA format,
+ * the address is coded as described in ISO 8348/AD 2 using the preferred
+ * binary encoding of the ISO NSAP format. When the format value is 1,
+ * indicating that the address is in E.164 format, the Address/Number Digits
+ * appear in the order in which they would be entered on a numeric keypad.
+ * Digits are coded in IA5 characters with the leftmost bit of each digit set
+ * to 0. This ATM address appears in ATM End System Address Octets field (AESA
+ * format) or the Address/Number Digits field (E.164 format) of the Called
+ * party number information element [ATMUNI3.1]. Subaddress information is
+ * intentionally not included because E.164 subaddress information is used for
+ * routing.
+ *
+ * ATMA RRs cause no additional section processing.
+ */
+static void
+atma(void **state) {
+ text_ok_t text_ok[] = { TEXT_VALID("00"),
+ TEXT_VALID_CHANGED("0.0", "00"),
+ /*
+ * multiple consecutive periods
+ */
+ TEXT_INVALID("0..0"),
+ /*
+ * trailing period
+ */
+ TEXT_INVALID("00."),
+ /*
+ * leading period
+ */
+ TEXT_INVALID(".00"),
+ /*
+ * Not full octets.
+ */
+ TEXT_INVALID("000"),
+ /*
+ * E.164
+ */
+ TEXT_VALID("+61200000000"),
+ /*
+ * E.164 with periods
+ */
+ TEXT_VALID_CHANGED("+61.2.0000.0000", "+6120000"
+ "0000"),
+ /*
+ * E.164 with period at end
+ */
+ TEXT_INVALID("+61200000000."),
+ /*
+ * E.164 with multiple consecutive periods
+ */
+ TEXT_INVALID("+612..00000000"),
+ /*
+ * E.164 with period before the leading digit.
+ */
+ TEXT_INVALID("+.61200000000"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL() };
+ wire_ok_t wire_ok[] = {
+ /*
+ * Too short.
+ */
+ WIRE_INVALID(0x00), WIRE_INVALID(0x01),
+ /*
+ * all digits
+ */
+ WIRE_VALID(0x01, '6', '1', '2', '0', '0', '0'),
+ /*
+ * non digit
+ */
+ WIRE_INVALID(0x01, '+', '6', '1', '2', '0', '0', '0'),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_atma, sizeof(dns_rdata_in_atma_t));
+}
+
+/* AMTRELAY RDATA manipulations */
+static void
+amtrelay(void **state) {
+ text_ok_t text_ok[] = {
+ TEXT_INVALID(""), TEXT_INVALID("0"), TEXT_INVALID("0 0"),
+ /* gateway type 0 */
+ TEXT_VALID("0 0 0"), TEXT_VALID("0 1 0"),
+ TEXT_INVALID("0 2 0"), /* discovery out of range */
+ TEXT_VALID("255 1 0"), /* max precedence */
+ TEXT_INVALID("256 1 0"), /* precedence out of range */
+
+ /* IPv4 gateway */
+ TEXT_INVALID("0 0 1"), /* no address */
+ TEXT_VALID("0 0 1 0.0.0.0"),
+ TEXT_INVALID("0 0 1 0.0.0.0 x"), /* extra */
+ TEXT_INVALID("0 0 1 0.0.0.0.0"), /* bad address */
+ TEXT_INVALID("0 0 1 ::"), /* bad address */
+ TEXT_INVALID("0 0 1 ."), /* bad address */
+
+ /* IPv6 gateway */
+ TEXT_INVALID("0 0 2"), /* no address */
+ TEXT_VALID("0 0 2 ::"), TEXT_INVALID("0 0 2 :: xx"), /* extra */
+ TEXT_INVALID("0 0 2 0.0.0.0"), /* bad address */
+ TEXT_INVALID("0 0 2 ."), /* bad address */
+
+ /* hostname gateway */
+ TEXT_INVALID("0 0 3"), /* no name */
+ /* IPv4 is a valid name */
+ TEXT_VALID_CHANGED("0 0 3 0.0.0.0", "0 0 3 0.0.0.0."),
+ /* IPv6 is a valid name */
+ TEXT_VALID_CHANGED("0 0 3 ::", "0 0 3 ::."),
+ TEXT_VALID_CHANGED("0 0 3 example", "0 0 3 example."),
+ TEXT_VALID("0 0 3 example."),
+ TEXT_INVALID("0 0 3 example. x"), /* extra */
+
+ /* unknown gateway */
+ TEXT_VALID("\\# 2 0004"), TEXT_VALID("\\# 2 0084"),
+ TEXT_VALID("\\# 2 007F"), TEXT_VALID("\\# 3 000400"),
+ TEXT_VALID("\\# 3 008400"), TEXT_VALID("\\# 3 00FF00"),
+
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = {
+ WIRE_INVALID(0x00), WIRE_VALID(0x00, 0x00),
+ WIRE_VALID(0x00, 0x80), WIRE_INVALID(0x00, 0x00, 0x00),
+ WIRE_INVALID(0x00, 0x80, 0x00),
+
+ WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00),
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00),
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00),
+ WIRE_VALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00),
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00),
+
+ WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00),
+ WIRE_VALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13, 0x14,
+ 0x15),
+ WIRE_INVALID(0x00, 0x02, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x09, 0x10, 0x11, 0x12, 0x13,
+ 0x14, 0x15, 0x16),
+
+ WIRE_INVALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00),
+ WIRE_INVALID(0x00, 0x03, 0x00, 0x00), /* extra */
+
+ WIRE_VALID(0x00, 0x04), WIRE_VALID(0x00, 0x04, 0x00),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_amtrelay, sizeof(dns_rdata_amtrelay_t));
+}
+
+static void
+cdnskey(void **state) {
+ key_required(state, dns_rdatatype_cdnskey, sizeof(dns_rdata_cdnskey_t));
+}
+
+/*
+ * CSYNC tests.
+ *
+ * RFC 7477:
+ *
+ * 2.1. The CSYNC Resource Record Format
+ *
+ * 2.1.1. The CSYNC Resource Record Wire Format
+ *
+ * The CSYNC RDATA consists of the following fields:
+ *
+ * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | SOA Serial |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Flags | Type Bit Map /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * / Type Bit Map (continued) /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * 2.1.1.1. The SOA Serial Field
+ *
+ * The SOA Serial field contains a copy of the 32-bit SOA serial number
+ * from the child zone. If the soaminimum flag is set, parental agents
+ * querying children's authoritative servers MUST NOT act on data from
+ * zones advertising an SOA serial number less than this value. See
+ * [RFC1982] for properly implementing "less than" logic. If the
+ * soaminimum flag is not set, parental agents MUST ignore the value in
+ * the SOA Serial field. Clients can set the field to any value if the
+ * soaminimum flag is unset, such as the number zero.
+ *
+ * (...)
+ *
+ * 2.1.1.2. The Flags Field
+ *
+ * The Flags field contains 16 bits of boolean flags that define
+ * operations that affect the processing of the CSYNC record. The flags
+ * defined in this document are as follows:
+ *
+ * 0x00 0x01: "immediate"
+ *
+ * 0x00 0x02: "soaminimum"
+ *
+ * The definitions for how the flags are to be used can be found in
+ * Section 3.
+ *
+ * The remaining flags are reserved for use by future specifications.
+ * Undefined flags MUST be set to 0 by CSYNC publishers. Parental
+ * agents MUST NOT process a CSYNC record if it contains a 1 value for a
+ * flag that is unknown to or unsupported by the parental agent.
+ *
+ * 2.1.1.2.1. The Type Bit Map Field
+ *
+ * The Type Bit Map field indicates the record types to be processed by
+ * the parental agent, according to the procedures in Section 3. The
+ * Type Bit Map field is encoded in the same way as the Type Bit Map
+ * field of the NSEC record, described in [RFC4034], Section 4.1.2. If
+ * a bit has been set that a parental agent implementation does not
+ * understand, the parental agent MUST NOT act upon the record.
+ * Specifically, a parental agent must not simply copy the data, and it
+ * must understand the semantics associated with a bit in the Type Bit
+ * Map field that has been set to 1.
+ */
+static void
+csync(void **state) {
+ text_ok_t text_ok[] = { TEXT_INVALID(""),
+ TEXT_INVALID("0"),
+ TEXT_VALID("0 0"),
+ TEXT_VALID("0 0 A"),
+ TEXT_VALID("0 0 NS"),
+ TEXT_VALID("0 0 AAAA"),
+ TEXT_VALID("0 0 A AAAA"),
+ TEXT_VALID("0 0 A NS AAAA"),
+ TEXT_INVALID("0 0 A NS AAAA BOGUS"),
+ TEXT_SENTINEL() };
+ wire_ok_t wire_ok[] = {
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Serial + flags only.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Bad type map.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Bad type map.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Good type map.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+ 0x02),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_csync, sizeof(dns_rdata_csync_t));
+}
+
+static void
+dnskey(void **state) {
+ key_required(state, dns_rdatatype_dnskey, sizeof(dns_rdata_dnskey_t));
+}
+
+/*
+ * DOA tests.
+ *
+ * draft-durand-doa-over-dns-03:
+ *
+ * 3.2. DOA RDATA Wire Format
+ *
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 0: | |
+ * | DOA-ENTERPRISE |
+ * | |
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 4: | |
+ * | DOA-TYPE |
+ * | |
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 8: | DOA-LOCATION | DOA-MEDIA-TYPE /
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 10: / /
+ * / DOA-MEDIA-TYPE (continued) /
+ * / /
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * / /
+ * / DOA-DATA /
+ * / /
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ *
+ * DOA-ENTERPRISE: a 32-bit unsigned integer in network order.
+ *
+ * DOA-TYPE: a 32-bit unsigned integer in network order.
+ *
+ * DOA-LOCATION: an 8-bit unsigned integer.
+ *
+ * DOA-MEDIA-TYPE: A <character-string> (see [RFC1035]). The first
+ * octet of the <character-string> contains the number of characters to
+ * follow.
+ *
+ * DOA-DATA: A variable length blob of binary data. The length of the
+ * DOA-DATA is not contained within the wire format of the RR and has to
+ * be computed from the RDLENGTH of the entire RR once other fields have
+ * been taken into account.
+ *
+ * 3.3. DOA RDATA Presentation Format
+ *
+ * The DOA-ENTERPRISE field is presented as an unsigned 32-bit decimal
+ * integer with range 0 - 4,294,967,295.
+ *
+ * The DOA-TYPE field is presented as an unsigned 32-bit decimal integer
+ * with range 0 - 4,294,967,295.
+ *
+ * The DOA-LOCATION field is presented as an unsigned 8-bit decimal
+ * integer with range 0 - 255.
+ *
+ * The DOA-MEDIA-TYPE field is presented as a single <character-string>.
+ *
+ * The DOA-DATA is presented as Base64 encoded data [RFC4648] unless the
+ * DOA-DATA is empty in which case it is presented as a single dash
+ * character ("-", ASCII 45). White space is permitted within Base64
+ * data.
+ */
+static void
+doa(void **state) {
+ text_ok_t text_ok[] = {
+ /*
+ * Valid, non-empty DOA-DATA.
+ */
+ TEXT_VALID("0 0 1 \"text/plain\" Zm9v"),
+ /*
+ * Valid, non-empty DOA-DATA with whitespace in between.
+ */
+ TEXT_VALID_CHANGED("0 0 1 \"text/plain\" Zm 9v", "0 0 1 "
+ "\"text/"
+ "plain\" "
+ "Zm9v"),
+ /*
+ * Valid, unquoted DOA-MEDIA-TYPE, non-empty DOA-DATA.
+ */
+ TEXT_VALID_CHANGED("0 0 1 text/plain Zm9v", "0 0 1 "
+ "\"text/plain\" "
+ "Zm9v"),
+ /*
+ * Invalid, quoted non-empty DOA-DATA.
+ */
+ TEXT_INVALID("0 0 1 \"text/plain\" \"Zm9v\""),
+ /*
+ * Valid, empty DOA-DATA.
+ */
+ TEXT_VALID("0 0 1 \"text/plain\" -"),
+ /*
+ * Invalid, quoted empty DOA-DATA.
+ */
+ TEXT_INVALID("0 0 1 \"text/plain\" \"-\""),
+ /*
+ * Invalid, missing "-" in empty DOA-DATA.
+ */
+ TEXT_INVALID("0 0 1 \"text/plain\""),
+ /*
+ * Valid, undefined DOA-LOCATION.
+ */
+ TEXT_VALID("0 0 100 \"text/plain\" Zm9v"),
+ /*
+ * Invalid, DOA-LOCATION too big.
+ */
+ TEXT_INVALID("0 0 256 \"text/plain\" ZM9v"),
+ /*
+ * Valid, empty DOA-MEDIA-TYPE, non-empty DOA-DATA.
+ */
+ TEXT_VALID("0 0 2 \"\" aHR0cHM6Ly93d3cuaXNjLm9yZy8="),
+ /*
+ * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA.
+ */
+ TEXT_VALID("0 0 1 \"\" -"),
+ /*
+ * Valid, DOA-MEDIA-TYPE with a space.
+ */
+ TEXT_VALID("0 0 1 \"plain text\" Zm9v"),
+ /*
+ * Invalid, missing DOA-MEDIA-TYPE.
+ */
+ TEXT_INVALID("1234567890 1234567890 1"),
+ /*
+ * Valid, DOA-DATA over 255 octets.
+ */
+ TEXT_VALID("1234567890 1234567890 1 \"image/gif\" "
+ "R0lGODlhKAAZAOMCAGZmZgBmmf///zOZzMz//5nM/zNmmWbM"
+ "/5nMzMzMzACZ/////////////////////yH5BAEKAA8ALAAA"
+ "AAAoABkAAATH8IFJK5U2a4337F5ogRkpnoCJrly7PrCKyh8c"
+ "3HgAhzT35MDbbtO7/IJIHbGiOiaTxVTpSVWWLqNq1UVyapNS"
+ "1wd3OAxug0LhnCubcVhsxysQnOt4ATpvvzHlFzl1AwODhWeF"
+ "AgRpen5/UhheAYMFdUB4SFcpGEGGdQeCAqBBLTuSk30EeXd9"
+ "pEsAbKGxjHqDSE0Sp6ixN4N1BJmbc7lIhmsBich1awPAjkY1"
+ "SZR8bJWrz382SGqIBQQFQd4IsUTaX+ceuudPEQA7"),
+ /*
+ * Invalid, bad Base64 in DOA-DATA.
+ */
+ TEXT_INVALID("1234567890 1234567890 1 \"image/gif\" R0lGODl"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = {
+ /*
+ * Valid, empty DOA-MEDIA-TYPE, empty DOA-DATA.
+ */
+ WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01,
+ 0x00),
+ /*
+ * Invalid, missing DOA-MEDIA-TYPE.
+ */
+ WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78,
+ 0x01),
+ /*
+ * Invalid, malformed DOA-MEDIA-TYPE length.
+ */
+ WIRE_INVALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78,
+ 0x01, 0xff),
+ /*
+ * Valid, empty DOA-DATA.
+ */
+ WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01,
+ 0x03, 0x66, 0x6f, 0x6f),
+ /*
+ * Valid, non-empty DOA-DATA.
+ */
+ WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01,
+ 0x03, 0x66, 0x6f, 0x6f, 0x62, 0x61, 0x72),
+ /*
+ * Valid, DOA-DATA over 255 octets.
+ */
+ WIRE_VALID(0x12, 0x34, 0x56, 0x78, 0x12, 0x34, 0x56, 0x78, 0x01,
+ 0x06, 0x62, 0x69, 0x6e, 0x61, 0x72, 0x79, 0x00, 0x66,
+ 0x99, 0xff, 0xff, 0xff, 0x33, 0x99, 0xcc, 0xcc, 0xff,
+ 0xff, 0x99, 0xcc, 0xff, 0x33, 0x66, 0x99, 0x66, 0xcc,
+ 0xff, 0x99, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x00, 0x99,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x21, 0xf9,
+ 0x04, 0x01, 0x0a, 0x00, 0x0f, 0x00, 0x2c, 0x00, 0x00,
+ 0x00, 0x00, 0x28, 0x00, 0x19, 0x00, 0x00, 0x04, 0xc7,
+ 0xf0, 0x81, 0x49, 0x2b, 0x95, 0x36, 0x6b, 0x8d, 0xf7,
+ 0xec, 0x5e, 0x68, 0x81, 0x19, 0x29, 0x9e, 0x80, 0x89,
+ 0xae, 0x5c, 0xbb, 0x3e, 0xb0, 0x8a, 0xca, 0x1f, 0x1c,
+ 0xdc, 0x78, 0x00, 0x87, 0x34, 0xf7, 0xe4, 0xc0, 0xdb,
+ 0x6e, 0xd3, 0xbb, 0xfc, 0x82, 0x48, 0x1d, 0xb1, 0xa2,
+ 0x3a, 0x26, 0x93, 0xc5, 0x54, 0xe9, 0x49, 0x55, 0x96,
+ 0x2e, 0xa3, 0x6a, 0xd5, 0x45, 0x72, 0x6a, 0x93, 0x52,
+ 0xd7, 0x07, 0x77, 0x38, 0x0c, 0x6e, 0x83, 0x42, 0xe1,
+ 0x9c, 0x2b, 0x9b, 0x71, 0x58, 0x6c, 0xc7, 0x2b, 0x10,
+ 0x9c, 0xeb, 0x78, 0x01, 0x3a, 0x6f, 0xbf, 0x31, 0xe5,
+ 0x17, 0x39, 0x75, 0x03, 0x03, 0x83, 0x85, 0x67, 0x85,
+ 0x02, 0x04, 0x69, 0x7a, 0x7e, 0x7f, 0x52, 0x18, 0x5e,
+ 0x01, 0x83, 0x05, 0x75, 0x40, 0x78, 0x48, 0x57, 0x29,
+ 0x18, 0x41, 0x86, 0x75, 0x07, 0x82, 0x02, 0xa0, 0x41,
+ 0x2d, 0x3b, 0x92, 0x93, 0x7d, 0x04, 0x79, 0x77, 0x7d,
+ 0xa4, 0x4b, 0x00, 0x6c, 0xa1, 0xb1, 0x8c, 0x7a, 0x83,
+ 0x48, 0x4d, 0x12, 0xa7, 0xa8, 0xb1, 0x37, 0x83, 0x75,
+ 0x04, 0x99, 0x9b, 0x73, 0xb9, 0x48, 0x86, 0x6b, 0x01,
+ 0x89, 0xc8, 0x75, 0x6b, 0x03, 0xc0, 0x8e, 0x46, 0x35,
+ 0x49, 0x94, 0x7c, 0x6c, 0x95, 0xab, 0xcf, 0x7f, 0x36,
+ 0x48, 0x6a, 0x88, 0x05, 0x04, 0x05, 0x41, 0xde, 0x08,
+ 0xb1, 0x44, 0xda, 0x5f, 0xe7, 0x1e, 0xba, 0xe7, 0x4f,
+ 0x11, 0x00, 0x3b),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_doa, sizeof(dns_rdata_doa_t));
+}
+
+/*
+ * DS tests.
+ *
+ * RFC 4034:
+ *
+ * 5.1. DS RDATA Wire Format
+ *
+ * The RDATA for a DS RR consists of a 2 octet Key Tag field, a 1 octet
+ * Algorithm field, a 1 octet Digest Type field, and a Digest field.
+ *
+ * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Key Tag | Algorithm | Digest Type |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * / /
+ * / Digest /
+ * / /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * 5.1.1. The Key Tag Field
+ *
+ * The Key Tag field lists the key tag of the DNSKEY RR referred to by
+ * the DS record, in network byte order.
+ *
+ * The Key Tag used by the DS RR is identical to the Key Tag used by
+ * RRSIG RRs. Appendix B describes how to compute a Key Tag.
+ *
+ * 5.1.2. The Algorithm Field
+ *
+ * The Algorithm field lists the algorithm number of the DNSKEY RR
+ * referred to by the DS record.
+ *
+ * The algorithm number used by the DS RR is identical to the algorithm
+ * number used by RRSIG and DNSKEY RRs. Appendix A.1 lists the
+ * algorithm number types.
+ *
+ * 5.1.3. The Digest Type Field
+ *
+ * The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY
+ * RR. The Digest Type field identifies the algorithm used to construct
+ * the digest. Appendix A.2 lists the possible digest algorithm types.
+ *
+ * 5.1.4. The Digest Field
+ *
+ * The DS record refers to a DNSKEY RR by including a digest of that
+ * DNSKEY RR.
+ *
+ * The digest is calculated by concatenating the canonical form of the
+ * fully qualified owner name of the DNSKEY RR with the DNSKEY RDATA,
+ * and then applying the digest algorithm.
+ *
+ * digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
+ *
+ * "|" denotes concatenation
+ *
+ * DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key.
+ *
+ * The size of the digest may vary depending on the digest algorithm and
+ * DNSKEY RR size. As of the time of this writing, the only defined
+ * digest algorithm is SHA-1, which produces a 20 octet digest.
+ */
+static void
+ds(void **state) {
+ text_ok_t text_ok[] = {
+ /*
+ * Invalid, empty record.
+ */
+ TEXT_INVALID(""),
+ /*
+ * Invalid, no algorithm.
+ */
+ TEXT_INVALID("0"),
+ /*
+ * Invalid, no digest type.
+ */
+ TEXT_INVALID("0 0"),
+ /*
+ * Invalid, no digest.
+ */
+ TEXT_INVALID("0 0 0"),
+ /*
+ * Valid, 1-octet digest for a reserved digest type.
+ */
+ TEXT_VALID("0 0 0 00"),
+ /*
+ * Invalid, short SHA-1 digest.
+ */
+ TEXT_INVALID("0 0 1 00"),
+ TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B"),
+ /*
+ * Valid, 20-octet SHA-1 digest.
+ */
+ TEXT_VALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B6A"),
+ /*
+ * Invalid, excessively long SHA-1 digest.
+ */
+ TEXT_INVALID("0 0 1 4FDCE83016EDD29077621FE568F8DADDB5809B"
+ "6A00"),
+ /*
+ * Invalid, short SHA-256 digest.
+ */
+ TEXT_INVALID("0 0 2 00"),
+ TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186"
+ "9BD59C5F237D9BF85434C313"),
+ /*
+ * Valid, 32-octet SHA-256 digest.
+ */
+ TEXT_VALID_CHANGED("0 0 2 "
+ "D001BD422FFDA9B745425B71DC17D007E691869B"
+ "D59C5F237D9BF85434C3133F",
+ "0 0 2 "
+ "D001BD422FFDA9B745425B71DC17D007E691869B"
+ "D59C5F237D9BF854 34C3133F"),
+ /*
+ * Invalid, excessively long SHA-256 digest.
+ */
+ TEXT_INVALID("0 0 2 D001BD422FFDA9B745425B71DC17D007E69186"
+ "9BD59C5F237D9BF85434C3133F00"),
+ /*
+ * Valid, GOST is no longer supported, hence no length checks.
+ */
+ TEXT_VALID("0 0 3 00"),
+ /*
+ * Invalid, short SHA-384 digest.
+ */
+ TEXT_INVALID("0 0 4 00"),
+ TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152"
+ "BE12128D238BEBB4814B648F5A841E15CAA2DE348891"
+ "A37A699F65E5"),
+ /*
+ * Valid, 48-octet SHA-384 digest.
+ */
+ TEXT_VALID_CHANGED("0 0 4 "
+ "AC748D6C5AA652904A8763D64B7DFFFFA98152BE"
+ "12128D238BEBB4814B648F5A841E15CAA2DE348891A"
+ "37A"
+ "699F65E54D",
+ "0 0 4 "
+ "AC748D6C5AA652904A8763D64B7DFFFFA98152BE"
+ "12128D238BEBB481 "
+ "4B648F5A841E15CAA2DE348891A37A"
+ "699F65E54D"),
+ /*
+ * Invalid, excessively long SHA-384 digest.
+ */
+ TEXT_INVALID("0 0 4 AC748D6C5AA652904A8763D64B7DFFFFA98152"
+ "BE12128D238BEBB4814B648F5A841E15CAA2DE348891"
+ "A37A699F65E54D00"),
+ /*
+ * Valid, 1-octet digest for an unassigned digest type.
+ */
+ TEXT_VALID("0 0 5 00"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = {
+ /*
+ * Invalid, truncated key tag.
+ */
+ WIRE_INVALID(0x00),
+ /*
+ * Invalid, no algorithm.
+ */
+ WIRE_INVALID(0x00, 0x00),
+ /*
+ * Invalid, no digest type.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00),
+ /*
+ * Invalid, no digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
+ /*
+ * Valid, 1-octet digest for a reserved digest type.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Invalid, short SHA-1 digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30,
+ 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5,
+ 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B),
+ /*
+ * Valid, 20-octet SHA-1 digest.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30, 0x16,
+ 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5, 0x68, 0xF8,
+ 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A),
+ /*
+ * Invalid, excessively long SHA-1 digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x01, 0x4F, 0xDC, 0xE8, 0x30,
+ 0x16, 0xED, 0xD2, 0x90, 0x77, 0x62, 0x1F, 0xE5,
+ 0x68, 0xF8, 0xDA, 0xDD, 0xB5, 0x80, 0x9B, 0x6A,
+ 0x00),
+ /*
+ * Invalid, short SHA-256 digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42,
+ 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71,
+ 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B,
+ 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54,
+ 0x34, 0xC3, 0x13),
+ /*
+ * Valid, 32-octet SHA-256 digest.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42, 0x2F,
+ 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71, 0xDC, 0x17,
+ 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B, 0xD5, 0x9C, 0x5F,
+ 0x23, 0x7D, 0x9B, 0xF8, 0x54, 0x34, 0xC3, 0x13,
+ 0x3F),
+ /*
+ * Invalid, excessively long SHA-256 digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x02, 0xD0, 0x01, 0xBD, 0x42,
+ 0x2F, 0xFD, 0xA9, 0xB7, 0x45, 0x42, 0x5B, 0x71,
+ 0xDC, 0x17, 0xD0, 0x07, 0xE6, 0x91, 0x86, 0x9B,
+ 0xD5, 0x9C, 0x5F, 0x23, 0x7D, 0x9B, 0xF8, 0x54,
+ 0x34, 0xC3, 0x13, 0x3F, 0x00),
+ /*
+ * Valid, GOST is no longer supported, hence no length checks.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x03, 0x00),
+ /*
+ * Invalid, short SHA-384 digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C,
+ 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6,
+ 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE,
+ 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81,
+ 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA,
+ 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69,
+ 0x9F, 0x65, 0xE5),
+ /*
+ * Valid, 48-octet SHA-384 digest.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C, 0x5A,
+ 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6, 0x4B, 0x7D,
+ 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE, 0x12, 0x12, 0x8D,
+ 0x23, 0x8B, 0xEB, 0xB4, 0x81, 0x4B, 0x64, 0x8F, 0x5A,
+ 0x84, 0x1E, 0x15, 0xCA, 0xA2, 0xDE, 0x34, 0x88, 0x91,
+ 0xA3, 0x7A, 0x69, 0x9F, 0x65, 0xE5, 0x4D),
+ /*
+ * Invalid, excessively long SHA-384 digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x04, 0xAC, 0x74, 0x8D, 0x6C,
+ 0x5A, 0xA6, 0x52, 0x90, 0x4A, 0x87, 0x63, 0xD6,
+ 0x4B, 0x7D, 0xFF, 0xFF, 0xA9, 0x81, 0x52, 0xBE,
+ 0x12, 0x12, 0x8D, 0x23, 0x8B, 0xEB, 0xB4, 0x81,
+ 0x4B, 0x64, 0x8F, 0x5A, 0x84, 0x1E, 0x15, 0xCA,
+ 0xA2, 0xDE, 0x34, 0x88, 0x91, 0xA3, 0x7A, 0x69,
+ 0x9F, 0x65, 0xE5, 0x4D, 0x00),
+ WIRE_VALID(0x00, 0x00, 0x04, 0x00, 0x00),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_ds, sizeof(dns_rdata_ds_t));
+}
+
+/*
+ * EDNS Client Subnet tests.
+ *
+ * RFC 7871:
+ *
+ * 6. Option Format
+ *
+ * This protocol uses an EDNS0 [RFC6891] option to include client
+ * address information in DNS messages. The option is structured as
+ * follows:
+ *
+ * +0 (MSB) +1 (LSB)
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 0: | OPTION-CODE |
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 2: | OPTION-LENGTH |
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 4: | FAMILY |
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 6: | SOURCE PREFIX-LENGTH | SCOPE PREFIX-LENGTH |
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ * 8: | ADDRESS... /
+ * +---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+
+ *
+ * o (Defined in [RFC6891]) OPTION-CODE, 2 octets, for ECS is 8 (0x00
+ * 0x08).
+ *
+ * o (Defined in [RFC6891]) OPTION-LENGTH, 2 octets, contains the
+ * length of the payload (everything after OPTION-LENGTH) in octets.
+ *
+ * o FAMILY, 2 octets, indicates the family of the address contained in
+ * the option, using address family codes as assigned by IANA in
+ * Address Family Numbers [Address_Family_Numbers].
+ *
+ * The format of the address part depends on the value of FAMILY. This
+ * document only defines the format for FAMILY 1 (IPv4) and FAMILY 2
+ * (IPv6), which are as follows:
+ *
+ * o SOURCE PREFIX-LENGTH, an unsigned octet representing the leftmost
+ * number of significant bits of ADDRESS to be used for the lookup.
+ * In responses, it mirrors the same value as in the queries.
+ *
+ * o SCOPE PREFIX-LENGTH, an unsigned octet representing the leftmost
+ * number of significant bits of ADDRESS that the response covers.
+ * In queries, it MUST be set to 0.
+ *
+ * o ADDRESS, variable number of octets, contains either an IPv4 or
+ * IPv6 address, depending on FAMILY, which MUST be truncated to the
+ * number of bits indicated by the SOURCE PREFIX-LENGTH field,
+ * padding with 0 bits to pad to the end of the last octet needed.
+ *
+ * o A server receiving an ECS option that uses either too few or too
+ * many ADDRESS octets, or that has non-zero ADDRESS bits set beyond
+ * SOURCE PREFIX-LENGTH, SHOULD return FORMERR to reject the packet,
+ * as a signal to the software developer making the request to fix
+ * their implementation.
+ *
+ * All fields are in network byte order ("big-endian", per [RFC1700],
+ * Data Notation).
+ */
+static void
+edns_client_subnet(void **state) {
+ wire_ok_t wire_ok[] = {
+ /*
+ * Option code with no content.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 0x00),
+ /*
+ * Option code family 0, source 0, scope 0.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Option code family 1 (IPv4), source 0, scope 0.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x01, 0x00, 0x00),
+ /*
+ * Option code family 2 (IPv6) , source 0, scope 0.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 0x04, 0x00, 0x02, 0x00, 0x00),
+ /*
+ * Extra octet.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00,
+ 0x00),
+ /*
+ * Source too long for IPv4.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 33, 0x00, 0x00,
+ 0x00, 0x00, 0x00),
+ /*
+ * Source too long for IPv6.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 129, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Scope too long for IPv4.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 8, 0x00, 0x01, 0x00, 33, 0x00,
+ 0x00, 0x00, 0x00),
+ /*
+ * Scope too long for IPv6.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 20, 0x00, 0x02, 0x00, 129, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * When family=0, source and scope should be 0.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 4, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * When family=0, source and scope should be 0.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x01, 0x00, 0x00),
+ /*
+ * When family=0, source and scope should be 0.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 5, 0x00, 0x00, 0x00, 0x01, 0x00),
+ /*
+ * Length too short for source IPv4.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 7, 0x00, 0x01, 32, 0x00, 0x00,
+ 0x00, 0x00),
+ /*
+ * Length too short for source IPv6.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 19, 0x00, 0x02, 128, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(NULL, wire_ok, NULL, true, dns_rdataclass_in,
+ dns_rdatatype_opt, sizeof(dns_rdata_opt_t));
+}
+
+/*
+ * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt
+ *
+ * The RDATA portion of both the NIMLOC and EID records contains
+ * uninterpreted binary data. The representation in the text master file
+ * is an even number of hex characters (0 to 9, a to f), case is not
+ * significant. For readability, whitespace may be included in the value
+ * field and should be ignored when reading a master file.
+ */
+static void
+eid(void **state) {
+ text_ok_t text_ok[] = { TEXT_VALID("AABBCC"),
+ TEXT_VALID_CHANGED("AA bb cc", "AABBCC"),
+ TEXT_INVALID("aab"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL() };
+ wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL() };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_eid, sizeof(dns_rdata_in_eid_t));
+}
+
+/*
+ * test that an oversized HIP record will be rejected
+ */
+static void
+hip(void **state) {
+ text_ok_t text_ok[] = {
+ /* RFC 8005 examples. */
+ TEXT_VALID_LOOP(0, "2 200100107B1A74DF365639CC39F1D578 "
+ "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI"
+ "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW"
+ "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b"
+ "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx"
+ "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D"),
+ TEXT_VALID_LOOP(1, "2 200100107B1A74DF365639CC39F1D578 "
+ "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI"
+ "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW"
+ "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b"
+ "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx"
+ "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D "
+ "rvs1.example.com."),
+ TEXT_VALID_LOOP(2, "2 200100107B1A74DF365639CC39F1D578 "
+ "AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cI"
+ "vM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbW"
+ "Iy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+b"
+ "SRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWx"
+ "Z48AWkskmdHaVDP4BcelrTI3rMXdXF5D "
+ "rvs1.example.com. rvs2.example.com."),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ unsigned char hipwire[DNS_RDATA_MAXLENGTH] = { 0x01, 0x00, 0x00, 0x01,
+ 0x00, 0x00, 0x04, 0x41,
+ 0x42, 0x43, 0x44, 0x00 };
+ unsigned char buf[1024 * 1024];
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_result_t result;
+ size_t i;
+
+ UNUSED(state);
+
+ /*
+ * Fill the rest of input buffer with compression pointers.
+ */
+ for (i = 12; i < sizeof(hipwire) - 2; i += 2) {
+ hipwire[i] = 0xc0;
+ hipwire[i + 1] = 0x06;
+ }
+
+ result = wire_to_rdata(hipwire, sizeof(hipwire), dns_rdataclass_in,
+ dns_rdatatype_hip, buf, sizeof(buf), &rdata);
+ assert_int_equal(result, DNS_R_FORMERR);
+ check_text_ok(text_ok, dns_rdataclass_in, dns_rdatatype_hip,
+ sizeof(dns_rdata_hip_t));
+}
+
+/*
+ * ISDN tests.
+ *
+ * RFC 1183:
+ *
+ * 3.2. The ISDN RR
+ *
+ * The ISDN RR is defined with mnemonic ISDN and type code 20 (decimal).
+ *
+ * An ISDN (Integrated Service Digital Network) number is simply a
+ * telephone number. The intent of the members of the CCITT is to
+ * upgrade all telephone and data network service to a common service.
+ *
+ * The numbering plan (E.163/E.164) is the same as the familiar
+ * international plan for POTS (an un-official acronym, meaning Plain
+ * Old Telephone Service). In E.166, CCITT says "An E.163/E.164
+ * telephony subscriber may become an ISDN subscriber without a number
+ * change."
+ *
+ * ISDN has the following format:
+ *
+ * <owner> <ttl> <class> ISDN <ISDN-address> <sa>
+ *
+ * The <ISDN-address> field is required; <sa> is optional.
+ *
+ * <ISDN-address> identifies the ISDN number of <owner> and DDI (Direct
+ * Dial In) if any, as defined by E.164 [8] and E.163 [7], the ISDN and
+ * PSTN (Public Switched Telephone Network) numbering plan. E.163
+ * defines the country codes, and E.164 the form of the addresses. Its
+ * format in master files is a <character-string> syntactically
+ * identical to that used in TXT and HINFO.
+ *
+ * <sa> specifies the subaddress (SA). The format of <sa> in master
+ * files is a <character-string> syntactically identical to that used in
+ * TXT and HINFO.
+ *
+ * The format of ISDN is class insensitive. ISDN RRs cause no
+ * additional section processing.
+ *
+ * The <ISDN-address> is a string of characters, normally decimal
+ * digits, beginning with the E.163 country code and ending with the DDI
+ * if any. Note that ISDN, in Q.931, permits any IA5 character in the
+ * general case.
+ *
+ * The <sa> is a string of hexadecimal digits. For digits 0-9, the
+ * concrete encoding in the Q.931 call setup information element is
+ * identical to BCD.
+ *
+ * For example:
+ *
+ * Relay.Prime.COM. IN ISDN 150862028003217
+ * sh.Prime.COM. IN ISDN 150862028003217 004
+ *
+ * (Note: "1" is the country code for the North American Integrated
+ * Numbering Area, i.e., the system of "area codes" familiar to people
+ * in those countries.)
+ *
+ * The RR data is the ASCII representation of the digits. It is encoded
+ * as one or two <character-string>s, i.e., count followed by
+ * characters.
+ */
+static void
+isdn(void **state) {
+ wire_ok_t wire_ok[] = { /*
+ * "".
+ */
+ WIRE_VALID(0x00),
+ /*
+ * "\001".
+ */
+ WIRE_VALID(0x01, 0x01),
+ /*
+ * "\001" "".
+ */
+ WIRE_VALID(0x01, 0x01, 0x00),
+ /*
+ * "\001" "\001".
+ */
+ WIRE_VALID(0x01, 0x01, 0x01, 0x01),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_isdn, sizeof(dns_rdata_isdn_t));
+}
+
+/*
+ * KEY tests.
+ */
+static void
+key(void **state) {
+ wire_ok_t wire_ok[] = { /*
+ * RDATA is comprised of:
+ *
+ * - 2 octets for Flags,
+ * - 1 octet for Protocol,
+ * - 1 octet for Algorithm,
+ * - variable number of octets for Public Key.
+ *
+ * RFC 2535 section 3.1.2 states that if bits
+ * 0-1 of Flags are both set, the RR stops after
+ * the algorithm octet and thus its length must
+ * be 4 octets. In any other case, though, the
+ * Public Key part must not be empty.
+ */
+ WIRE_INVALID(0x00),
+ WIRE_INVALID(0x00, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00),
+ WIRE_VALID(0xc0, 0x00, 0x00, 0x00),
+ WIRE_INVALID(0xc0, 0x00, 0x00, 0x00, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(NULL, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_key, sizeof(dns_rdata_key_t));
+}
+
+/*
+ * LOC tests.
+ */
+static void
+loc(void **state) {
+ text_ok_t text_ok[] = {
+ TEXT_VALID_CHANGED("0 N 0 E 0", "0 0 0.000 N 0 0 0.000 E 0.00m "
+ "1m 10000m 10m"),
+ TEXT_VALID_CHANGED("0 S 0 W 0", "0 0 0.000 N 0 0 0.000 E 0.00m "
+ "1m 10000m 10m"),
+ TEXT_VALID_CHANGED("0 0 N 0 0 E 0", "0 0 0.000 N 0 0 0.000 E "
+ "0.00m 1m 10000m 10m"),
+ TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0",
+ "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m "
+ "10m"),
+ TEXT_VALID_CHANGED("0 0 0 N 0 0 0 E 0",
+ "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m "
+ "10m"),
+ TEXT_VALID_CHANGED("0 0 0. N 0 0 0. E 0",
+ "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m "
+ "10m"),
+ TEXT_VALID_CHANGED("0 0 .0 N 0 0 .0 E 0",
+ "0 0 0.000 N 0 0 0.000 E 0.00m 1m 10000m "
+ "10m"),
+ TEXT_INVALID("0 North 0 East 0"),
+ TEXT_INVALID("0 South 0 West 0"),
+ TEXT_INVALID("0 0 . N 0 0 0. E 0"),
+ TEXT_INVALID("0 0 0. N 0 0 . E 0"),
+ TEXT_INVALID("0 0 0. N 0 0 0. E m"),
+ TEXT_INVALID("0 0 0. N 0 0 0. E 0 ."),
+ TEXT_INVALID("0 0 0. N 0 0 0. E 0 m"),
+ TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 ."),
+ TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 m"),
+ TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 ."),
+ TEXT_INVALID("0 0 0. N 0 0 0. E 0 0 0 m"),
+ TEXT_VALID_CHANGED("90 N 180 E 0", "90 0 0.000 N 180 0 0.000 E "
+ "0.00m 1m 10000m 10m"),
+ TEXT_INVALID("90 1 N 180 E 0"),
+ TEXT_INVALID("90 0 1 N 180 E 0"),
+ TEXT_INVALID("90 N 180 1 E 0"),
+ TEXT_INVALID("90 N 180 0 1 E 0"),
+ TEXT_VALID_CHANGED("90 S 180 W 0", "90 0 0.000 S 180 0 0.000 W "
+ "0.00m 1m 10000m 10m"),
+ TEXT_INVALID("90 1 S 180 W 0"),
+ TEXT_INVALID("90 0 1 S 180 W 0"),
+ TEXT_INVALID("90 S 180 1 W 0"),
+ TEXT_INVALID("90 S 180 0 1 W 0"),
+ TEXT_INVALID("0 0 0.000 E 0 0 0.000 E -0.95m 1m 10000m 10m"),
+ TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.95m 1m 10000m 10m"),
+ TEXT_VALID("0 0 0.000 N 0 0 0.000 E -0.05m 1m 10000m 10m"),
+ TEXT_VALID("0 0 0.000 N 0 0 0.000 E -100000.00m 1m 10000m 10m"),
+ TEXT_VALID("0 0 0.000 N 0 0 0.000 E 42849672.95m 1m 10000m "
+ "10m"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, 0, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_loc, sizeof(dns_rdata_loc_t));
+}
+
+/*
+ * http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt
+ *
+ * The RDATA portion of both the NIMLOC and EID records contains
+ * uninterpreted binary data. The representation in the text master file
+ * is an even number of hex characters (0 to 9, a to f), case is not
+ * significant. For readability, whitespace may be included in the value
+ * field and should be ignored when reading a master file.
+ */
+static void
+nimloc(void **state) {
+ text_ok_t text_ok[] = { TEXT_VALID("AABBCC"),
+ TEXT_VALID_CHANGED("AA bb cc", "AABBCC"),
+ TEXT_INVALID("aab"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL() };
+ wire_ok_t wire_ok[] = { WIRE_VALID(0x00), WIRE_VALID(0xAA, 0xBB, 0xCC),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL() };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_nimloc, sizeof(dns_rdata_in_nimloc_t));
+}
+
+/*
+ * NSEC tests.
+ *
+ * RFC 4034:
+ *
+ * 4.1. NSEC RDATA Wire Format
+ *
+ * The RDATA of the NSEC RR is as shown below:
+ *
+ * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * / Next Domain Name /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * / Type Bit Maps /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * 4.1.1. The Next Domain Name Field
+ *
+ * The Next Domain field contains the next owner name (in the canonical
+ * ordering of the zone) that has authoritative data or contains a
+ * delegation point NS RRset; see Section 6.1 for an explanation of
+ * canonical ordering. The value of the Next Domain Name field in the
+ * last NSEC record in the zone is the name of the zone apex (the owner
+ * name of the zone's SOA RR). This indicates that the owner name of
+ * the NSEC RR is the last name in the canonical ordering of the zone.
+ *
+ * A sender MUST NOT use DNS name compression on the Next Domain Name
+ * field when transmitting an NSEC RR.
+ *
+ * Owner names of RRsets for which the given zone is not authoritative
+ * (such as glue records) MUST NOT be listed in the Next Domain Name
+ * unless at least one authoritative RRset exists at the same owner
+ * name.
+ *
+ * 4.1.2. The Type Bit Maps Field
+ *
+ * The Type Bit Maps field identifies the RRset types that exist at the
+ * NSEC RR's owner name.
+ *
+ * The RR type space is split into 256 window blocks, each representing
+ * the low-order 8 bits of the 16-bit RR type space. Each block that
+ * has at least one active RR type is encoded using a single octet
+ * window number (from 0 to 255), a single octet bitmap length (from 1
+ * to 32) indicating the number of octets used for the window block's
+ * bitmap, and up to 32 octets (256 bits) of bitmap.
+ *
+ * Blocks are present in the NSEC RR RDATA in increasing numerical
+ * order.
+ *
+ * Type Bit Maps Field = ( Window Block # | Bitmap Length | Bitmap )+
+ *
+ * where "|" denotes concatenation.
+ *
+ * Each bitmap encodes the low-order 8 bits of RR types within the
+ * window block, in network bit order. The first bit is bit 0. For
+ * window block 0, bit 1 corresponds to RR type 1 (A), bit 2 corresponds
+ * to RR type 2 (NS), and so forth. For window block 1, bit 1
+ * corresponds to RR type 257, and bit 2 to RR type 258. If a bit is
+ * set, it indicates that an RRset of that type is present for the NSEC
+ * RR's owner name. If a bit is clear, it indicates that no RRset of
+ * that type is present for the NSEC RR's owner name.
+ *
+ * Bits representing pseudo-types MUST be clear, as they do not appear
+ * in zone data. If encountered, they MUST be ignored upon being read.
+ */
+static void
+nsec(void **state) {
+ text_ok_t text_ok[] = { TEXT_INVALID(""), TEXT_INVALID("."),
+ TEXT_VALID(". RRSIG"), TEXT_SENTINEL() };
+ wire_ok_t wire_ok[] = { WIRE_INVALID(0x00), WIRE_INVALID(0x00, 0x00),
+ WIRE_INVALID(0x00, 0x00, 0x00),
+ WIRE_VALID(0x00, 0x00, 0x01, 0x02),
+ WIRE_SENTINEL() };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_nsec, sizeof(dns_rdata_nsec_t));
+}
+
+/*
+ * NSEC3 tests.
+ *
+ * RFC 5155.
+ */
+static void
+nsec3(void **state) {
+ text_ok_t text_ok[] = { TEXT_INVALID(""),
+ TEXT_INVALID("."),
+ TEXT_INVALID(". RRSIG"),
+ TEXT_INVALID("1 0 10 76931F"),
+ TEXT_INVALID("1 0 10 76931F "
+ "IMQ912BREQP1POLAH3RMONG&"
+ "UED541AS"),
+ TEXT_INVALID("1 0 10 76931F "
+ "IMQ912BREQP1POLAH3RMONGAUED541AS "
+ "A RRSIG BADTYPE"),
+ TEXT_VALID("1 0 10 76931F "
+ "AJHVGTICN6K0VDA53GCHFMT219SRRQLM A "
+ "RRSIG"),
+ TEXT_VALID("1 0 10 76931F "
+ "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"),
+ TEXT_VALID("1 0 10 - "
+ "AJHVGTICN6K0VDA53GCHFMT219SRRQLM"),
+ TEXT_SENTINEL() };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, NULL, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_nsec3, sizeof(dns_rdata_nsec3_t));
+}
+
+/* NXT RDATA manipulations */
+static void
+nxt(void **state) {
+ compare_ok_t compare_ok[] = {
+ COMPARE("a. A SIG", "a. A SIG", 0),
+ /*
+ * Records that differ only in the case of the next
+ * name should be equal.
+ */
+ COMPARE("A. A SIG", "a. A SIG", 0),
+ /*
+ * Sorting on name field.
+ */
+ COMPARE("A. A SIG", "b. A SIG", -1),
+ COMPARE("b. A SIG", "A. A SIG", 1),
+ /* bit map differs */
+ COMPARE("b. A SIG", "b. A AAAA SIG", -1),
+ /* order of bit map does not matter */
+ COMPARE("b. A SIG AAAA", "b. A AAAA SIG", 0), COMPARE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(NULL, NULL, compare_ok, false, dns_rdataclass_in,
+ dns_rdatatype_nxt, sizeof(dns_rdata_nxt_t));
+}
+
+static void
+rkey(void **state) {
+ text_ok_t text_ok[] = { /*
+ * Valid, flags set to 0 and a key is present.
+ */
+ TEXT_VALID("0 0 0 aaaa"),
+ /*
+ * Invalid, non-zero flags.
+ */
+ TEXT_INVALID("1 0 0 aaaa"),
+ TEXT_INVALID("65535 0 0 aaaa"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = { /*
+ * Valid, flags set to 0 and a key is present.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Invalid, non-zero flags.
+ */
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x00),
+ WIRE_INVALID(0xff, 0xff, 0x00, 0x00, 0x00),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+ key_required(state, dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t));
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_rkey, sizeof(dns_rdata_rkey_t));
+}
+
+/* SSHFP RDATA manipulations */
+static void
+sshfp(void **state) {
+ text_ok_t text_ok[] = { TEXT_INVALID(""), /* too short */
+ TEXT_INVALID("0"), /* reserved, too short */
+ TEXT_VALID("0 0"), /* no finger print */
+ TEXT_VALID("0 0 AA"), /* reserved */
+ TEXT_INVALID("0 1 AA"), /* too short SHA 1
+ * digest */
+ TEXT_INVALID("0 2 AA"), /* too short SHA 256
+ * digest */
+ TEXT_VALID("0 3 AA"), /* unknown finger print
+ * type */
+ /* good length SHA 1 digest */
+ TEXT_VALID("1 1 "
+ "00112233445566778899AABBCCDDEEFF171"
+ "81920"),
+ /* good length SHA 256 digest */
+ TEXT_VALID("4 2 "
+ "A87F1B687AC0E57D2A081A2F282672334D9"
+ "0ED316D2B818CA9580EA3 84D92401"),
+ /*
+ * totext splits the fingerprint into chunks and
+ * emits uppercase hex.
+ */
+ TEXT_VALID_CHANGED("1 2 "
+ "00112233445566778899aabbccd"
+ "deeff "
+ "00112233445566778899AABBCCD"
+ "DEEFF",
+ "1 2 "
+ "00112233445566778899AABBCCD"
+ "DEEFF"
+ "00112233445566778899AABB "
+ "CCDDEEFF"),
+ TEXT_SENTINEL() };
+ wire_ok_t wire_ok[] = {
+ WIRE_INVALID(0x00), /* reserved too short */
+ WIRE_VALID(0x00, 0x00), /* reserved no finger print */
+ WIRE_VALID(0x00, 0x00, 0x00), /* reserved */
+
+ /* too short SHA 1 digests */
+ WIRE_INVALID(0x00, 0x01), WIRE_INVALID(0x00, 0x01, 0x00),
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD,
+ 0xEE, 0xFF, 0x17, 0x18, 0x19),
+ /* good length SHA 1 digest */
+ WIRE_VALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
+ 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+ 0x17, 0x18, 0x19, 0x20),
+ /* too long SHA 1 digest */
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD,
+ 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21),
+ /* too short SHA 256 digests */
+ WIRE_INVALID(0x00, 0x02), WIRE_INVALID(0x00, 0x02, 0x00),
+ WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD,
+ 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22,
+ 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
+ 0x31),
+ /* good length SHA 256 digest */
+ WIRE_VALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66,
+ 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
+ 0x17, 0x18, 0x19, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
+ 0x26, 0x27, 0x28, 0x29, 0x30, 0x31, 0x32),
+ /* too long SHA 256 digest */
+ WIRE_INVALID(0x00, 0x02, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55,
+ 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD,
+ 0xEE, 0xFF, 0x17, 0x18, 0x19, 0x20, 0x21, 0x22,
+ 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x30,
+ 0x31, 0x32, 0x33),
+ /* unknown digest, * no fingerprint */
+ WIRE_VALID(0x00, 0x03), WIRE_VALID(0x00, 0x03, 0x00), /* unknown
+ * digest
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_sshfp, sizeof(dns_rdata_sshfp_t));
+}
+
+/*
+ * WKS tests.
+ *
+ * RFC 1035:
+ *
+ * 3.4.2. WKS RDATA format
+ *
+ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ * | ADDRESS |
+ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ * | PROTOCOL | |
+ * +--+--+--+--+--+--+--+--+ |
+ * | |
+ * / <BIT MAP> /
+ * / /
+ * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *
+ * where:
+ *
+ * ADDRESS An 32 bit Internet address
+ *
+ * PROTOCOL An 8 bit IP protocol number
+ *
+ * <BIT MAP> A variable length bit map. The bit map must be a
+ * multiple of 8 bits long.
+ *
+ * The WKS record is used to describe the well known services supported by
+ * a particular protocol on a particular internet address. The PROTOCOL
+ * field specifies an IP protocol number, and the bit map has one bit per
+ * port of the specified protocol. The first bit corresponds to port 0,
+ * the second to port 1, etc. If the bit map does not include a bit for a
+ * protocol of interest, that bit is assumed zero. The appropriate values
+ * and mnemonics for ports and protocols are specified in [RFC-1010].
+ *
+ * For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port
+ * 25 (SMTP). If this bit is set, a SMTP server should be listening on TCP
+ * port 25; if zero, SMTP service is not supported on the specified
+ * address.
+ */
+static void
+wks(void **state) {
+ text_ok_t text_ok[] = { /*
+ * Valid, IPv4 address in dotted-quad form.
+ */
+ TEXT_VALID("127.0.0.1 6"),
+ /*
+ * Invalid, IPv4 address not in dotted-quad
+ * form.
+ */
+ TEXT_INVALID("127.1 6"),
+ /*
+ * Sentinel.
+ */
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = { /*
+ * Too short.
+ */
+ WIRE_INVALID(0x00, 0x08, 0x00, 0x00),
+ /*
+ * Minimal TCP.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 0x00, 6),
+ /*
+ * Minimal UDP.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 0x00, 17),
+ /*
+ * Minimal other.
+ */
+ WIRE_VALID(0x00, 0x08, 0x00, 0x00, 1),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_wks, sizeof(dns_rdata_in_wks_t));
+}
+
+static void
+https_svcb(void **state) {
+ /*
+ * Known keys: mandatory, apln, no-default-alpn, port,
+ * ipv4hint, port, ipv6hint, dohpath.
+ */
+ text_ok_t text_ok[] = {
+ /* unknown key invalid */
+ TEXT_INVALID("1 . unknown="),
+ /* no domain */
+ TEXT_INVALID("0"),
+ /* minimal record */
+ TEXT_VALID_LOOP(0, "0 ."),
+ /* Alias form requires SvcFieldValue to be empty */
+ TEXT_INVALID("0 . alpn=\"h2\""),
+ /* no "key" prefix */
+ TEXT_INVALID("2 svc.example.net. 0=\"2222\""),
+ /* no key value */
+ TEXT_INVALID("2 svc.example.net. key"),
+ /* no key value */
+ TEXT_INVALID("2 svc.example.net. key=\"2222\""),
+ /* zero pad invalid */
+ TEXT_INVALID("2 svc.example.net. key07=\"2222\""),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""),
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key8=2222",
+ "2 svc.example.net. key8=\"2222\""),
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2",
+ "2 svc.example.net. alpn=\"h2\""),
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h3",
+ "2 svc.example.net. alpn=\"h3\""),
+ /* alpn has 2 sub field "h2" and "h3" */
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h2,h3",
+ "2 svc.example.net. alpn=\"h2,h3\""),
+ /* apln has 2 sub fields "h1,h2" and "h3" (comma escaped) */
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. alpn=h1\\\\,h2,h3",
+ "2 svc.example.net. alpn=\"h1\\\\,h2,h3\""),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. port=50"),
+ /* no-default-alpn, alpn is required */
+ TEXT_INVALID("2 svc.example.net. no-default-alpn"),
+ /* no-default-alpn with alpn present */
+ TEXT_VALID_LOOPCHG(
+ 2, "2 svc.example.net. no-default-alpn alpn=h2",
+ "2 svc.example.net. alpn=\"h2\" no-default-alpn"),
+ /* empty hint */
+ TEXT_INVALID("2 svc.example.net. ipv4hint="),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. "
+ "ipv4hint=10.50.0.1,10.50.0.2"),
+ /* empty hint */
+ TEXT_INVALID("2 svc.example.net. ipv6hint="),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. ipv6hint=::1,2002::1"),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. ech=abcdefghijkl"),
+ /* bad base64 */
+ TEXT_INVALID("2 svc.example.net. ech=abcdefghijklm"),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. key8=\"2222\""),
+ /* Out of key order on input (alpn == key1). */
+ TEXT_VALID_LOOPCHG(2,
+ "2 svc.example.net. key8=\"2222\" alpn=h2",
+ "2 svc.example.net. alpn=\"h2\" "
+ "key8=\"2222\""),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. key65535=\"2222\""),
+ TEXT_INVALID("2 svc.example.net. key65536=\"2222\""),
+ TEXT_VALID_LOOP(1, "2 svc.example.net. key10"),
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key11=",
+ "2 svc.example.net. key11"),
+ TEXT_VALID_LOOPCHG(1, "2 svc.example.net. key12=\"\"",
+ "2 svc.example.net. key12"),
+ /* empty alpn-id sub fields */
+ TEXT_INVALID("2 svc.example.net. alpn"),
+ TEXT_INVALID("2 svc.example.net. alpn="),
+ TEXT_INVALID("2 svc.example.net. alpn=,h1"),
+ TEXT_INVALID("2 svc.example.net. alpn=h1,"),
+ TEXT_INVALID("2 svc.example.net. alpn=h1,,h2"),
+ /* mandatory */
+ TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=alpn "
+ "alpn=\"h2\""),
+ TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=alpn,port "
+ "alpn=\"h2\" port=443"),
+ TEXT_VALID_LOOPCHG(3,
+ "2 svc.example.net. mandatory=port,alpn "
+ "alpn=\"h2\" port=443",
+ "2 svc.example.net. mandatory=alpn,port "
+ "alpn=\"h2\" port=443"),
+ TEXT_INVALID("2 svc.example.net. mandatory=mandatory"),
+ TEXT_INVALID("2 svc.example.net. mandatory=port"),
+ TEXT_INVALID("2 svc.example.net. mandatory=,port port=433"),
+ TEXT_INVALID("2 svc.example.net. mandatory=port, port=433"),
+ TEXT_INVALID("2 svc.example.net. "
+ "mandatory=alpn,,port alpn=h2 port=433"),
+ /* mandatory w/ unknown key values */
+ TEXT_VALID_LOOP(2, "2 svc.example.net. mandatory=key8 key8"),
+ TEXT_VALID_LOOP(3, "2 svc.example.net. mandatory=key8,key9 "
+ "key8 key9"),
+ TEXT_VALID_LOOPCHG(
+ 3, "2 svc.example.net. mandatory=key9,key8 key8 key9",
+ "2 svc.example.net. mandatory=key8,key9 key8 key9"),
+ TEXT_INVALID("2 svc.example.net. "
+ "mandatory=key8,key8"),
+ TEXT_INVALID("2 svc.example.net. mandatory=,key8"),
+ TEXT_INVALID("2 svc.example.net. mandatory=key8,"),
+ TEXT_INVALID("2 svc.example.net. "
+ "mandatory=key8,,key8"),
+ /* Invalid test vectors */
+ TEXT_INVALID("1 foo.example.com. ( key123=abc key123=def )"),
+ TEXT_INVALID("1 foo.example.com. mandatory"),
+ TEXT_INVALID("1 foo.example.com. alpn"),
+ TEXT_INVALID("1 foo.example.com. port"),
+ TEXT_INVALID("1 foo.example.com. ipv4hint"),
+ TEXT_INVALID("1 foo.example.com. ipv6hint"),
+ TEXT_INVALID("1 foo.example.com. no-default-alpn=abc"),
+ TEXT_INVALID("1 foo.example.com. mandatory=key123"),
+ TEXT_INVALID("1 foo.example.com. mandatory=mandatory"),
+ TEXT_INVALID("1 foo.example.com. ( mandatory=key123,key123 "
+ "key123=abc)"),
+ /* dohpath tests */
+ TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/{?dns}",
+ "1 example.net. key7=\"/{?dns}\""),
+ TEXT_VALID_LOOPCHG(1, "1 example.net. dohpath=/some/path{?dns}",
+ "1 example.net. key7=\"/some/path{?dns}\""),
+ TEXT_INVALID("1 example.com. dohpath=no-slash"),
+ TEXT_INVALID("1 example.com. dohpath=/{?notdns}"),
+ TEXT_INVALID("1 example.com. dohpath=/notvariable"),
+ TEXT_SENTINEL()
+
+ };
+ wire_ok_t wire_ok[] = {
+ /*
+ * Too short
+ */
+ WIRE_INVALID(0x00, 0x00),
+ /*
+ * Minimal length record.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00),
+ /*
+ * Alias with non-empty SvcFieldValue (key7="").
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00),
+ /*
+ * Bad key7= length (longer than rdata).
+ */
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x07, 0x00, 0x01),
+ /*
+ * Port (0x03) too small (zero and one octets).
+ */
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x00),
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x01, 0x00),
+ /* Valid port */
+ WIRE_VALID_LOOP(1, 0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x02,
+ 0x00, 0x00),
+ /*
+ * Port (0x03) too big (three octets).
+ */
+ WIRE_INVALID(0x00, 0x01, 0x00, 0x00, 0x03, 0x00, 0x03, 0x00,
+ 0x00, 0x00),
+ /*
+ * Duplicate keys.
+ */
+ WIRE_INVALID(0x01, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00,
+ 0x80, 0x00, 0x00),
+ /*
+ * Out of order keys.
+ */
+ WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x81, 0x00, 0x00, 0x00,
+ 0x80, 0x00, 0x00),
+ /*
+ * Empty of mandatory key list.
+ */
+ WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * "mandatory=mandatory" is invalid
+ */
+ WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00,
+ 0x00),
+ /*
+ * Out of order mandatory key list.
+ */
+ WIRE_INVALID(0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00,
+ 0x80, 0x00, 0x71, 0x00, 0x71, 0x00, 0x00, 0x00,
+ 0x80, 0x00, 0x00),
+ /*
+ * Alpn(0x00 0x01) (length 0x00 0x09) "h1,h2" + "h3"
+ */
+ WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09,
+ 5, 'h', '1', ',', 'h', '2', 2, 'h', '3'),
+ /*
+ * Alpn(0x00 0x01) (length 0x00 0x09) "h1\h2" + "h3"
+ */
+ WIRE_VALID_LOOP(0x01, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x09,
+ 5, 'h', '1', '\\', 'h', '2', 2, 'h', '3'),
+ /*
+ * no-default-alpn (0x00 0x02) without alpn, alpn is required.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00),
+ /*
+ * Alpn(0x00 0x01) with zero length elements is invalid
+ */
+ WIRE_INVALID(0x00, 0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x05,
+ 0x00, 0x00, 0x00, 0x00, 0x00),
+ WIRE_SENTINEL()
+ };
+ /* Test vectors from RFCXXXX */
+ textvsunknown_t textvsunknown[] = {
+ /* AliasForm */
+ { "0 foo.example.com", "\\# 19 ( 00 00 03 66 6f 6f 07 65 78 61 "
+ "6d 70 6c 65 03 63 6f 6d 00)" },
+ /* ServiceForm */
+ { "1 .", "\\# 3 ( 00 01 00)" },
+ /* Port example */
+ { "16 foo.example.com port=53",
+ "\\# 25 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f "
+ "6d 00 00 03 00 02 00 35 )" },
+ /* Unregistered keys with unquoted value. */
+ { "1 foo.example.com key667=hello",
+ "\\# 28 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f "
+ "6d 00 02 9b 00 05 68 65 6c 6c 6f )" },
+ /*
+ * Quoted decimal-escaped character.
+ * 1 foo.example.com key667="hello\210qoo"
+ */
+ { "1 foo.example.com key667=\"hello\\210qoo\"",
+ "\\# 32 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f "
+ "6d 00 02 9b 00 09 68 65 6c 6c 6f d2 71 6f 6f )" },
+ /*
+ * IPv6 hints example, quoted.
+ * 1 foo.example.com ipv6hint="2001:db8::1,2001:db8::53:1"
+ */
+ { "1 foo.example.com ipv6hint=\"2001:db8::1,2001:db8::53:1\"",
+ "\\# 55 ( 00 01 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 63 6f "
+ "6d 00 00 06 00 20 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 "
+ "00 01 20 01 0d b8 00 00 00 00 00 00 00 00 00 53 00 01 )" },
+ /* SvcParamValues and mandatory out of order. */
+ { "16 foo.example.org alpn=h2,h3-19 mandatory=ipv4hint,alpn "
+ "ipv4hint=192.0.2.1",
+ "\\# 48 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 "
+ "67 00 00 00 00 04 00 01 00 04 00 01 00 09 02 68 32 05 68 33 "
+ "2d 31 39 00 04 00 04 c0 00 02 01 )" },
+ /*
+ * Quoted ALPN with escaped comma and backslash.
+ * 16 foo.example.org alpn="f\\\\oo\\,bar,h2"
+ */
+ { "16 foo.example.org alpn=\"f\\\\\\\\oo\\\\,bar,h2\"",
+ "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 "
+ "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" },
+ /*
+ * Unquoted ALPN with escaped comma and backslash.
+ * 16 foo.example.org alpn=f\\\092oo\092,bar,h2
+ */
+ { "16 foo.example.org alpn=f\\\\\\092oo\\092,bar,h2",
+ "\\# 35 ( 00 10 03 66 6f 6f 07 65 78 61 6d 70 6c 65 03 6f 72 "
+ "67 00 00 01 00 0c 08 66 5c 6f 6f 2c 62 61 72 02 68 32 )" },
+ { NULL, NULL }
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_svcb, sizeof(dns_rdata_in_svcb_t));
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_https, sizeof(dns_rdata_in_https_t));
+
+ check_textvsunknown(textvsunknown, dns_rdataclass_in,
+ dns_rdatatype_svcb);
+ check_textvsunknown(textvsunknown, dns_rdataclass_in,
+ dns_rdatatype_https);
+}
+
+/*
+ * ZONEMD tests.
+ *
+ * Excerpted from RFC 8976:
+ *
+ * The ZONEMD RDATA wire format is encoded as follows:
+ *
+ * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
+ * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Serial |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ * | Scheme |Hash Algorithm | |
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
+ * | Digest |
+ * / /
+ * / /
+ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ *
+ * 2.2.1. The Serial Field
+ *
+ * The Serial field is a 32-bit unsigned integer in network byte order.
+ * It is the serial number from the zone's SOA record ([RFC1035],
+ * Section 3.3.13) for which the zone digest was generated.
+ *
+ * It is included here to clearly bind the ZONEMD RR to a particular
+ * version of the zone's content. Without the serial number, a stand-
+ * alone ZONEMD digest has no obvious association to any particular
+ * instance of a zone.
+ *
+ * 2.2.2. The Scheme Field
+ *
+ * The Scheme field is an 8-bit unsigned integer that identifies the
+ * methods by which data is collated and presented as input to the
+ * hashing function.
+ *
+ * Herein, SIMPLE, with Scheme value 1, is the only standardized Scheme
+ * defined for ZONEMD records and it MUST be supported by
+ * implementations. The "ZONEMD Schemes" registry is further described
+ * in Section 5.
+ *
+ * Scheme values 240-254 are allocated for Private Use.
+ *
+ * 2.2.3. The Hash Algorithm Field
+ *
+ * The Hash Algorithm field is an 8-bit unsigned integer that identifies
+ * the cryptographic hash algorithm used to construct the digest.
+ *
+ * Herein, SHA384 ([RFC6234]), with Hash Algorithm value 1, is the only
+ * standardized Hash Algorithm defined for ZONEMD records that MUST be
+ * supported by implementations. When SHA384 is used, the size of the
+ * Digest field is 48 octets. The result of the SHA384 digest algorithm
+ * MUST NOT be truncated, and the entire 48-octet digest is published in
+ * the ZONEMD record.
+ *
+ * SHA512 ([RFC6234]), with Hash Algorithm value 2, is also defined for
+ * ZONEMD records and SHOULD be supported by implementations. When
+ * SHA512 is used, the size of the Digest field is 64 octets. The
+ * result of the SHA512 digest algorithm MUST NOT be truncated, and the
+ * entire 64-octet digest is published in the ZONEMD record.
+ *
+ * Hash Algorithm values 240-254 are allocated for Private Use.
+ *
+ * The "ZONEMD Hash Algorithms" registry is further described in
+ * Section 5.
+ *
+ * 2.2.4. The Digest Field
+ *
+ * The Digest field is a variable-length sequence of octets containing
+ * the output of the hash algorithm. The length of the Digest field is
+ * determined by deducting the fixed size of the Serial, Scheme, and
+ * Hash Algorithm fields from the RDATA size in the ZONEMD RR header.
+ *
+ * The Digest field MUST NOT be shorter than 12 octets. Digests for the
+ * SHA384 and SHA512 hash algorithms specified herein are never
+ * truncated. Digests for future hash algorithms MAY be truncated but
+ * MUST NOT be truncated to a length that results in less than 96 bits
+ * (12 octets) of equivalent strength.
+ *
+ * Section 3 describes how to calculate the digest for a zone.
+ * Section 4 describes how to use the digest to verify the contents of a
+ * zone.
+ *
+ */
+
+static void
+zonemd(void **state) {
+ text_ok_t text_ok[] = {
+ TEXT_INVALID(""),
+ /* No digest scheme or digest type*/
+ TEXT_INVALID("0"),
+ /* No digest type */
+ TEXT_INVALID("0 0"),
+ /* No digest */
+ TEXT_INVALID("0 0 0"),
+ /* No digest */
+ TEXT_INVALID("99999999 0 0"),
+ /* No digest */
+ TEXT_INVALID("2019020700 0 0"),
+ /* Digest too short */
+ TEXT_INVALID("2019020700 1 1 DEADBEEF"),
+ /* Digest too short */
+ TEXT_INVALID("2019020700 1 2 DEADBEEF"),
+ /* Digest too short */
+ TEXT_INVALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBE"),
+ /* Digest type unknown */
+ TEXT_VALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBEEF"),
+ /* Digest type max */
+ TEXT_VALID("2019020700 1 255 DEADBEEFDEADBEEFDEADBEEF"),
+ /* Digest type too big */
+ TEXT_INVALID("2019020700 0 256 DEADBEEFDEADBEEFDEADBEEF"),
+ /* Scheme max */
+ TEXT_VALID("2019020700 255 3 DEADBEEFDEADBEEFDEADBEEF"),
+ /* Scheme too big */
+ TEXT_INVALID("2019020700 256 3 DEADBEEFDEADBEEFDEADBEEF"),
+ /* SHA384 */
+ TEXT_VALID("2019020700 1 1 "
+ "7162D2BB75C047A53DE98767C9192BEB"
+ "14DB01E7E2267135DAF0230A 19BA4A31"
+ "6AF6BF64AA5C7BAE24B2992850300509"),
+ /* SHA512 */
+ TEXT_VALID("2019020700 1 2 "
+ "08CFA1115C7B948C4163A901270395EA"
+ "226A930CD2CBCF2FA9A5E6EB 85F37C8A"
+ "4E114D884E66F176EAB121CB02DB7D65"
+ "2E0CC4827E7A3204 F166B47E5613FD27"),
+ /* SHA384 too short and with private scheme */
+ TEXT_INVALID("2021042801 0 1 "
+ "7162D2BB75C047A53DE98767C9192BEB"
+ "6AF6BF64AA5C7BAE24B2992850300509"),
+ /* SHA512 too short and with private scheme */
+ TEXT_INVALID("2021042802 5 2 "
+ "A897B40072ECAE9E4CA3F1F227DE8F5E"
+ "480CDEBB16DFC64C1C349A7B5F6C71AB"
+ "E8A88B76EF0BA1604EC25752E946BF98"),
+ TEXT_SENTINEL()
+ };
+ wire_ok_t wire_ok[] = {
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Short.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+ /*
+ * Short 11-octet digest.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00),
+ /*
+ * Minimal, 12-octet hash for an undefined digest type.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00),
+ /*
+ * SHA-384 is defined, so we insist there be a digest of
+ * the expected length.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00),
+ /*
+ * 48-octet digest, valid for SHA-384.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa,
+ 0xce),
+ /*
+ * 56-octet digest, too long for SHA-384.
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce),
+ /*
+ * 56-octet digest, too short for SHA-512
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad),
+ /*
+ * 64-octet digest, just right for SHA-512
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef),
+ /*
+ * 72-octet digest, too long for SHA-512
+ */
+ WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+ 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+ 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce),
+ /*
+ * 56-octet digest, valid for an undefined digest type.
+ */
+ WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+ 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+ 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce),
+ /*
+ * Sentinel.
+ */
+ WIRE_SENTINEL()
+ };
+
+ UNUSED(state);
+
+ check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
+ dns_rdatatype_zonemd, sizeof(dns_rdata_zonemd_t));
+}
+
+static void
+atcname(void **state) {
+ unsigned int i;
+ UNUSED(state);
+#define UNR "# Unexpected result from dns_rdatatype_atcname for type %u\n"
+ for (i = 0; i < 0xffffU; i++) {
+ bool tf = dns_rdatatype_atcname((dns_rdatatype_t)i);
+ switch (i) {
+ case dns_rdatatype_nsec:
+ case dns_rdatatype_key:
+ case dns_rdatatype_rrsig:
+ if (!tf) {
+ print_message(UNR, i);
+ }
+ assert_true(tf);
+ break;
+ default:
+ if (tf) {
+ print_message(UNR, i);
+ }
+ assert_false(tf);
+ break;
+ }
+ }
+#undef UNR
+}
+
+static void
+atparent(void **state) {
+ unsigned int i;
+ UNUSED(state);
+#define UNR "# Unexpected result from dns_rdatatype_atparent for type %u\n"
+ for (i = 0; i < 0xffffU; i++) {
+ bool tf = dns_rdatatype_atparent((dns_rdatatype_t)i);
+ switch (i) {
+ case dns_rdatatype_ds:
+ if (!tf) {
+ print_message(UNR, i);
+ }
+ assert_true(tf);
+ break;
+ default:
+ if (tf) {
+ print_message(UNR, i);
+ }
+ assert_false(tf);
+ break;
+ }
+ }
+#undef UNR
+}
+
+static void
+iszonecutauth(void **state) {
+ unsigned int i;
+ UNUSED(state);
+#define UNR "# Unexpected result from dns_rdatatype_iszonecutauth for type %u\n"
+ for (i = 0; i < 0xffffU; i++) {
+ bool tf = dns_rdatatype_iszonecutauth((dns_rdatatype_t)i);
+ switch (i) {
+ case dns_rdatatype_ns:
+ case dns_rdatatype_ds:
+ case dns_rdatatype_nsec:
+ case dns_rdatatype_key:
+ case dns_rdatatype_rrsig:
+ if (!tf) {
+ print_message(UNR, i);
+ }
+ assert_true(tf);
+ break;
+ default:
+ if (tf) {
+ print_message(UNR, i);
+ }
+ assert_false(tf);
+ break;
+ }
+ }
+#undef UNR
+}
+
+int
+main(int argc, char **argv) {
+ const struct CMUnitTest tests[] = {
+ /* types */
+ cmocka_unit_test_setup_teardown(amtrelay, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(apl, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(atma, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(cdnskey, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(csync, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(dnskey, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(doa, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(ds, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(eid, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(hip, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(https_svcb, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(isdn, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(key, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(loc, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(nimloc, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(nsec, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(nsec3, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(nxt, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(rkey, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(sshfp, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(wks, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(zonemd, _setup, _teardown),
+ /* other tests */
+ cmocka_unit_test_setup_teardown(edns_client_subnet, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(atcname, NULL, NULL),
+ cmocka_unit_test_setup_teardown(atparent, NULL, NULL),
+ cmocka_unit_test_setup_teardown(iszonecutauth, NULL, NULL),
+ };
+ struct CMUnitTest selected[sizeof(tests) / sizeof(tests[0])];
+ size_t i;
+ int c;
+
+ memset(selected, 0, sizeof(selected));
+
+ while ((c = isc_commandline_parse(argc, argv, "dlt:")) != -1) {
+ switch (c) {
+ case 'd':
+ debug = true;
+ break;
+ case 'l':
+ for (i = 0; i < (sizeof(tests) / sizeof(tests[0])); i++)
+ {
+ if (tests[i].name != NULL) {
+ fprintf(stdout, "%s\n", tests[i].name);
+ }
+ }
+ return (0);
+ case 't':
+ if (!cmocka_add_test_byname(
+ tests, isc_commandline_argument, selected))
+ {
+ fprintf(stderr, "unknown test '%s'\n",
+ isc_commandline_argument);
+ exit(1);
+ }
+ break;
+ default:
+ break;
+ }
+ }
+
+ if (selected[0].name != NULL) {
+ return (cmocka_run_group_tests(selected, NULL, NULL));
+ } else {
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+ }
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rdataset_test.c b/lib/dns/tests/rdataset_test.c
new file mode 100644
index 0000000..ebdd128
--- /dev/null
+++ b/lib/dns/tests/rdataset_test.c
@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/util.h>
+
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* test trimming of rdataset TTLs */
+static void
+trimttl(void **state) {
+ dns_rdataset_t rdataset, sigrdataset;
+ dns_rdata_rrsig_t rrsig;
+ isc_stdtime_t ttltimenow, ttltimeexpire;
+
+ ttltimenow = 10000000;
+ ttltimeexpire = ttltimenow + 800;
+
+ UNUSED(state);
+
+ dns_rdataset_init(&rdataset);
+ dns_rdataset_init(&sigrdataset);
+
+ rdataset.ttl = 900;
+ sigrdataset.ttl = 1000;
+ rrsig.timeexpire = ttltimeexpire;
+ rrsig.originalttl = 1000;
+
+ dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true);
+ assert_int_equal(rdataset.ttl, 800);
+ assert_int_equal(sigrdataset.ttl, 800);
+
+ rdataset.ttl = 900;
+ sigrdataset.ttl = 1000;
+ rrsig.timeexpire = ttltimenow - 200;
+ rrsig.originalttl = 1000;
+
+ dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true);
+ assert_int_equal(rdataset.ttl, 120);
+ assert_int_equal(sigrdataset.ttl, 120);
+
+ rdataset.ttl = 900;
+ sigrdataset.ttl = 1000;
+ rrsig.timeexpire = ttltimenow - 200;
+ rrsig.originalttl = 1000;
+
+ dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow,
+ false);
+ assert_int_equal(rdataset.ttl, 0);
+ assert_int_equal(sigrdataset.ttl, 0);
+
+ sigrdataset.ttl = 900;
+ rdataset.ttl = 1000;
+ rrsig.timeexpire = ttltimeexpire;
+ rrsig.originalttl = 1000;
+
+ dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true);
+ assert_int_equal(rdataset.ttl, 800);
+ assert_int_equal(sigrdataset.ttl, 800);
+
+ sigrdataset.ttl = 900;
+ rdataset.ttl = 1000;
+ rrsig.timeexpire = ttltimenow - 200;
+ rrsig.originalttl = 1000;
+
+ dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow, true);
+ assert_int_equal(rdataset.ttl, 120);
+ assert_int_equal(sigrdataset.ttl, 120);
+
+ sigrdataset.ttl = 900;
+ rdataset.ttl = 1000;
+ rrsig.timeexpire = ttltimenow - 200;
+ rrsig.originalttl = 1000;
+
+ dns_rdataset_trimttl(&rdataset, &sigrdataset, &rrsig, ttltimenow,
+ false);
+ assert_int_equal(rdataset.ttl, 0);
+ assert_int_equal(sigrdataset.ttl, 0);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(trimttl, _setup, _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rdatasetstats_test.c b/lib/dns/tests/rdatasetstats_test.c
new file mode 100644
index 0000000..20b333d
--- /dev/null
+++ b/lib/dns/tests/rdatasetstats_test.c
@@ -0,0 +1,312 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/print.h>
+#include <isc/util.h>
+
+#include <dns/stats.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static void
+set_typestats(dns_stats_t *stats, dns_rdatatype_t type) {
+ dns_rdatastatstype_t which;
+ unsigned int attributes;
+
+ attributes = 0;
+ which = DNS_RDATASTATSTYPE_VALUE(type, attributes);
+ dns_rdatasetstats_increment(stats, which);
+
+ attributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET;
+ which = DNS_RDATASTATSTYPE_VALUE(type, attributes);
+ dns_rdatasetstats_increment(stats, which);
+}
+
+static void
+set_nxdomainstats(dns_stats_t *stats) {
+ dns_rdatastatstype_t which;
+ unsigned int attributes;
+
+ attributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN;
+ which = DNS_RDATASTATSTYPE_VALUE(0, attributes);
+ dns_rdatasetstats_increment(stats, which);
+}
+
+static void
+mark_stale(dns_stats_t *stats, dns_rdatatype_t type, int from, int to) {
+ dns_rdatastatstype_t which;
+ unsigned int attributes;
+
+ attributes = from;
+ which = DNS_RDATASTATSTYPE_VALUE(type, attributes);
+ dns_rdatasetstats_decrement(stats, which);
+
+ attributes |= to;
+ which = DNS_RDATASTATSTYPE_VALUE(type, attributes);
+ dns_rdatasetstats_increment(stats, which);
+
+ attributes = DNS_RDATASTATSTYPE_ATTR_NXRRSET | from;
+ which = DNS_RDATASTATSTYPE_VALUE(type, attributes);
+ dns_rdatasetstats_decrement(stats, which);
+
+ attributes |= to;
+ which = DNS_RDATASTATSTYPE_VALUE(type, attributes);
+ dns_rdatasetstats_increment(stats, which);
+}
+
+static void
+mark_nxdomain_stale(dns_stats_t *stats, int from, int to) {
+ dns_rdatastatstype_t which;
+ unsigned int attributes;
+
+ attributes = DNS_RDATASTATSTYPE_ATTR_NXDOMAIN | from;
+ which = DNS_RDATASTATSTYPE_VALUE(0, attributes);
+ dns_rdatasetstats_decrement(stats, which);
+
+ attributes |= to;
+ which = DNS_RDATASTATSTYPE_VALUE(0, attributes);
+ dns_rdatasetstats_increment(stats, which);
+}
+
+#define ATTRIBUTE_SET(y) ((attributes & (y)) != 0)
+static void
+verify_active_counters(dns_rdatastatstype_t which, uint64_t value, void *arg) {
+ unsigned int attributes;
+#if debug
+ unsigned int type;
+#endif /* if debug */
+
+ UNUSED(which);
+ UNUSED(arg);
+
+ attributes = DNS_RDATASTATSTYPE_ATTR(which);
+#if debug
+ type = DNS_RDATASTATSTYPE_BASE(which);
+
+ fprintf(stderr, "%s%s%s%s%s/%u, %u\n",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) ? "O" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXRRSET) ? "!" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_ANCIENT) ? "~" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_STALE) ? "#" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) ? "X" : " ",
+ type, (unsigned)value);
+#endif /* if debug */
+ if ((attributes & DNS_RDATASTATSTYPE_ATTR_ANCIENT) == 0 &&
+ (attributes & DNS_RDATASTATSTYPE_ATTR_STALE) == 0)
+ {
+ assert_int_equal(value, 1);
+ } else {
+ assert_int_equal(value, 0);
+ }
+}
+
+static void
+verify_stale_counters(dns_rdatastatstype_t which, uint64_t value, void *arg) {
+ unsigned int attributes;
+#if debug
+ unsigned int type;
+#endif /* if debug */
+
+ UNUSED(which);
+ UNUSED(arg);
+
+ attributes = DNS_RDATASTATSTYPE_ATTR(which);
+#if debug
+ type = DNS_RDATASTATSTYPE_BASE(which);
+
+ fprintf(stderr, "%s%s%s%s%s/%u, %u\n",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) ? "O" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXRRSET) ? "!" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_ANCIENT) ? "~" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_STALE) ? "#" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) ? "X" : " ",
+ type, (unsigned)value);
+#endif /* if debug */
+ if ((attributes & DNS_RDATASTATSTYPE_ATTR_STALE) != 0) {
+ assert_int_equal(value, 1);
+ } else {
+ assert_int_equal(value, 0);
+ }
+}
+
+static void
+verify_ancient_counters(dns_rdatastatstype_t which, uint64_t value, void *arg) {
+ unsigned int attributes;
+#if debug
+ unsigned int type;
+#endif /* if debug */
+
+ UNUSED(which);
+ UNUSED(arg);
+
+ attributes = DNS_RDATASTATSTYPE_ATTR(which);
+#if debug
+ type = DNS_RDATASTATSTYPE_BASE(which);
+
+ fprintf(stderr, "%s%s%s%s%s/%u, %u\n",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_OTHERTYPE) ? "O" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXRRSET) ? "!" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_ANCIENT) ? "~" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_STALE) ? "#" : " ",
+ ATTRIBUTE_SET(DNS_RDATASTATSTYPE_ATTR_NXDOMAIN) ? "X" : " ",
+ type, (unsigned)value);
+#endif /* if debug */
+ if ((attributes & DNS_RDATASTATSTYPE_ATTR_ANCIENT) != 0) {
+ assert_int_equal(value, 1);
+ } else {
+ assert_int_equal(value, 0);
+ }
+}
+/*
+ * Individual unit tests
+ */
+
+/*
+ * Test that rdatasetstats counters are properly set when moving from
+ * active -> stale -> ancient.
+ */
+static void
+rdatasetstats(void **state, bool servestale) {
+ unsigned int i;
+ unsigned int from = 0;
+ dns_stats_t *stats = NULL;
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_rdatasetstats_create(dt_mctx, &stats);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* First 255 types. */
+ for (i = 1; i <= 255; i++) {
+ set_typestats(stats, (dns_rdatatype_t)i);
+ }
+ /* Specials */
+ set_typestats(stats, (dns_rdatatype_t)1000);
+ set_nxdomainstats(stats);
+
+ /* Check that all active counters are set to appropriately. */
+ dns_rdatasetstats_dump(stats, verify_active_counters, NULL, 1);
+
+ if (servestale) {
+ /* Mark stale */
+ for (i = 1; i <= 255; i++) {
+ mark_stale(stats, (dns_rdatatype_t)i, 0,
+ DNS_RDATASTATSTYPE_ATTR_STALE);
+ }
+ mark_stale(stats, (dns_rdatatype_t)1000, 0,
+ DNS_RDATASTATSTYPE_ATTR_STALE);
+ mark_nxdomain_stale(stats, 0, DNS_RDATASTATSTYPE_ATTR_STALE);
+
+ /* Check that all counters are set to appropriately. */
+ dns_rdatasetstats_dump(stats, verify_stale_counters, NULL, 1);
+
+ /* Set correct staleness state */
+ from = DNS_RDATASTATSTYPE_ATTR_STALE;
+ }
+
+ /* Mark ancient */
+ for (i = 1; i <= 255; i++) {
+ mark_stale(stats, (dns_rdatatype_t)i, from,
+ DNS_RDATASTATSTYPE_ATTR_ANCIENT);
+ }
+ mark_stale(stats, (dns_rdatatype_t)1000, from,
+ DNS_RDATASTATSTYPE_ATTR_ANCIENT);
+ mark_nxdomain_stale(stats, from, DNS_RDATASTATSTYPE_ATTR_ANCIENT);
+
+ /*
+ * Check that all counters are set to appropriately.
+ */
+ dns_rdatasetstats_dump(stats, verify_ancient_counters, NULL, 1);
+
+ dns_stats_detach(&stats);
+}
+
+/*
+ * Test that rdatasetstats counters are properly set when moving from
+ * active -> stale -> ancient.
+ */
+static void
+test_rdatasetstats_active_stale_ancient(void **state) {
+ rdatasetstats(state, true);
+}
+
+/*
+ * Test that rdatasetstats counters are properly set when moving from
+ * active -> ancient.
+ */
+static void
+test_rdatasetstats_active_ancient(void **state) {
+ rdatasetstats(state, false);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(
+ test_rdatasetstats_active_stale_ancient, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(
+ test_rdatasetstats_active_ancient, _setup, _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/resolver_test.c b/lib/dns/tests/resolver_test.c
new file mode 100644
index 0000000..ed89d01
--- /dev/null
+++ b/lib/dns/tests/resolver_test.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/app.h>
+#include <isc/buffer.h>
+#include <isc/print.h>
+#include <isc/socket.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/dispatch.h>
+#include <dns/name.h>
+#include <dns/resolver.h>
+#include <dns/view.h>
+
+#include "dnstest.h"
+
+static dns_dispatchmgr_t *dispatchmgr = NULL;
+static dns_dispatch_t *dispatch = NULL;
+static dns_view_t *view = NULL;
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+ isc_sockaddr_t local;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_dispatchmgr_create(dt_mctx, &dispatchmgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_test_makeview("view", &view);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_sockaddr_any(&local);
+ result = dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, &local,
+ 4096, 100, 100, 100, 500, 0, 0, &dispatch);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_dispatch_detach(&dispatch);
+ dns_view_detach(&view);
+ dns_dispatchmgr_destroy(&dispatchmgr);
+ dns_test_end();
+
+ return (0);
+}
+
+static void
+mkres(dns_resolver_t **resolverp) {
+ isc_result_t result;
+
+ result = dns_resolver_create(view, taskmgr, 1, 1, socketmgr, timermgr,
+ 0, dispatchmgr, dispatch, NULL, resolverp);
+ assert_int_equal(result, ISC_R_SUCCESS);
+}
+
+static void
+destroy_resolver(dns_resolver_t **resolverp) {
+ dns_resolver_shutdown(*resolverp);
+ dns_resolver_detach(resolverp);
+}
+
+/* dns_resolver_create */
+static void
+create_test(void **state) {
+ dns_resolver_t *resolver = NULL;
+
+ UNUSED(state);
+
+ mkres(&resolver);
+ destroy_resolver(&resolver);
+}
+
+/* dns_resolver_gettimeout */
+static void
+gettimeout_test(void **state) {
+ dns_resolver_t *resolver = NULL;
+ unsigned int timeout;
+
+ UNUSED(state);
+
+ mkres(&resolver);
+
+ timeout = dns_resolver_gettimeout(resolver);
+ assert_true(timeout > 0);
+
+ destroy_resolver(&resolver);
+}
+
+/* dns_resolver_settimeout */
+static void
+settimeout_test(void **state) {
+ dns_resolver_t *resolver = NULL;
+ unsigned int default_timeout, timeout;
+
+ UNUSED(state);
+
+ mkres(&resolver);
+
+ default_timeout = dns_resolver_gettimeout(resolver);
+ dns_resolver_settimeout(resolver, default_timeout + 1);
+ timeout = dns_resolver_gettimeout(resolver);
+ assert_true(timeout == default_timeout + 1);
+
+ destroy_resolver(&resolver);
+}
+
+/* dns_resolver_settimeout */
+static void
+settimeout_default_test(void **state) {
+ dns_resolver_t *resolver = NULL;
+ unsigned int default_timeout, timeout;
+
+ UNUSED(state);
+
+ mkres(&resolver);
+
+ default_timeout = dns_resolver_gettimeout(resolver);
+ dns_resolver_settimeout(resolver, default_timeout + 100);
+
+ timeout = dns_resolver_gettimeout(resolver);
+ assert_int_equal(timeout, default_timeout + 100);
+
+ dns_resolver_settimeout(resolver, 0);
+ timeout = dns_resolver_gettimeout(resolver);
+ assert_int_equal(timeout, default_timeout);
+
+ destroy_resolver(&resolver);
+}
+
+/* dns_resolver_settimeout below minimum */
+static void
+settimeout_belowmin_test(void **state) {
+ dns_resolver_t *resolver = NULL;
+ unsigned int default_timeout, timeout;
+
+ UNUSED(state);
+
+ mkres(&resolver);
+
+ default_timeout = dns_resolver_gettimeout(resolver);
+ dns_resolver_settimeout(resolver, 9000);
+
+ timeout = dns_resolver_gettimeout(resolver);
+ assert_int_equal(timeout, default_timeout);
+
+ destroy_resolver(&resolver);
+}
+
+/* dns_resolver_settimeout over maximum */
+static void
+settimeout_overmax_test(void **state) {
+ dns_resolver_t *resolver = NULL;
+ unsigned int timeout;
+
+ UNUSED(state);
+
+ mkres(&resolver);
+
+ dns_resolver_settimeout(resolver, 4000000);
+ timeout = dns_resolver_gettimeout(resolver);
+ assert_in_range(timeout, 0, 3999999);
+ destroy_resolver(&resolver);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(create_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(gettimeout_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(settimeout_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(settimeout_default_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(settimeout_belowmin_test,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(settimeout_overmax_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/result_test.c b/lib/dns/tests/result_test.c
new file mode 100644
index 0000000..3a05c71
--- /dev/null
+++ b/lib/dns/tests/result_test.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/result.h>
+#include <isc/util.h>
+
+#include <dns/lib.h>
+#include <dns/result.h>
+
+#include <dst/result.h>
+
+/*
+ * Check ids array is populated.
+ */
+static void
+ids(void **state) {
+ const char *str;
+ isc_result_t result;
+
+ UNUSED(state);
+
+ dns_result_register();
+ dst_result_register();
+
+ for (result = ISC_RESULTCLASS_DNS;
+ result < (ISC_RESULTCLASS_DNS + DNS_R_NRESULTS); result++)
+ {
+ str = isc_result_toid(result);
+ assert_non_null(str);
+ assert_string_not_equal(str, "(result code text not "
+ "available)");
+
+ str = isc_result_totext(result);
+ assert_non_null(str);
+ assert_string_not_equal(str, "(result code text not "
+ "available)");
+ }
+
+ str = isc_result_toid(result);
+ assert_non_null(str);
+ assert_string_equal(str, "(result code text not available)");
+
+ str = isc_result_totext(result);
+ assert_non_null(str);
+ assert_string_equal(str, "(result code text not available)");
+
+ for (result = ISC_RESULTCLASS_DST;
+ result < (ISC_RESULTCLASS_DST + DST_R_NRESULTS); result++)
+ {
+ str = isc_result_toid(result);
+ assert_non_null(str);
+ assert_string_not_equal(str, "(result code text not "
+ "available)");
+
+ str = isc_result_totext(result);
+ assert_non_null(str);
+ assert_string_not_equal(str, "(result code text not "
+ "available)");
+ }
+
+ str = isc_result_toid(result);
+ assert_non_null(str);
+ assert_string_equal(str, "(result code text not available)");
+
+ str = isc_result_totext(result);
+ assert_non_null(str);
+ assert_string_equal(str, "(result code text not available)");
+
+ for (result = ISC_RESULTCLASS_DNSRCODE;
+ result < (ISC_RESULTCLASS_DNSRCODE + DNS_R_NRCODERESULTS);
+ result++)
+ {
+ str = isc_result_toid(result);
+ assert_non_null(str);
+ assert_string_not_equal(str, "(result code text not "
+ "available)");
+
+ str = isc_result_totext(result);
+ assert_non_null(str);
+ assert_string_not_equal(str, "(result code text not "
+ "available)");
+ }
+
+ str = isc_result_toid(result);
+ assert_non_null(str);
+ assert_string_equal(str, "(result code text not available)");
+
+ str = isc_result_totext(result);
+ assert_non_null(str);
+ assert_string_equal(str, "(result code text not available)");
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(ids),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/rsa_test.c b/lib/dns/tests/rsa_test.c
new file mode 100644
index 0000000..7d8897b
--- /dev/null
+++ b/lib/dns/tests/rsa_test.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/print.h>
+#include <isc/util.h>
+
+#include <pk11/site.h>
+
+#include "../dst_internal.h"
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static unsigned char d[10] = { 0xa, 0x10, 0xbb, 0, 0xfe,
+ 0x15, 0x1, 0x88, 0xcc, 0x7d };
+
+static unsigned char sigsha1[256] = {
+ 0x45, 0x55, 0xd6, 0xf8, 0x05, 0xd2, 0x2e, 0x79, 0x14, 0x2b, 0x1b, 0xd1,
+ 0x4b, 0xb7, 0xcd, 0xc0, 0xa2, 0xf3, 0x85, 0x32, 0x1f, 0xa3, 0xfd, 0x1f,
+ 0x30, 0xe0, 0xde, 0xb2, 0x6f, 0x3c, 0x8e, 0x2b, 0x82, 0x92, 0xcd, 0x1c,
+ 0x1b, 0xdf, 0xe6, 0xd5, 0x4d, 0x93, 0xe6, 0xaa, 0x40, 0x28, 0x1b, 0x7b,
+ 0x2e, 0x40, 0x4d, 0xb5, 0x4d, 0x43, 0xe8, 0xfc, 0x93, 0x86, 0x68, 0xe3,
+ 0xbf, 0x73, 0x9a, 0x1e, 0x6b, 0x5d, 0x52, 0xb8, 0x98, 0x1c, 0x94, 0xe1,
+ 0x85, 0x8b, 0xee, 0xb1, 0x4f, 0x22, 0x71, 0xcb, 0xfd, 0xb2, 0xa8, 0x88,
+ 0x64, 0xb4, 0xb1, 0x4a, 0xa1, 0x7a, 0xce, 0x52, 0x83, 0xd8, 0xf2, 0x9e,
+ 0x67, 0x4c, 0xc3, 0x37, 0x74, 0xfe, 0xe0, 0x25, 0x2a, 0xfd, 0xa3, 0x09,
+ 0xff, 0x8a, 0x92, 0x0d, 0xa9, 0xb3, 0x90, 0x23, 0xbe, 0x6a, 0x2c, 0x9e,
+ 0x5c, 0x6d, 0xb4, 0xa7, 0xd7, 0x97, 0xdd, 0xc6, 0xb8, 0xae, 0xd4, 0x88,
+ 0x64, 0x63, 0x1e, 0x85, 0x20, 0x09, 0xea, 0xc4, 0x0b, 0xca, 0xbf, 0x83,
+ 0x5c, 0x89, 0xae, 0x64, 0x15, 0x76, 0x06, 0x51, 0xb6, 0xa1, 0x99, 0xb2,
+ 0x3c, 0x50, 0x99, 0x86, 0x7d, 0xc7, 0xca, 0x4e, 0x1d, 0x2c, 0x17, 0xbb,
+ 0x6c, 0x7a, 0xc9, 0x3f, 0x5e, 0x28, 0x57, 0x2c, 0xda, 0x01, 0x1d, 0xe8,
+ 0x01, 0xf8, 0xf6, 0x37, 0xe1, 0x34, 0x56, 0xae, 0x6e, 0xb1, 0xd4, 0xa2,
+ 0xc4, 0x02, 0xc1, 0xca, 0x96, 0xb0, 0x06, 0x72, 0x2a, 0x27, 0xaa, 0xc8,
+ 0xd5, 0x50, 0x81, 0x49, 0x46, 0x33, 0xf8, 0xf7, 0x6b, 0xf4, 0x9c, 0x30,
+ 0x90, 0x50, 0xf6, 0x16, 0x76, 0x9d, 0xc6, 0x73, 0xb5, 0xbc, 0x8a, 0xb6,
+ 0x1d, 0x98, 0xcb, 0xce, 0x36, 0x6f, 0x60, 0xec, 0x96, 0x49, 0x08, 0x85,
+ 0x5b, 0xc1, 0x8e, 0xb0, 0xea, 0x9e, 0x1f, 0xd6, 0x27, 0x7f, 0xb6, 0xe0,
+ 0x04, 0x12, 0xd2, 0x81
+};
+
+static unsigned char sigsha256[256] = {
+ 0x83, 0x53, 0x15, 0xfc, 0xca, 0xdb, 0xf6, 0x0d, 0x53, 0x24, 0x5b, 0x5a,
+ 0x8e, 0xd0, 0xbe, 0x5e, 0xbc, 0xe8, 0x9e, 0x92, 0x3c, 0xfa, 0x93, 0x03,
+ 0xce, 0x2f, 0xc7, 0x6d, 0xd0, 0xbb, 0x9d, 0x06, 0x83, 0xc6, 0xd3, 0xc0,
+ 0xc1, 0x57, 0x9c, 0x82, 0x17, 0x7f, 0xb5, 0xf8, 0x31, 0x18, 0xda, 0x46,
+ 0x05, 0x2c, 0xf8, 0xea, 0xaa, 0xcd, 0x99, 0x18, 0xff, 0x23, 0x5e, 0xef,
+ 0xf0, 0x87, 0x47, 0x6e, 0x91, 0xfd, 0x19, 0x0b, 0x39, 0x19, 0x6a, 0xc8,
+ 0xdf, 0x71, 0x66, 0x8e, 0xa9, 0xa0, 0x79, 0x5c, 0x2c, 0x52, 0x00, 0x61,
+ 0x17, 0x86, 0x66, 0x03, 0x52, 0xad, 0xec, 0x06, 0x53, 0xd9, 0x6d, 0xe3,
+ 0xe3, 0xea, 0x28, 0x15, 0xb3, 0x75, 0xf4, 0x61, 0x7d, 0xed, 0x69, 0x2c,
+ 0x24, 0xf3, 0x21, 0xb1, 0x8a, 0xea, 0x60, 0xa2, 0x9e, 0x6a, 0xa6, 0x53,
+ 0x12, 0xf6, 0x5c, 0xef, 0xd7, 0x49, 0x4a, 0x02, 0xe7, 0xf8, 0x64, 0x89,
+ 0x13, 0xac, 0xd5, 0x1e, 0x58, 0xff, 0xa1, 0x63, 0xdd, 0xa0, 0x1f, 0x44,
+ 0x99, 0x6a, 0x59, 0x7f, 0x35, 0xbd, 0xf1, 0xf3, 0x7a, 0x28, 0x44, 0xe3,
+ 0x4c, 0x68, 0xb1, 0xb3, 0x97, 0x3c, 0x46, 0xe3, 0xc2, 0x12, 0x9e, 0x68,
+ 0x0b, 0xa6, 0x6c, 0x8f, 0x58, 0x48, 0x44, 0xa4, 0xf7, 0xa7, 0xc2, 0x91,
+ 0x8f, 0xbf, 0x00, 0xd0, 0x01, 0x35, 0xd4, 0x86, 0x6e, 0x1f, 0xea, 0x42,
+ 0x60, 0xb1, 0x84, 0x27, 0xf4, 0x99, 0x36, 0x06, 0x98, 0x12, 0x83, 0x32,
+ 0x9f, 0xcd, 0x50, 0x5a, 0x5e, 0xb8, 0x8e, 0xfe, 0x8d, 0x8d, 0x33, 0x2d,
+ 0x45, 0xe1, 0xc9, 0xdf, 0x2a, 0xd8, 0x38, 0x1d, 0x95, 0xd4, 0x42, 0xee,
+ 0x93, 0x5b, 0x0f, 0x1e, 0x07, 0x06, 0x3a, 0x92, 0xf1, 0x59, 0x1d, 0x6e,
+ 0x1c, 0x31, 0xf3, 0xce, 0xa9, 0x1f, 0xad, 0x4d, 0x76, 0x4d, 0x24, 0x98,
+ 0xe2, 0x0e, 0x8c, 0x35
+};
+
+static unsigned char sigsha512[512] = {
+ 0x4e, 0x2f, 0x63, 0x42, 0xc5, 0xf3, 0x05, 0x4a, 0xa6, 0x3a, 0x93, 0xa0,
+ 0xd9, 0x33, 0xa0, 0xd1, 0x46, 0x33, 0x42, 0xe8, 0x74, 0xeb, 0x3b, 0x10,
+ 0x82, 0xd7, 0xcf, 0x39, 0x23, 0xb3, 0xe9, 0x23, 0x53, 0x87, 0x8c, 0xee,
+ 0x78, 0xcb, 0xb3, 0xd9, 0xd2, 0x6d, 0x1a, 0x7c, 0x01, 0x4f, 0xed, 0x8d,
+ 0xf2, 0x72, 0xe4, 0x6a, 0x00, 0x8a, 0x60, 0xa6, 0xd5, 0x9c, 0x43, 0x6c,
+ 0xef, 0x38, 0x0c, 0x74, 0x82, 0x5d, 0x22, 0xaa, 0x87, 0x81, 0x90, 0x9c,
+ 0x64, 0x07, 0x9b, 0x13, 0x51, 0xe0, 0xa5, 0xc2, 0x83, 0x78, 0x2b, 0x9b,
+ 0xb3, 0x8a, 0x9d, 0x36, 0x33, 0xbd, 0x0d, 0x53, 0x84, 0xae, 0xe8, 0x13,
+ 0x36, 0xf6, 0xdf, 0x96, 0xe9, 0xda, 0xc3, 0xd7, 0xa9, 0x2f, 0xf3, 0x5e,
+ 0x5f, 0x1f, 0x7f, 0x38, 0x7e, 0x8d, 0xbe, 0x90, 0x5e, 0x13, 0xb2, 0x20,
+ 0xbb, 0x9d, 0xfe, 0xe1, 0x52, 0xce, 0xe6, 0x80, 0xa7, 0x95, 0x24, 0x59,
+ 0xe3, 0xac, 0x24, 0xc4, 0xfa, 0x1c, 0x44, 0x34, 0x29, 0x8d, 0xb1, 0xd0,
+ 0xd9, 0x4c, 0xff, 0xc4, 0xdb, 0xca, 0xc4, 0x3f, 0x38, 0xf9, 0xe4, 0xaf,
+ 0x75, 0x0a, 0x67, 0x4d, 0xa0, 0x2b, 0xb0, 0x83, 0xce, 0x53, 0xc4, 0xb9,
+ 0x2e, 0x61, 0xb6, 0x64, 0xe5, 0xb5, 0xe5, 0xac, 0x9d, 0x51, 0xec, 0x58,
+ 0x42, 0x90, 0x78, 0xf6, 0x46, 0x96, 0xef, 0xb6, 0x97, 0xb7, 0x54, 0x28,
+ 0x1a, 0x4c, 0x29, 0xf4, 0x7a, 0x33, 0xc6, 0x07, 0xfd, 0xec, 0x97, 0x36,
+ 0x1d, 0x42, 0x88, 0x94, 0x27, 0xc2, 0xa3, 0xe1, 0xd4, 0x87, 0xa1, 0x8a,
+ 0x2b, 0xff, 0x47, 0x60, 0xfe, 0x1f, 0xaf, 0xc2, 0xeb, 0x17, 0xdd, 0x56,
+ 0xc5, 0x94, 0x5c, 0xcb, 0x23, 0xe5, 0x49, 0x4d, 0x99, 0x06, 0x02, 0x5a,
+ 0xfc, 0xfc, 0xdc, 0xee, 0x49, 0xbc, 0x47, 0x60, 0xff, 0x6a, 0x63, 0x8b,
+ 0xe1, 0x2e, 0xa3, 0xa7
+};
+
+/* RSA verify */
+static void
+isc_rsa_verify_test(void **state) {
+ isc_result_t ret;
+ dns_fixedname_t fname;
+ isc_buffer_t buf;
+ dns_name_t *name;
+ dst_key_t *key = NULL;
+ dst_context_t *ctx = NULL;
+ isc_region_t r;
+
+ UNUSED(state);
+
+ name = dns_fixedname_initname(&fname);
+ isc_buffer_constinit(&buf, "rsa.", 4);
+ isc_buffer_add(&buf, 4);
+ ret = dns_name_fromtext(name, &buf, NULL, 0, NULL);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ ret = dst_key_fromfile(name, 29238, DST_ALG_RSASHA256, DST_TYPE_PUBLIC,
+ "./", dt_mctx, &key);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ /* RSASHA1 - May not be supported by the OS */
+ if (dst_algorithm_supported(DST_ALG_RSASHA1)) {
+ key->key_alg = DST_ALG_RSASHA1;
+
+ ret = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_DNSSEC,
+ false, 0, &ctx);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ r.base = d;
+ r.length = 10;
+ ret = dst_context_adddata(ctx, &r);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ r.base = sigsha1;
+ r.length = 256;
+ ret = dst_context_verify(ctx, &r);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ dst_context_destroy(&ctx);
+ }
+
+ /* RSASHA256 */
+
+ key->key_alg = DST_ALG_RSASHA256;
+
+ ret = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
+ &ctx);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ r.base = d;
+ r.length = 10;
+ ret = dst_context_adddata(ctx, &r);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ r.base = sigsha256;
+ r.length = 256;
+ ret = dst_context_verify(ctx, &r);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ dst_context_destroy(&ctx);
+
+ /* RSASHA512 */
+
+ key->key_alg = DST_ALG_RSASHA512;
+
+ ret = dst_context_create(key, dt_mctx, DNS_LOGCATEGORY_DNSSEC, false, 0,
+ &ctx);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ r.base = d;
+ r.length = 10;
+ ret = dst_context_adddata(ctx, &r);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ r.base = sigsha512;
+ r.length = 256;
+ ret = dst_context_verify(ctx, &r);
+ assert_int_equal(ret, ISC_R_SUCCESS);
+
+ dst_context_destroy(&ctx);
+
+ dst_key_free(&key);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(isc_rsa_verify_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* HAVE_CMOCKA */
diff --git a/lib/dns/tests/sigs_test.c b/lib/dns/tests/sigs_test.c
new file mode 100644
index 0000000..8e438cb
--- /dev/null
+++ b/lib/dns/tests/sigs_test.c
@@ -0,0 +1,462 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/buffer.h>
+#include <isc/list.h>
+#include <isc/region.h>
+#include <isc/result.h>
+#include <isc/stdtime.h>
+#include <isc/types.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/diff.h>
+#include <dns/dnssec.h>
+#include <dns/fixedname.h>
+#include <dns/name.h>
+#include <dns/rdata.h>
+#include <dns/rdatastruct.h>
+#include <dns/rdatatype.h>
+#include <dns/result.h>
+#include <dns/types.h>
+#include <dns/zone.h>
+
+#include <dst/dst.h>
+
+#include "../zone_p.h"
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/*%
+ * Structure characterizing a single diff tuple in the dns_diff_t structure
+ * prepared by dns__zone_updatesigs().
+ */
+typedef struct {
+ dns_diffop_t op;
+ const char *owner;
+ dns_ttl_t ttl;
+ const char *type;
+} zonediff_t;
+
+#define ZONEDIFF_SENTINEL \
+ { \
+ 0, NULL, 0, NULL \
+ }
+
+/*%
+ * Structure defining a dns__zone_updatesigs() test.
+ */
+typedef struct {
+ const char *description; /* test description */
+ const zonechange_t *changes; /* array of "raw" zone changes */
+ const zonediff_t *zonediff; /* array of "processed" zone changes
+ * */
+} updatesigs_test_params_t;
+
+/*%
+ * Check whether the 'found' tuple matches the 'expected' tuple. 'found' is
+ * the 'index'th tuple output by dns__zone_updatesigs() in test 'test'.
+ */
+static void
+compare_tuples(const zonediff_t *expected, dns_difftuple_t *found,
+ size_t index) {
+ char found_covers[DNS_RDATATYPE_FORMATSIZE] = {};
+ char found_type[DNS_RDATATYPE_FORMATSIZE] = {};
+ char found_name[DNS_NAME_FORMATSIZE];
+ isc_consttextregion_t typeregion;
+ dns_fixedname_t expected_fname;
+ dns_rdatatype_t expected_type;
+ dns_name_t *expected_name;
+ dns_rdata_rrsig_t rrsig;
+ isc_buffer_t typebuf;
+ isc_result_t result;
+
+ REQUIRE(expected != NULL);
+ REQUIRE(found != NULL);
+ REQUIRE(index > 0);
+
+ /*
+ * Check operation.
+ */
+ assert_int_equal(expected->op, found->op);
+
+ /*
+ * Check owner name.
+ */
+ expected_name = dns_fixedname_initname(&expected_fname);
+ result = dns_name_fromstring(expected_name, expected->owner, 0,
+ dt_mctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_name_format(&found->name, found_name, sizeof(found_name));
+ assert_true(dns_name_equal(expected_name, &found->name));
+
+ /*
+ * Check TTL.
+ */
+ assert_int_equal(expected->ttl, found->ttl);
+
+ /*
+ * Parse expected RR type.
+ */
+ typeregion.base = expected->type;
+ typeregion.length = strlen(expected->type);
+ result = dns_rdatatype_fromtext(&expected_type,
+ (isc_textregion_t *)&typeregion);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Format found RR type for reporting purposes.
+ */
+ isc_buffer_init(&typebuf, found_type, sizeof(found_type));
+ result = dns_rdatatype_totext(found->rdata.type, &typebuf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Check RR type.
+ */
+ switch (expected->op) {
+ case DNS_DIFFOP_ADDRESIGN:
+ case DNS_DIFFOP_DELRESIGN:
+ /*
+ * Found tuple must be of type RRSIG.
+ */
+ assert_int_equal(found->rdata.type, dns_rdatatype_rrsig);
+ if (found->rdata.type != dns_rdatatype_rrsig) {
+ break;
+ }
+ /*
+ * The signature must cover an RRset of type 'expected->type'.
+ */
+ result = dns_rdata_tostruct(&found->rdata, &rrsig, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ isc_buffer_init(&typebuf, found_covers, sizeof(found_covers));
+ result = dns_rdatatype_totext(rrsig.covered, &typebuf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(expected_type, rrsig.covered);
+ break;
+ default:
+ /*
+ * Found tuple must be of type 'expected->type'.
+ */
+ assert_int_equal(expected_type, found->rdata.type);
+ break;
+ }
+}
+
+/*%
+ * Perform a single dns__zone_updatesigs() test defined in 'test'. All other
+ * arguments are expected to remain constant between subsequent invocations of
+ * this function.
+ */
+static void
+updatesigs_test(const updatesigs_test_params_t *test, dns_zone_t *zone,
+ dns_db_t *db, dst_key_t *zone_keys[], unsigned int nkeys,
+ isc_stdtime_t now) {
+ size_t tuples_expected, tuples_found, index;
+ dns_dbversion_t *version = NULL;
+ dns_diff_t raw_diff, zone_diff;
+ const zonediff_t *expected;
+ dns_difftuple_t *found;
+ isc_result_t result;
+
+ dns__zonediff_t zonediff = {
+ .diff = &zone_diff,
+ .offline = false,
+ };
+
+ REQUIRE(test != NULL);
+ REQUIRE(test->description != NULL);
+ REQUIRE(test->changes != NULL);
+ REQUIRE(zone != NULL);
+ REQUIRE(db != NULL);
+ REQUIRE(zone_keys != NULL);
+
+ /*
+ * Create a new version of the zone's database.
+ */
+ result = dns_db_newversion(db, &version);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Create a diff representing the supplied changes.
+ */
+ result = dns_test_difffromchanges(&raw_diff, test->changes, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Apply the "raw" diff to the new version of the zone's database as
+ * this is what dns__zone_updatesigs() expects to happen before it is
+ * called.
+ */
+ dns_diff_apply(&raw_diff, db, version);
+
+ /*
+ * Initialize the structure dns__zone_updatesigs() will modify.
+ */
+ dns_diff_init(dt_mctx, &zone_diff);
+
+ /*
+ * Check whether dns__zone_updatesigs() behaves as expected.
+ */
+ result = dns__zone_updatesigs(&raw_diff, db, version, zone_keys, nkeys,
+ zone, now - 3600, now + 3600, 0, now,
+ true, false, &zonediff);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_true(ISC_LIST_EMPTY(raw_diff.tuples));
+ assert_false(ISC_LIST_EMPTY(zone_diff.tuples));
+
+ /*
+ * Ensure that the number of tuples in the zone diff is as expected.
+ */
+
+ tuples_expected = 0;
+ for (expected = test->zonediff; expected->owner != NULL; expected++) {
+ tuples_expected++;
+ }
+
+ tuples_found = 0;
+ for (found = ISC_LIST_HEAD(zone_diff.tuples); found != NULL;
+ found = ISC_LIST_NEXT(found, link))
+ {
+ tuples_found++;
+ }
+
+ assert_int_equal(tuples_expected, tuples_found);
+
+ /*
+ * Ensure that every tuple in the zone diff matches expectations.
+ */
+ expected = test->zonediff;
+ index = 1;
+ for (found = ISC_LIST_HEAD(zone_diff.tuples); found != NULL;
+ found = ISC_LIST_NEXT(found, link))
+ {
+ compare_tuples(expected, found, index);
+ expected++;
+ index++;
+ }
+
+ /*
+ * Apply changes to zone database contents and clean up.
+ */
+ dns_db_closeversion(db, &version, true);
+ dns_diff_clear(&zone_diff);
+ dns_diff_clear(&raw_diff);
+}
+
+/* dns__zone_updatesigs() tests */
+static void
+updatesigs_next_test(void **state) {
+ dst_key_t *zone_keys[DNS_MAXZONEKEYS];
+ dns_zone_t *zone = NULL;
+ dns_db_t *db = NULL;
+ isc_result_t result;
+ unsigned int nkeys;
+ isc_stdtime_t now;
+ size_t i;
+
+ UNUSED(state);
+
+ /*
+ * Prepare a zone along with its signing keys.
+ */
+
+ result = dns_test_makezone("example", &zone, NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_test_loaddb(&db, dns_dbtype_zone, "example",
+ "testdata/master/master18.data");
+ assert_int_equal(result, DNS_R_SEENINCLUDE);
+
+ result = dns_zone_setkeydirectory(zone, "testkeys");
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_stdtime_get(&now);
+ result = dns__zone_findkeys(zone, db, NULL, now, dt_mctx,
+ DNS_MAXZONEKEYS, zone_keys, &nkeys);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(nkeys, 2);
+
+ /*
+ * Define the tests to be run. Note that changes to zone database
+ * contents introduced by each test are preserved between tests.
+ */
+
+ const zonechange_t changes_add[] = {
+ { DNS_DIFFOP_ADD, "foo.example", 300, "TXT", "foo" },
+ { DNS_DIFFOP_ADD, "bar.example", 600, "TXT", "bar" },
+ ZONECHANGE_SENTINEL,
+ };
+ const zonediff_t zonediff_add[] = {
+ { DNS_DIFFOP_ADDRESIGN, "foo.example", 300, "TXT" },
+ { DNS_DIFFOP_ADD, "foo.example", 300, "TXT" },
+ { DNS_DIFFOP_ADDRESIGN, "bar.example", 600, "TXT" },
+ { DNS_DIFFOP_ADD, "bar.example", 600, "TXT" },
+ ZONEDIFF_SENTINEL,
+ };
+ const updatesigs_test_params_t test_add = {
+ .description = "add new RRsets",
+ .changes = changes_add,
+ .zonediff = zonediff_add,
+ };
+
+ const zonechange_t changes_append[] = {
+ { DNS_DIFFOP_ADD, "foo.example", 300, "TXT", "foo1" },
+ { DNS_DIFFOP_ADD, "foo.example", 300, "TXT", "foo2" },
+ ZONECHANGE_SENTINEL,
+ };
+ const zonediff_t zonediff_append[] = {
+ { DNS_DIFFOP_DELRESIGN, "foo.example", 300, "TXT" },
+ { DNS_DIFFOP_ADDRESIGN, "foo.example", 300, "TXT" },
+ { DNS_DIFFOP_ADD, "foo.example", 300, "TXT" },
+ { DNS_DIFFOP_ADD, "foo.example", 300, "TXT" },
+ ZONEDIFF_SENTINEL,
+ };
+ const updatesigs_test_params_t test_append = {
+ .description = "append multiple RRs to an existing RRset",
+ .changes = changes_append,
+ .zonediff = zonediff_append,
+ };
+
+ const zonechange_t changes_replace[] = {
+ { DNS_DIFFOP_DEL, "bar.example", 600, "TXT", "bar" },
+ { DNS_DIFFOP_ADD, "bar.example", 600, "TXT", "rab" },
+ ZONECHANGE_SENTINEL,
+ };
+ const zonediff_t zonediff_replace[] = {
+ { DNS_DIFFOP_DELRESIGN, "bar.example", 600, "TXT" },
+ { DNS_DIFFOP_ADDRESIGN, "bar.example", 600, "TXT" },
+ { DNS_DIFFOP_DEL, "bar.example", 600, "TXT" },
+ { DNS_DIFFOP_ADD, "bar.example", 600, "TXT" },
+ ZONEDIFF_SENTINEL,
+ };
+ const updatesigs_test_params_t test_replace = {
+ .description = "replace an existing RRset",
+ .changes = changes_replace,
+ .zonediff = zonediff_replace,
+ };
+
+ const zonechange_t changes_delete[] = {
+ { DNS_DIFFOP_DEL, "bar.example", 600, "TXT", "rab" },
+ ZONECHANGE_SENTINEL,
+ };
+ const zonediff_t zonediff_delete[] = {
+ { DNS_DIFFOP_DELRESIGN, "bar.example", 600, "TXT" },
+ { DNS_DIFFOP_DEL, "bar.example", 600, "TXT" },
+ ZONEDIFF_SENTINEL,
+ };
+ const updatesigs_test_params_t test_delete = {
+ .description = "delete an existing RRset",
+ .changes = changes_delete,
+ .zonediff = zonediff_delete,
+ };
+
+ const zonechange_t changes_mixed[] = {
+ { DNS_DIFFOP_ADD, "baz.example", 900, "TXT", "baz1" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "A", "127.0.0.1" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "TXT", "baz2" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "AAAA", "::1" },
+ ZONECHANGE_SENTINEL,
+ };
+ const zonediff_t zonediff_mixed[] = {
+ { DNS_DIFFOP_ADDRESIGN, "baz.example", 900, "TXT" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "TXT" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "TXT" },
+ { DNS_DIFFOP_ADDRESIGN, "baz.example", 900, "A" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "A" },
+ { DNS_DIFFOP_ADDRESIGN, "baz.example", 900, "AAAA" },
+ { DNS_DIFFOP_ADD, "baz.example", 900, "AAAA" },
+ ZONEDIFF_SENTINEL,
+ };
+ const updatesigs_test_params_t test_mixed = {
+ .description = "add different RRsets with common owner name",
+ .changes = changes_mixed,
+ .zonediff = zonediff_mixed,
+ };
+
+ const updatesigs_test_params_t *tests[] = {
+ &test_add, &test_append, &test_replace,
+ &test_delete, &test_mixed,
+ };
+
+ /*
+ * Run tests.
+ */
+ for (i = 0; i < sizeof(tests) / sizeof(tests[0]); i++) {
+ updatesigs_test(tests[i], zone, db, zone_keys, nkeys, now);
+ }
+
+ /*
+ * Clean up.
+ */
+ for (i = 0; i < nkeys; i++) {
+ dst_key_free(&zone_keys[i]);
+ }
+ dns_db_detach(&db);
+ dns_zone_detach(&zone);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(updatesigs_next_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/testdata/db/data.db b/lib/dns/tests/testdata/db/data.db
new file mode 100644
index 0000000..67a4fba
--- /dev/null
+++ b/lib/dns/tests/testdata/db/data.db
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2.vix.com.
+a in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/lib/dns/tests/testdata/dbiterator/zone1.data b/lib/dns/tests/testdata/dbiterator/zone1.data
new file mode 100644
index 0000000..c380d39
--- /dev/null
+++ b/lib/dns/tests/testdata/dbiterator/zone1.data
@@ -0,0 +1,30 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 600
+@ in soa localhost. postmaster.localhost. (
+ 2011080901 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 600 ) ;minimum
+ in ns ns
+ in ns ns2
+ns in a 10.0.0.1
+ns2 in a 10.0.0.2
+
+a in txt "test"
+b in txt "test"
+c in txt "test"
+d.e.f in txt "test"
+e in txt "test"
+f.g.h in txt "test"
+f.g.i in txt "test"
+f.g.j in txt "test"
+k in txt "test"
diff --git a/lib/dns/tests/testdata/dbiterator/zone2.data b/lib/dns/tests/testdata/dbiterator/zone2.data
new file mode 100644
index 0000000..7265c27
--- /dev/null
+++ b/lib/dns/tests/testdata/dbiterator/zone2.data
@@ -0,0 +1,319 @@
+; File written on Mon Aug 15 16:51:56 2011
+; dnssec_signzone version 9.7.3rc1
+test. 600 IN SOA localhost. postmaster.localhost. (
+ 2011080901 ; serial
+ 3600 ; refresh (1 hour)
+ 1800 ; retry (30 minutes)
+ 604800 ; expire (1 week)
+ 600 ; minimum (10 minutes)
+ )
+ 600 RRSIG SOA 7 1 600 20110914225156 (
+ 20110815225156 39833 test.
+ IoQPcpx+Y2btVBBdM2H/9ppRMjphB1thwrdh
+ midhKH+MXDAauUIENucugi3zLsc1o2ke8LnQ
+ v3lCLd/bb5MD1otuS8vOw1GWEFhXOUBZU6wS
+ QwEIcG4BiSlz7/GvOlRa2znkOmZ3c8bD/J3Y
+ XUWDI3BEDPgrZqfxEvoMyPEWjO8= )
+ 600 NS ns.test.
+ 600 NS ns2.test.
+ 600 RRSIG NS 7 1 600 20110914225156 (
+ 20110815225156 39833 test.
+ OgEimhmFIAqlH0hyQy3pTsveBHKyqs9WfO1S
+ uDPRj3DFgFEAjoY473T8GxG2C+jTVL/UMVcb
+ BTZ8wIAiUHhqKLcmr0q/1X+kNUs7tNi+6oMn
+ /jxaOuRL6c8Kf2gl2t4g6JTwQqLQhUHTfQP+
+ bEfKUr75VsVfxCQZIHlZ3/AlxZM= )
+ 600 DNSKEY 256 3 7 (
+ AwEAAc0FzrE7jUiaKIGZpIaFE8E989topAJN
+ dWIQUQ7BSKabmpBP2M+SXHwIiQ/yC25iqudO
+ IxjRcK7nHB1VoP84xU2oMj6eeSqQHf/bYaji
+ Y8IfR7lgrzoDWzq+0rtnKMJc/JM8SMkcoBAS
+ llvxarDJTZheZjlrCvhpRJC+FAkBsx81
+ ) ; key id = 39833
+ 600 DNSKEY 257 3 7 (
+ AwEAAc55LPDhBLqfDUpjYYbBt+N63CiZtKrD
+ UDGeFAerbw0MWIUi3PgMr7yGVrj8e5Qjp9UN
+ zBUax6NdhlYVtFA8CwMTXGBjxgyqUoWpce08
+ lswxfE70BpgUA6w5efs0/mYtX9/A76etCaSI
+ oNH2vfa47BCdCPDfC1uTgyeuNuDvhszHaSiD
+ 8OY7tLa/voecUlq38sdqi2raf2DvgOm7rdFa
+ reXOS/WIj7zd4XYrV1JGthxOMVlQ7zdv9rVd
+ UNUIF2d4hwCZJQr0ejhmvB3m/DuNmNOPYmnv
+ KTmLSE+IJ6baqYvKOVxwV+SaCnuJEjv+3Yrx
+ 8WQYD/iS9WBhC9FUit0dy+0=
+ ) ; key id = 57183
+ 600 RRSIG DNSKEY 7 1 600 20110914225156 (
+ 20110815225156 39833 test.
+ xPV+bSGUlbxA5MKBeeRbwUDh3Qc+dm77+OHQ
+ BHIr1L8/kRP5o5J7MqPA37kea6nhyltYf9xM
+ RsxyiaBGUUeLyWg/q6hTtkNgAHifOPAhiDz8
+ AJDSTdSsq9RVtjdobAD0jyzz9sWnB+TPSOmj
+ Nlyd7VtPVEuSYljgawwfBBO3Kho= )
+ 600 RRSIG DNSKEY 7 1 600 20110914225156 (
+ 20110815225156 57183 test.
+ S3jkC7AvyFc4ShfHt6AWgS4zpx9DzWHBK9gV
+ 2H23OJzy8H1At/CjKxWVHLJ/io+ygryVnt/I
+ 47Jyhh9i43TnXj8il475YsweGnXGZSorrcXA
+ 3IsD2lOuRYnp3yetxe2ZrMGNDqqImE6X4x1a
+ UJI0cbE2UMZfUt8Rm5USiGzwAEgFD1OXxvMD
+ UT3flyp+Ote9FConK8gewV4wlJuBFemWT7BZ
+ lUYnoqfuAeEn2+1pIBS0iA0LNFjNBaEgtcjo
+ QeweN32yKoApau47Dl/Klw7KFT8+PLZ0QPbt
+ XAkJU7q94Q5aucDuHCSCTCc+2vZxdEnXKvRY
+ rfLuG8r/V5Kn+1iYrQ== )
+ 0 NSEC3PARAM 1 0 10 -
+ 0 RRSIG NSEC3PARAM 7 1 0 20110914225156 (
+ 20110815225156 39833 test.
+ kghSSeP8AZiQ/zmxgxAyG0itoUMo5adG5pxD
+ p8T3ZmbxEUSyG5acxBFkmeY39wVU0Cda8tWc
+ HHrMbB5e2GN8z6xJ0A4rVyXfKSYJSz+iKWfk
+ 7sOFRjd8OLYE3di6PwIpk6ORUiRPMFLDQCH0
+ Q27hLsSoKyd50orKKI+ncjz7WzU= )
+a.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ UEVOlnL6CDRNCfk/Xge2oaGYCV1+ewwi5zJ0
+ CX4DdwiNEkItL4HgBe8xXfxgFC3qySdsSYPE
+ 1krdFyIkAclMCwHECd1UwZbGlMTEUGrE1KOB
+ 8vQY+OhIV9TAhqNwnjbu7s2ZdNUv3wiUPcfk
+ hCJ4rzP6yeV2inLwZulXnhxb6Pk= )
+b.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ HcyQlO9io6Rc5e4vVqlRmK5PacOaFQJmdERG
+ 5Aobpgm1FuCLC7F+IMZ0d1XvBWnsw9iDzV43
+ UKzTGqUSmDiSBzs4QzHlacGickIW8EOV4xyJ
+ +mcJ0FZh4YNbkt6CiX+8SF6IxfCMhRMjpSsK
+ rWqJMG3LXkI6W9stShzsYAFBOzQ= )
+e.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ jUn5FGRTL9OcFU7tvfkUnSwY8jA+8JynE0hi
+ ZJbYXDU5CiWGmR2B3yPHxUCewRqouyVCV8bc
+ xZsSuBxvcdYKryYDbjsmB83GlSEuxE9J7XZs
+ 8SxUP8PobLVqzXgEZS/XRU2G+R915ZDP9/iL
+ z9oYwc9TkeyXbp8J/ZsH88tG980= )
+c.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ cRxAj45oFDDCd8xQXxD1F0Qq8XeBWAj8EYS3
+ 7nFXAgAy8sTczFvYCNGj79o7BALJwM4vc/wx
+ 6rjsiO/sHgfTMEBDq6lH9Wql72uhwavI2SrL
+ /h/wBP5q4BXlQ4xp6cLhhdifOWhNTvLP+Fe5
+ U6yjvqneiKspze9SiFbcmRDiJds= )
+d.e.f.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 4 600 20110914225156 (
+ 20110815225156 39833 test.
+ ENjCzr/P9rJmj5OJLzYwWtHtBg2Uz+qJDucz
+ I97Pq9F819/c5sxNfT4hgICCw6ZfT4ffbzye
+ fFJ0JVrh2cYOzu68ozlgek/Uml1UW0pDQVdI
+ s4zEgp4XK9wXUxtWChSqp5YXMdeHegZFu32i
+ IMNTbJDudwYSwhr2FyG92ZRi8Y8= )
+f.g.h.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 4 600 20110914225156 (
+ 20110815225156 39833 test.
+ HT7iocFsfDjeX6j9RJdE3xfVGkIxhajFHgM/
+ T/mJj/al4HKV6Ajia8DhpdfDrgM2m7r+Pgcn
+ FSIstfebQsuFCnHX/gIalDND/grHKsetQnMP
+ Y7O4QLsRnTV53fdlqQ4eT+jBW6fzJdGySVN+
+ bg6kNJZS8DebjmlKtZz7tXjkP+4= )
+f.g.i.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 4 600 20110914225156 (
+ 20110815225156 39833 test.
+ kHJJeNSL1rz4QRYqOzhGMQl1yIdio7l8Lg8H
+ f0TsvFLa6BudVtwKUm+Kz2QiDn7/Lew8w0KX
+ vVHxX/Vwl3Ixk54YgMKLNogz2TEvnh/VGiS7
+ 8r0oSUrg0CFd+xDfxnLeRqX5NNfMuSJap5WH
+ Aw7IVeRjXDwJFYnytMEnTrhHHHg= )
+f.g.j.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 4 600 20110914225156 (
+ 20110815225156 39833 test.
+ lIEHEhDFhOWK8W/F2xWELU2p/X77S2KTivm9
+ sY4k3RPsLNHE7p+lF8p72Lcb79rtltnoVYtE
+ pTIiaUcmgGwfaI4cwfXbeuEgnuTiLg7Xrefx
+ 3GT86Q+8gfgbMXUmRA/eouWZhCOaYJN99gYz
+ urzDMiRLYmILHmLlnvo82SgXeuk= )
+k.test. 600 IN TXT "test"
+ 600 RRSIG TXT 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ wC3zgYWsuLga8Vu3QFu/Ci8SzRbA5bvjSmDj
+ NzcpjU5cvJBxtgzatCr02AaUC94bI0JzNrEB
+ nFyWCYw55lyy+bAHU1u05UcQmz0n5yxkvmHX
+ i8ZjMyQkAvNKodJHaFQqUKKIDuSHD2EziKqg
+ eNn55YRS11ihkODehUVNl7TnYeA= )
+ns.test. 600 IN A 10.0.0.1
+ 600 RRSIG A 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ VyK/WlQ6ikXdjF/arGzyAyYhOc8IYNBp4QLW
+ gtYjvbjIcV5+9JINWmUs61VjJ14nES1sI0xb
+ 9vQJuiPXTM1awUAnvOKLhaX6fbJaEiR1w6Cf
+ RT5QKBMxNBKVStqdabHcigY4DUuc1PQk1vCw
+ yMUJt3nHNVMZk+XAycNHzBeYjik= )
+ns2.test. 600 IN A 10.0.0.2
+ 600 RRSIG A 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ CX6UlZL+5NQJViKfbe/E3uIJk/wjUzoiHBhY
+ B6gS8nxZzlRPdTTXyMZoRa4etTZEbrRjnyXk
+ 1rP47faCUwbh//XqukN9f7FZ4Y39NpPS2XpX
+ 0Lx6M93Jz46lbzmseMFs2YmNMzzhN4uhRvl/
+ 8gPtYsn9KMXnAlFfa4XrE5LNVyY= )
+1F3JQ6EANHNHOCMUPQTVNM339VDTR51C.test. 600 IN NSEC3 1 0 10 - 7QKPELF33JOK9BVJ7CKE99AHG40B0SH7 A RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ w7aS12lxLNh+G1B/2kEq1BO6IzYvyC8n/MGV
+ 0jvFnapNXGZMPrPxGeO2wkw1JXepuXCv98be
+ M4SjQywaH+VP6ZMTIfjxRxtcCM+aLAFhiz0l
+ /MILEkjemmxjAfvV7emRVMwCGcoGI7qC3Xxq
+ q5g8EzJiYyTCOnI5LKRggn97wGg= )
+7QKPELF33JOK9BVJ7CKE99AHG40B0SH7.test. 600 IN NSEC3 1 0 10 - 94Q15K1V1VE5F87EI37T2B9A39EEC368 TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ J4ObL3p4eN0jWh06M+rX2SSPANQoKfnosElB
+ KcKE7fLqEjKK7N6Yh6KUlbEP25tfeZ7W6GBJ
+ b7q6Nh0Ax8fYdc/6JVvmxcwWcx5Lw1TfITGB
+ ttFntJlbp1A8lwP3pn8Ksql1X2ogh78AsgTb
+ X5kmXVukC1oEzt98EAa/V/an8QA= )
+CS8M3UVG0UJDR6USBES4U9SNUGQI2RJE.test. 600 IN NSEC3 1 0 10 - ETEQB5V431INUIIE547FKSOF7O4DJ62J A RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ Vyd/2b0S15fACJ8TiPXKtScV9A/ZztVumZAm
+ o2S6jaVJKWik+8orDW+WiJ4/PEl26PK2m1uv
+ HD2beuUCHj9EnYkN/dzL3Bsc302qr9xqsh0q
+ VFS2moznoNG415ZV3vgYR7L9DAp43ZeFuw6I
+ 7sr21hLYLUeo31xBsJg7RlOL+4s= )
+ETEQB5V431INUIIE547FKSOF7O4DJ62J.test. 600 IN NSEC3 1 0 10 - F8G1MB0JUEU3FBI11CAVFIPGEA3POOIM
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ oOHs1eb3JYeOMOnzE2PS6NIXBNzSoTYPIxo/
+ P0d/ihsLKra3yNJNPTlu4kf+FZoNYAGtMK/D
+ 6dZWFvtdswDdi2C5WSgsanuHqXq5Lr3A1nCe
+ cQI5PO4RrLymB+MtYg15CNKcnc0WmJO8deSR
+ WzNOarC+Iz1Xj3FkKDS4FFr+02Q= )
+94Q15K1V1VE5F87EI37T2B9A39EEC368.test. 600 IN NSEC3 1 0 10 - CS8M3UVG0UJDR6USBES4U9SNUGQI2RJE
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ K0PvN7YtHQ63x/x2yXXa2S9GBGuTNJywDZ8M
+ wyMSwytCb9mn4hnKD5mJHaXGTw3YX7usbnEO
+ ce6hiJdN/VhMfbRMOvUpgyblOj4kXiYVZY1a
+ SyycfugK/Hu1j4az7lIhhnnx58GChA6mg8Vx
+ 3Uz6cNDDCSTBTl09NyeUUrKWsHQ= )
+FBH6B0LHT9PPQB1P98D228HA1H52L8PO.test. 600 IN NSEC3 1 0 10 - JGU2L7C3LKLHAKC5RHUOORTI2DCKK3KL
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ giXRE+4ZeIzDrhx1XkFSpIKGFd3UGzlrLZnO
+ Ur9nMUfwvU5A3fitEkdayo3ZDH7MQGpSotaH
+ ReiFXx3Z6Hm2NIN/RHYZQr9e0vbMYSjkANdu
+ HWBA1SrSq5SHyuy970mPd4jfTHiABCo6fJGB
+ ykGClZGou0WSaB+Ak19fMbeQ2Wo= )
+JGU2L7C3LKLHAKC5RHUOORTI2DCKK3KL.test. 600 IN NSEC3 1 0 10 - KFMJ88CKMKUQQJE59IKFBOLLLD4DF55H TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ BHTDUgZdWNLgz3xHYMqvlWK/IJ0xrXESoREc
+ 6D3sO9bcLTMYPO9t80itOlipwp4AmaVOBXPt
+ cKSdgsUXDEtHqNSxtGbNr5xQ+Aqsep0GX71V
+ HkcIuiNdTUw83dkajCHMkmQCbEjp9mbdiTmS
+ haNW2EsscldfaS1aq5tYUhCT3l4= )
+L993U6VC0DUV5QJ8TRPD2IQLM8FJ7AT9.test. 600 IN NSEC3 1 0 10 - LSMRLLNBQGGK8J6V40KLM2LG5TE4FS0P
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ vE7K0Nrju4qLFDYkIyMY5bIMT0wu8MJdxL6u
+ 7WVA4HepccKQcUnvVoBAcrA9+MUeteyrad8Y
+ SJvQIt7sz5t7FViWSq5IMPVPujWtW5J30LhJ
+ mOLd1KmnFWoVthJ1oFNzBM80A60seKNnEw1M
+ lV6Y+v0gNYIQensUb9w6SVMTpxE= )
+F8G1MB0JUEU3FBI11CAVFIPGEA3POOIM.test. 600 IN NSEC3 1 0 10 - FA1T7MKUUV9SD4VDBJQ3GRFK1IDTCKL7
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ DkL9ONc0vpsKdG20ol8XPAaVfLb7kf1wnKbR
+ rQUB1trGSHm/Igo06of43zm9J+56htFJg1xD
+ I2de0sCUBQYyHVBBDiBAd1g+ZvcpUlLP0w8M
+ NxMviMiG/WQAdGXHwYfUimwMWD7gNGl1m05H
+ HwYmzGs+d1bClDNBrFhdfdL2+iA= )
+LSMRLLNBQGGK8J6V40KLM2LG5TE4FS0P.test. 600 IN NSEC3 1 0 10 - LUAN2Q3I2OCVSD41MP08HNA9JP22D38K
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ ZgiWuMqodQuhwuAF6CIiJTsdRahi+poOiZAM
+ WXNP0wXfdptcG2uhbdDwy+0crhe3tuybhwcb
+ CuiaQUh0XNPhgF+qmXpGobaqBhCEvCF4K9qY
+ OCIoMfsI1pIBVbMw0+YXVarFZ8+mfNU/+6n6
+ yy2+1nCg3k4XR2Dpv4CeDBfcAuM= )
+NAL1UIEBM38NKMN6RQOKE8T781IA7UKI.test. 600 IN NSEC3 1 0 10 - OUSGP0LO9FGAROHDULQVSTI3OLQIBB39 TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ x8JiXPI+EXHz8ZO/VW0/+9wWsBNqeSMxXZIV
+ ibOnogSg7Wi7Yq1xftKC2+xEevNxSZnBibEy
+ Sgro5xKTf0n7pD9hHVBLoYmOOnbXY3QNQ2EQ
+ y3LdPT355WmwVddVOOxNpNRp2zQyqg7BhVA3
+ wxY7tyVQd4x1+95ATUQBnFditdE= )
+KFMJ88CKMKUQQJE59IKFBOLLLD4DF55H.test. 600 IN NSEC3 1 0 10 - L993U6VC0DUV5QJ8TRPD2IQLM8FJ7AT9 TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ KQPaN2Ecebifbl4Bz5Yo0x2DgGmZiVhpSydm
+ oy/5NtMjt7G472JrKlqByap+VxW0bpzo3IER
+ 3P8Dsv7pfBD4/Cl5sFqwZL7wYy7RB4dQLVCi
+ Pepc/Mr3gR2XmL91fpGttMj5jGscnVQJCyFa
+ obzhsVaVImUQZFDPb0UQUHwIhOA= )
+LUAN2Q3I2OCVSD41MP08HNA9JP22D38K.test. 600 IN NSEC3 1 0 10 - NAL1UIEBM38NKMN6RQOKE8T781IA7UKI TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ NJ+X3d0qh2+fbSnG0iQPxAeDIOzX5NTmY9fS
+ x7IO/DDcgUhPvl1YYdz5J999cec1zzOKp10J
+ YbsIAzg0w/Y4D4CBUw3IkcOrUFOODb6eJQGb
+ rVFRqmp3BUP4qOAWUZvx4oQ0KG4K/h/KJMbU
+ Vcdl7PF7G5O5hMyR9UWg4zal7Sk= )
+OUSGP0LO9FGAROHDULQVSTI3OLQIBB39.test. 600 IN NSEC3 1 0 10 - PQQ28M3U2MM08GGFV3JKR76G2H9IUJPC TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ A/qxYrSE/smBGbST8j8eGPCrRnwvVa25kDha
+ IuA3nv0vzXhFvlruc9f0HRGwsq6A2pw3I5W+
+ xo2/JxsNyFOotdwaDDEBzqPkJmrzupxQS4Hm
+ rHSLnRnNw4QzvzNjAGWMYAoe3OeHC47wmAtI
+ qE91EHZTlPP28CUXOMo+7sCaOa8= )
+U0UVS2SUP89P2TM3PJO4TC1GPJ2O6519.test. 600 IN NSEC3 1 0 10 - VA2VG5BEMCKQP6MS5NHHGL18031BIA7M NS SOA RRSIG DNSKEY NSEC3PARAM
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ rahhkfiF+Rk6oqbWTdu9qcwhmj5hbDuIFdiJ
+ GmaG+cFSv5Mjp+txNVCvBK9Hq/VpW0ypen/3
+ JC0sVAugSX+HAKAgyaMKmgWCvoQZ6ZSJUh7o
+ LRPcT+oxVXQAqjovxpaV8k6sYo44tpljPdOD
+ UluWAP5SrmJKjzCxs27KGRx8MK4= )
+VA2VG5BEMCKQP6MS5NHHGL18031BIA7M.test. 600 IN NSEC3 1 0 10 - VAKOQ2TPD7S25NFBJT73J3C4OGU10RJ5 TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ XcBeZ8lo9Qo8z56+1FdGDjh6ZHCfO+MQ/wnY
+ TEUo/aWLkPTyq39nLhe0qVBJxmDpM+KQFuG9
+ cjQT5fvrlrY+lv6dedB64EBMYy4kKbIv7N5+
+ r6+sfWlvtKsfXxysLSk2+jLEm5NuLFrOdNas
+ WLVsq741D3YcWt4kM1HCyk3DNF8= )
+FA1T7MKUUV9SD4VDBJQ3GRFK1IDTCKL7.test. 600 IN NSEC3 1 0 10 - FBH6B0LHT9PPQB1P98D228HA1H52L8PO TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ jB/vLrvx4sQQD7J3ZacAAyhcFmIPh7LH3ljw
+ IAIaeLb10oX5q1/nQKYdfq976TMy5sWpBcmd
+ i91WLxd+T/gOSumyP8bC3g+SUoyZ9wxY6A6a
+ MMx1rn0QA9IKrxMqojs9M3urJ8QAeIS+KyAn
+ rbyyJuG+EVm0prqlPZtzUi28WCI= )
+PQQ28M3U2MM08GGFV3JKR76G2H9IUJPC.test. 600 IN NSEC3 1 0 10 - U0UVS2SUP89P2TM3PJO4TC1GPJ2O6519
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ asCOU9OkVWMvUU2IUpwMgdYf0faA04zPbaFf
+ qywYsv3NH01Lky6G3a0WUPAbBm7TAYx/ln8a
+ 559vlpp/gpXEl9CcLrjO6wy5i0ryp8gVHtKJ
+ rQlEc/uw4SY+S5t7FuZc2rNRdAbxVMYuwrvm
+ HBsKDPblre3e06ZZFEmnGFzCgmg= )
+VAKOQ2TPD7S25NFBJT73J3C4OGU10RJ5.test. 600 IN NSEC3 1 0 10 - VNCCJH8JPOLGLAGVMV3FKS09M7RRDU47 TXT RRSIG
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ Pt4tKB1p/jsyLYab9LSt5MF1KTRT18nRTOox
+ q0IACkXkKx7W5xv6nSYXIB+nQzNp1Y1hhoXn
+ 9IFi0liPnIAOp73w4vybhfIdTFiEmHPHT6O9
+ VIx5cSriqBI6Qda8GtfeIb96P8SojbUk5BDI
+ g18iYjviGhQYRgpU3tg1qd7pbcc= )
+VNCCJH8JPOLGLAGVMV3FKS09M7RRDU47.test. 600 IN NSEC3 1 0 10 - 1F3JQ6EANHNHOCMUPQTVNM339VDTR51C
+ 600 RRSIG NSEC3 7 2 600 20110914225156 (
+ 20110815225156 39833 test.
+ ZMZPHawhkuzSV7C7zkgghH/jpw9CQVR1JUXq
+ pAeY2iIIWwNhfuskJaLgtu/5SuKnJtrv6D4N
+ g+lfEkBReia5xO/SCcHv8/hXEPH8vZ4xe1C9
+ 6GVB6ip2hKw2g5HpyF7X18WgwZ0cqPWVg+Q+
+ xRLpXH+53391Wt5rG7qJswn5RLE= )
diff --git a/lib/dns/tests/testdata/diff/zone1.data b/lib/dns/tests/testdata/diff/zone1.data
new file mode 100644
index 0000000..8ddf669
--- /dev/null
+++ b/lib/dns/tests/testdata/diff/zone1.data
@@ -0,0 +1,13 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 0 SOA . . 0 0 0 0 0
+@ 0 NS @
+@ 0 A 1.2.3.4
+remove 0 A 5.6.7.8
diff --git a/lib/dns/tests/testdata/diff/zone2.data b/lib/dns/tests/testdata/diff/zone2.data
new file mode 100644
index 0000000..363af42
--- /dev/null
+++ b/lib/dns/tests/testdata/diff/zone2.data
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 0 SOA . . 0 0 0 0 0
+@ 0 NS @
+@ 0 A 1.2.3.4
+remove 0 A 5.6.7.8
+added 0 A 5.6.7.8
diff --git a/lib/dns/tests/testdata/diff/zone3.data b/lib/dns/tests/testdata/diff/zone3.data
new file mode 100644
index 0000000..ae3a60e
--- /dev/null
+++ b/lib/dns/tests/testdata/diff/zone3.data
@@ -0,0 +1,12 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@ 0 SOA . . 0 0 0 0 0
+@ 0 NS @
+@ 0 A 1.2.3.4
diff --git a/lib/dns/tests/testdata/dnstap/dnstap.saved b/lib/dns/tests/testdata/dnstap/dnstap.saved
new file mode 100644
index 0000000..c657f41
--- /dev/null
+++ b/lib/dns/tests/testdata/dnstap/dnstap.saved
Binary files differ
diff --git a/lib/dns/tests/testdata/dnstap/dnstap.text b/lib/dns/tests/testdata/dnstap/dnstap.text
new file mode 100644
index 0000000..71977e4
--- /dev/null
+++ b/lib/dns/tests/testdata/dnstap/dnstap.text
@@ -0,0 +1,96 @@
+03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 SR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 CR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 AR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 RR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 FR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 UDP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 15:47:16.000 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TQ 10.53.0.1:2112 -> 10.53.0.2:2112 TCP 40b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 UDP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 17:47:16.000 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
+03-Feb-2017 16:47:16.830 TR 10.53.0.1:2112 <- 10.53.0.2:2112 TCP 287b www.isc.org/IN/A
diff --git a/lib/dns/tests/testdata/dnstap/query.auth b/lib/dns/tests/testdata/dnstap/query.auth
new file mode 100644
index 0000000..a14f850
--- /dev/null
+++ b/lib/dns/tests/testdata/dnstap/query.auth
@@ -0,0 +1,4 @@
+# authoritative query, www.isc.org/A
+8d 24 00 20 00 01 00 00 00 00 00 01 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 00 00 29
+10 00 00 00 00 00 00 00
diff --git a/lib/dns/tests/testdata/dnstap/query.recursive b/lib/dns/tests/testdata/dnstap/query.recursive
new file mode 100644
index 0000000..8ee705f
--- /dev/null
+++ b/lib/dns/tests/testdata/dnstap/query.recursive
@@ -0,0 +1,4 @@
+# recursive query for www.isc.org/A
+bf 08 01 20 00 01 00 00 00 00 00 01 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 00 00 29
+10 00 00 00 00 00 00 00
diff --git a/lib/dns/tests/testdata/dnstap/response.auth b/lib/dns/tests/testdata/dnstap/response.auth
new file mode 100644
index 0000000..4d0ea81
--- /dev/null
+++ b/lib/dns/tests/testdata/dnstap/response.auth
@@ -0,0 +1,19 @@
+# authoritative response, www.isc.org/A
+8d 24 84 00 00 01 00 01 00 04 00 07 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 c0 0c 00
+01 00 01 00 00 00 3c 00 04 95 14 40 45 c0 10 00
+02 00 01 00 00 1c 20 00 0d 03 61 6d 73 06 73 6e
+73 2d 70 62 c0 10 c0 10 00 02 00 01 00 00 1c 20
+00 07 04 73 66 62 61 c0 3d c0 10 00 02 00 01 00
+00 1c 20 00 19 02 6e 73 03 69 73 63 0b 61 66 69
+6c 69 61 73 2d 6e 73 74 04 69 6e 66 6f 00 c0 10
+00 02 00 01 00 00 1c 20 00 06 03 6f 72 64 c0 3d
+c0 39 00 01 00 01 00 00 1c 20 00 04 c7 06 01 1e
+c0 39 00 1c 00 01 00 00 1c 20 00 10 20 01 05 00
+00 60 00 00 00 00 00 00 00 00 00 30 c0 8a 00 01
+00 01 00 00 1c 20 00 04 c7 06 00 1e c0 8a 00 1c
+00 01 00 00 1c 20 00 10 20 01 05 00 00 71 00 00
+00 00 00 00 00 00 00 30 c0 52 00 01 00 01 00 00
+1c 20 00 04 95 14 40 03 c0 52 00 1c 00 01 00 00
+1c 20 00 10 20 01 04 f8 00 00 00 02 00 00 00 00
+00 00 00 19 00 00 29 10 00 00 00 00 00 00 00
diff --git a/lib/dns/tests/testdata/dnstap/response.recursive b/lib/dns/tests/testdata/dnstap/response.recursive
new file mode 100644
index 0000000..6e3a3cf
--- /dev/null
+++ b/lib/dns/tests/testdata/dnstap/response.recursive
@@ -0,0 +1,19 @@
+# recursive response, www.isc.org/A
+bf 08 81 a0 00 01 00 01 00 04 00 07 03 77 77 77
+03 69 73 63 03 6f 72 67 00 00 01 00 01 c0 0c 00
+01 00 01 00 00 00 15 00 04 95 14 40 45 c0 10 00
+02 00 01 00 00 1b a6 00 0e 04 73 66 62 61 06 73
+6e 73 2d 70 62 c0 10 c0 10 00 02 00 01 00 00 1b
+a6 00 06 03 6f 72 64 c0 3e c0 10 00 02 00 01 00
+00 1b a6 00 19 02 6e 73 03 69 73 63 0b 61 66 69
+6c 69 61 73 2d 6e 73 74 04 69 6e 66 6f 00 c0 10
+00 02 00 01 00 00 1b a6 00 06 03 61 6d 73 c0 3e
+c0 8a 00 01 00 01 00 00 b1 d5 00 04 c7 06 01 1e
+c0 8a 00 1c 00 01 00 00 b1 d5 00 10 20 01 05 00
+00 60 00 00 00 00 00 00 00 00 00 30 c0 53 00 01
+00 01 00 00 b1 d5 00 04 c7 06 00 1e c0 53 00 1c
+00 01 00 00 b1 d5 00 10 20 01 05 00 00 71 00 00
+00 00 00 00 00 00 00 30 c0 39 00 01 00 01 00 00
+b1 d5 00 04 95 14 40 03 c0 39 00 1c 00 01 00 00
+b1 d5 00 10 20 01 04 f8 00 00 00 02 00 00 00 00
+00 00 00 19 00 00 29 10 00 00 00 00 00 00 00
diff --git a/lib/dns/tests/testdata/dst/Ktest.+008+11349.key b/lib/dns/tests/testdata/dst/Ktest.+008+11349.key
new file mode 100644
index 0000000..a1bd768
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/Ktest.+008+11349.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 11349, for test.
+; Created: 20181025090713 (Thu Oct 25 11:07:13 2018)
+; Publish: 20181025090713 (Thu Oct 25 11:07:13 2018)
+; Activate: 20181025090713 (Thu Oct 25 11:07:13 2018)
+test. IN DNSKEY 256 3 8 AwEAAdqPwPScyURzeCUzEadKNYgQW50LPDV/ir9nWIbiSn2yMkymxiby BQH+Hk1neE9qa9X4XaEnKf5YZx7o14rRikmOb2lomtOkI9ovh1K/SvLO Zd1E3e61F29g1eCq52mMY3xAdEcBNqEq+6mgEwGmwl83+mAh5anxXNHa 2rcfdG+L
diff --git a/lib/dns/tests/testdata/dst/Ktest.+008+11349.private b/lib/dns/tests/testdata/dst/Ktest.+008+11349.private
new file mode 100644
index 0000000..5dfef79
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/Ktest.+008+11349.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: 2o/A9JzJRHN4JTMRp0o1iBBbnQs8NX+Kv2dYhuJKfbIyTKbGJvIFAf4eTWd4T2pr1fhdoScp/lhnHujXitGKSY5vaWia06Qj2i+HUr9K8s5l3UTd7rUXb2DV4KrnaYxjfEB0RwE2oSr7qaATAabCXzf6YCHlqfFc0dratx90b4s=
+PublicExponent: AQAB
+PrivateExponent: a4qmX/YxlmvWpz8spYr/MhcSbQCVPKGoLKv2RFBeZODknRDGmW0mh6d5U47hBPqRWvRdZak2oX7wJqZdQGIAT25bC09rLNMctfxXKtzwSaXFjXZGHGv+bDHcqIltvIYmRbb0pK/LinFaLZqfpVe0WOfKuT9BT03BlwSZV8GKgZE=
+Prime1: 8oZLQoVpIqsiQw7bX5pTm/O0gEUnEzNOVEoLGsfIl68Lz/1CBm9ypTp8QOB0B9IpnH8vOS+NJM1az1d0RhqKow==
+Prime2: 5rSbE6duWIb90uICkAUJn4OztHX0fkd9GKNYdsHVReFBH2poXGojVGkW6i/IaYl4NEXXr5Z89dWtR+RNH2Z9+Q==
+Exponent1: 2IcuCmYyR9Gi9Vv+YIzYuRQMw7j5+hqEhJzW7UIRxdtzIG9s03INWZet9/5tmc35eM/Uyam6ynDN8vCRz0VDIQ==
+Exponent2: vKcdVKIKWrvwXXzRaaGk79rLnZsDFiwxQG96TIpOczkyfpUNx9xHDaRtx4zRTnPKZrxiFkRx5LkZXHt1EWNHSQ==
+Coefficient: pb9dFRZA2IRXDCGCM1ikp+QCs72wNn3hgURZLRLmtcBbQcYhP/dcp80SpInviwJPNRcKrfxninqygEARzfHtqQ==
+Created: 20181025090713
+Publish: 20181025090713
+Activate: 20181025090713
diff --git a/lib/dns/tests/testdata/dst/Ktest.+013+49130.key b/lib/dns/tests/testdata/dst/Ktest.+013+49130.key
new file mode 100644
index 0000000..e3ff931
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/Ktest.+013+49130.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 49130, for test.
+; Created: 20181025090718 (Thu Oct 25 11:07:18 2018)
+; Publish: 20181025090718 (Thu Oct 25 11:07:18 2018)
+; Activate: 20181025090718 (Thu Oct 25 11:07:18 2018)
+test. IN DNSKEY 256 3 13 uP04fwB/DuBBqdjPLseIoFT7vgtP8Lr/be1NhRBvibwQ+Hr+3GQhIKIK XbamgOUxXJ9JDjWFAT2KXw0V3sAN9w==
diff --git a/lib/dns/tests/testdata/dst/Ktest.+013+49130.private b/lib/dns/tests/testdata/dst/Ktest.+013+49130.private
new file mode 100644
index 0000000..754d9f9
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/Ktest.+013+49130.private
@@ -0,0 +1,6 @@
+Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: feGDRABRCbcsCqssKK5B5518y95smrv/cJnz2pa/UVA=
+Created: 20181025090718
+Publish: 20181025090718
+Activate: 20181025090718
diff --git a/lib/dns/tests/testdata/dst/test1.data b/lib/dns/tests/testdata/dst/test1.data
new file mode 100644
index 0000000..cf84e9f
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/test1.data
@@ -0,0 +1,3077 @@
+Network Working Group P. Mockapetris
+Request for Comments: 1035 ISI
+ November 1987
+Obsoletes: RFCs 882, 883, 973
+
+ DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
+
+
+1. STATUS OF THIS MEMO
+
+This RFC describes the details of the domain system and protocol, and
+assumes that the reader is familiar with the concepts discussed in a
+companion RFC, "Domain Names - Concepts and Facilities" [RFC-1034].
+
+The domain system is a mixture of functions and data types which are an
+official protocol and functions and data types which are still
+experimental. Since the domain system is intentionally extensible, new
+data types and experimental behavior should always be expected in parts
+of the system beyond the official protocol. The official protocol parts
+include standard queries, responses and the Internet class RR data
+formats (e.g., host addresses). Since the previous RFC set, several
+definitions have changed, so some previous definitions are obsolete.
+
+Experimental or obsolete features are clearly marked in these RFCs, and
+such information should be used with caution.
+
+The reader is especially cautioned not to depend on the values which
+appear in examples to be current or complete, since their purpose is
+primarily pedagogical. Distribution of this memo is unlimited.
+
+ Table of Contents
+
+ 1. STATUS OF THIS MEMO 1
+ 2. INTRODUCTION 3
+ 2.1. Overview 3
+ 2.2. Common configurations 4
+ 2.3. Conventions 7
+ 2.3.1. Preferred name syntax 7
+ 2.3.2. Data Transmission Order 8
+ 2.3.3. Character Case 9
+ 2.3.4. Size limits 10
+ 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10
+ 3.1. Name space definitions 10
+ 3.2. RR definitions 11
+ 3.2.1. Format 11
+ 3.2.2. TYPE values 12
+ 3.2.3. QTYPE values 12
+ 3.2.4. CLASS values 13
+
+
+
+Mockapetris [Page 1]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 3.2.5. QCLASS values 13
+ 3.3. Standard RRs 13
+ 3.3.1. CNAME RDATA format 14
+ 3.3.2. HINFO RDATA format 14
+ 3.3.3. MB RDATA format (EXPERIMENTAL) 14
+ 3.3.4. MD RDATA format (Obsolete) 15
+ 3.3.5. MF RDATA format (Obsolete) 15
+ 3.3.6. MG RDATA format (EXPERIMENTAL) 16
+ 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16
+ 3.3.8. MR RDATA format (EXPERIMENTAL) 17
+ 3.3.9. MX RDATA format 17
+ 3.3.10. NULL RDATA format (EXPERIMENTAL) 17
+ 3.3.11. NS RDATA format 18
+ 3.3.12. PTR RDATA format 18
+ 3.3.13. SOA RDATA format 19
+ 3.3.14. TXT RDATA format 20
+ 3.4. ARPA Internet specific RRs 20
+ 3.4.1. A RDATA format 20
+ 3.4.2. WKS RDATA format 21
+ 3.5. IN-ADDR.ARPA domain 22
+ 3.6. Defining new types, classes, and special namespaces 24
+ 4. MESSAGES 25
+ 4.1. Format 25
+ 4.1.1. Header section format 26
+ 4.1.2. Question section format 28
+ 4.1.3. Resource record format 29
+ 4.1.4. Message compression 30
+ 4.2. Transport 32
+ 4.2.1. UDP usage 32
+ 4.2.2. TCP usage 32
+ 5. MASTER FILES 33
+ 5.1. Format 33
+ 5.2. Use of master files to define zones 35
+ 5.3. Master file example 36
+ 6. NAME SERVER IMPLEMENTATION 37
+ 6.1. Architecture 37
+ 6.1.1. Control 37
+ 6.1.2. Database 37
+ 6.1.3. Time 39
+ 6.2. Standard query processing 39
+ 6.3. Zone refresh and reload processing 39
+ 6.4. Inverse queries (Optional) 40
+ 6.4.1. The contents of inverse queries and responses 40
+ 6.4.2. Inverse query and response example 41
+ 6.4.3. Inverse query processing 42
+
+
+
+
+
+
+Mockapetris [Page 2]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 6.5. Completion queries and responses 42
+ 7. RESOLVER IMPLEMENTATION 43
+ 7.1. Transforming a user request into a query 43
+ 7.2. Sending the queries 44
+ 7.3. Processing responses 46
+ 7.4. Using the cache 47
+ 8. MAIL SUPPORT 47
+ 8.1. Mail exchange binding 48
+ 8.2. Mailbox binding (Experimental) 48
+ 9. REFERENCES and BIBLIOGRAPHY 50
+ Index 54
+
+2. INTRODUCTION
+
+2.1. Overview
+
+The goal of domain names is to provide a mechanism for naming resources
+in such a way that the names are usable in different hosts, networks,
+protocol families, internets, and administrative organizations.
+
+From the user's point of view, domain names are useful as arguments to a
+local agent, called a resolver, which retrieves information associated
+with the domain name. Thus a user might ask for the host address or
+mail information associated with a particular domain name. To enable
+the user to request a particular type of information, an appropriate
+query type is passed to the resolver with the domain name. To the user,
+the domain tree is a single information space; the resolver is
+responsible for hiding the distribution of data among name servers from
+the user.
+
+From the resolver's point of view, the database that makes up the domain
+space is distributed among various name servers. Different parts of the
+domain space are stored in different name servers, although a particular
+data item will be stored redundantly in two or more name servers. The
+resolver starts with knowledge of at least one name server. When the
+resolver processes a user query it asks a known name server for the
+information; in return, the resolver either receives the desired
+information or a referral to another name server. Using these
+referrals, resolvers learn the identities and contents of other name
+servers. Resolvers are responsible for dealing with the distribution of
+the domain space and dealing with the effects of name server failure by
+consulting redundant databases in other servers.
+
+Name servers manage two kinds of data. The first kind of data held in
+sets called zones; each zone is the complete database for a particular
+"pruned" subtree of the domain space. This data is called
+authoritative. A name server periodically checks to make sure that its
+zones are up to date, and if not, obtains a new copy of updated zones
+
+
+
+Mockapetris [Page 3]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+from master files stored locally or in another name server. The second
+kind of data is cached data which was acquired by a local resolver.
+This data may be incomplete, but improves the performance of the
+retrieval process when non-local data is repeatedly accessed. Cached
+data is eventually discarded by a timeout mechanism.
+
+This functional structure isolates the problems of user interface,
+failure recovery, and distribution in the resolvers and isolates the
+database update and refresh problems in the name servers.
+
+2.2. Common configurations
+
+A host can participate in the domain name system in a number of ways,
+depending on whether the host runs programs that retrieve information
+from the domain system, name servers that answer queries from other
+hosts, or various combinations of both functions. The simplest, and
+perhaps most typical, configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | cache | |
+ +----------+ |
+
+User programs interact with the domain name space through resolvers; the
+format of user queries and user responses is specific to the host and
+its operating system. User queries will typically be operating system
+calls, and the resolver and its cache will be part of the host operating
+system. Less capable hosts may choose to implement the resolver as a
+subroutine to be linked in with every program that needs its services.
+Resolvers answer user queries with information they acquire via queries
+to foreign name servers and the local cache.
+
+Note that the resolver may have to make several queries to several
+different foreign name servers to answer a particular user query, and
+hence the resolution of a user query may involve several network
+accesses and an arbitrary amount of time. The queries to foreign name
+servers and the corresponding responses have a standard format described
+
+
+
+Mockapetris [Page 4]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in this memo, and may be datagrams.
+
+Depending on its capabilities, a name server could be a stand alone
+program on a dedicated machine or a process or processes on a large
+timeshared host. A simple configuration might be:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+
+Here a primary name server acquires information about one or more zones
+by reading master files from its local file system, and answers queries
+about those zones that arrive from foreign resolvers.
+
+The DNS requires that all zones be redundantly supported by more than
+one name server. Designated secondary servers can acquire zones and
+check for updates from the primary server using the zone transfer
+protocol of the DNS. This configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+In this configuration, the name server periodically establishes a
+virtual circuit to a foreign name server to acquire a copy of a zone or
+to check that an existing copy has not changed. The messages sent for
+
+
+
+Mockapetris [Page 5]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+these maintenance activities follow the same form as queries and
+responses, but the message sequences are somewhat different.
+
+The information flow in a host that supports all aspects of the domain
+name system is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | Shared | |
+ | database | |
+ +----------+ |
+ A | |
+ +---------+ refreshes | | references |
+ / /| | V |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+The shared database holds domain space data for the local name server
+and resolver. The contents of the shared database will typically be a
+mixture of authoritative data maintained by the periodic refresh
+operations of the name server and cached data from previous resolver
+requests. The structure of the domain data and the necessity for
+synchronization between name servers and resolvers imply the general
+characteristics of this database, but the actual format is up to the
+local implementor.
+
+
+
+
+Mockapetris [Page 6]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Information flow can also be tailored so that a group of hosts act
+together to optimize activities. Sometimes this is done to offload less
+capable hosts so that they do not have to implement a full resolver.
+This can be appropriate for PCs or hosts which want to minimize the
+amount of new network code which is required. This scheme can also
+allow a group of hosts can share a small number of caches rather than
+maintaining a large number of separate caches, on the premise that the
+centralized caches will have a higher hit ratio. In either case,
+resolvers are replaced with stub resolvers which act as front ends to
+resolvers located in a recursive server in one or more name servers
+known to perform that service:
+
+ Local Hosts | Foreign
+ |
+ +---------+ |
+ | | responses |
+ | Stub |<--------------------+ |
+ | Resolver| | |
+ | |----------------+ | |
+ +---------+ recursive | | |
+ queries | | |
+ V | |
+ +---------+ recursive +----------+ | +--------+
+ | | queries | |queries | | |
+ | Stub |-------------->| Recursive|---------|->|Foreign |
+ | Resolver| | Server | | | Name |
+ | |<--------------| |<--------|--| Server |
+ +---------+ responses | |responses| | |
+ +----------+ | +--------+
+ | Central | |
+ | cache | |
+ +----------+ |
+
+In any case, note that domain components are always replicated for
+reliability whenever possible.
+
+2.3. Conventions
+
+The domain system has several conventions dealing with low-level, but
+fundamental, issues. While the implementor is free to violate these
+conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in
+ALL behavior observed from other hosts.
+
+2.3.1. Preferred name syntax
+
+The DNS specifications attempt to be as general as possible in the rules
+for constructing domain names. The idea is that the name of any
+existing object can be expressed as a domain name with minimal changes.
+
+
+
+Mockapetris [Page 7]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+However, when assigning a domain name for an object, the prudent user
+will select a name which satisfies both the rules of the domain system
+and any existing rules for the object, whether these rules are published
+or implied by existing programs.
+
+For example, when naming a mail domain, the user should satisfy both the
+rules of this memo and those in RFC-822. When creating a new host name,
+the old rules for HOSTS.TXT should be followed. This avoids problems
+when old software is converted to use domain names.
+
+The following syntax will result in fewer problems with many
+
+applications that use domain names (e.g., mail, TELNET).
+
+<domain> ::= <subdomain> | " "
+
+<subdomain> ::= <label> | <subdomain> "." <label>
+
+<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
+
+<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+
+<let-dig-hyp> ::= <let-dig> | "-"
+
+<let-dig> ::= <letter> | <digit>
+
+<letter> ::= any one of the 52 alphabetic characters A through Z in
+upper case and a through z in lower case
+
+<digit> ::= any one of the ten digits 0 through 9
+
+Note that while upper and lower case letters are allowed in domain
+names, no significance is attached to the case. That is, two names with
+the same spelling but different case are to be treated as if identical.
+
+The labels must follow the rules for ARPANET host names. They must
+start with a letter, end with a letter or digit, and have as interior
+characters only letters, digits, and hyphen. There are also some
+restrictions on the length. Labels must be 63 characters or less.
+
+For example, the following strings identify hosts in the Internet:
+
+A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA
+
+2.3.2. Data Transmission Order
+
+The order of transmission of the header and data described in this
+document is resolved to the octet level. Whenever a diagram shows a
+
+
+
+Mockapetris [Page 8]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+group of octets, the order of transmission of those octets is the normal
+order in which they are read in English. For example, in the following
+diagram, the octets are transmitted in the order they are numbered.
+
+ 0 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 1 | 2 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 3 | 4 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 5 | 6 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+Whenever an octet represents a numeric quantity, the left most bit in
+the diagram is the high order or most significant bit. That is, the bit
+labeled 0 is the most significant bit. For example, the following
+diagram represents the value 170 (decimal).
+
+ 0 1 2 3 4 5 6 7
+ +-+-+-+-+-+-+-+-+
+ |1 0 1 0 1 0 1 0|
+ +-+-+-+-+-+-+-+-+
+
+Similarly, whenever a multi-octet field represents a numeric quantity
+the left most bit of the whole field is the most significant bit. When
+a multi-octet quantity is transmitted the most significant octet is
+transmitted first.
+
+2.3.3. Character Case
+
+For all parts of the DNS that are part of the official protocol, all
+comparisons between character strings (e.g., labels, domain names, etc.)
+are done in a case-insensitive manner. At present, this rule is in
+force throughout the domain system without exception. However, future
+additions beyond current usage may need to use the full binary octet
+capabilities in names, so attempts to store domain names in 7-bit ASCII
+or use of special bytes to terminate labels, etc., should be avoided.
+
+When data enters the domain system, its original case should be
+preserved whenever possible. In certain circumstances this cannot be
+done. For example, if two RRs are stored in a database, one at x.y and
+one at X.Y, they are actually stored at the same place in the database,
+and hence only one casing would be preserved. The basic rule is that
+case can be discarded only when data is used to define structure in a
+database, and two names are identical when compared in a case
+insensitive manner.
+
+
+
+
+Mockapetris [Page 9]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Loss of case sensitive data must be minimized. Thus while data for x.y
+and X.Y may both be stored under a single location x.y or X.Y, data for
+a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In
+general, this preserves the case of the first label of a domain name,
+but forces standardization of interior node labels.
+
+Systems administrators who enter data into the domain database should
+take care to represent the data they supply to the domain system in a
+case-consistent manner if their system is case-sensitive. The data
+distribution system in the domain system will ensure that consistent
+representations are preserved.
+
+2.3.4. Size limits
+
+Various objects and parameters in the DNS have size limits. They are
+listed below. Some could be easily changed, others are more
+fundamental.
+
+labels 63 octets or less
+
+names 255 octets or less
+
+TTL positive values of a signed 32 bit number.
+
+UDP messages 512 octets or less
+
+3. DOMAIN NAME SPACE AND RR DEFINITIONS
+
+3.1. Name space definitions
+
+Domain names in messages are expressed in terms of a sequence of labels.
+Each label is represented as a one octet length field followed by that
+number of octets. Since every domain name ends with the null label of
+the root, a domain name is terminated by a length byte of zero. The
+high order two bits of every length octet must be zero, and the
+remaining six bits of the length field limit the label to 63 octets or
+less.
+
+To simplify implementations, the total length of a domain name (i.e.,
+label octets and label length octets) is restricted to 255 octets or
+less.
+
+Although labels can contain any 8 bit values in octets that make up a
+label, it is strongly recommended that labels follow the preferred
+syntax described elsewhere in this memo, which is compatible with
+existing host naming conventions. Name servers and resolvers must
+compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII
+with zero parity. Non-alphabetic codes must match exactly.
+
+
+
+Mockapetris [Page 10]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.2. RR definitions
+
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+
+where:
+
+NAME an owner name, i.e., the name of the node to which this
+ resource record pertains.
+
+TYPE two octets containing one of the RR TYPE codes.
+
+CLASS two octets containing one of the RR CLASS codes.
+
+TTL a 32 bit signed integer that specifies the time interval
+ that the resource record may be cached before the source
+ of the information should again be consulted. Zero
+ values are interpreted to mean that the RR can only be
+ used for the transaction in progress, and should not be
+ cached. For example, SOA records are always distributed
+ with a zero TTL to prohibit caching. Zero values can
+ also be used for extremely volatile data.
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+
+
+Mockapetris [Page 11]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+
+3.2.2. TYPE values
+
+TYPE fields are used in resource records. Note that these types are a
+subset of QTYPEs.
+
+TYPE value and meaning
+
+A 1 a host address
+
+NS 2 an authoritative name server
+
+MD 3 a mail destination (Obsolete - use MX)
+
+MF 4 a mail forwarder (Obsolete - use MX)
+
+CNAME 5 the canonical name for an alias
+
+SOA 6 marks the start of a zone of authority
+
+MB 7 a mailbox domain name (EXPERIMENTAL)
+
+MG 8 a mail group member (EXPERIMENTAL)
+
+MR 9 a mail rename domain name (EXPERIMENTAL)
+
+NULL 10 a null RR (EXPERIMENTAL)
+
+WKS 11 a well known service description
+
+PTR 12 a domain name pointer
+
+HINFO 13 host information
+
+MINFO 14 mailbox or mail list information
+
+MX 15 mail exchange
+
+TXT 16 text strings
+
+3.2.3. QTYPE values
+
+QTYPE fields appear in the question part of a query. QTYPES are a
+superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
+following QTYPEs are defined:
+
+
+
+Mockapetris [Page 12]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+AXFR 252 A request for a transfer of an entire zone
+
+MAILB 253 A request for mailbox-related records (MB, MG or MR)
+
+MAILA 254 A request for mail agent RRs (Obsolete - see MX)
+
+* 255 A request for all records
+
+3.2.4. CLASS values
+
+CLASS fields appear in resource records. The following CLASS mnemonics
+and values are defined:
+
+IN 1 the Internet
+
+CS 2 the CSNET class (Obsolete - used only for examples in
+ some obsolete RFCs)
+
+CH 3 the CHAOS class
+
+HS 4 Hesiod [Dyer 87]
+
+3.2.5. QCLASS values
+
+QCLASS fields appear in the question section of a query. QCLASS values
+are a superset of CLASS values; every CLASS is a valid QCLASS. In
+addition to CLASS values, the following QCLASSes are defined:
+
+* 255 any class
+
+3.3. Standard RRs
+
+The following RR definitions are expected to occur, at least
+potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
+will be used in all classes, and have the same format in all classes.
+Because their RDATA format is known, all domain names in the RDATA
+section of these RRs may be compressed.
+
+<domain-name> is a domain name represented as a series of labels, and
+terminated by a label with zero length. <character-string> is a single
+length octet followed by that number of characters. <character-string>
+is treated as binary information, and can be up to 256 characters in
+length (including the length octet).
+
+
+
+
+
+
+
+
+Mockapetris [Page 13]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.1. CNAME RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CNAME A <domain-name> which specifies the canonical or primary
+ name for the owner. The owner name is an alias.
+
+CNAME RRs cause no additional section processing, but name servers may
+choose to restart the query at the canonical name in certain cases. See
+the description of name server logic in [RFC-1034] for details.
+
+3.3.2. HINFO RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CPU /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / OS /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CPU A <character-string> which specifies the CPU type.
+
+OS A <character-string> which specifies the operating
+ system type.
+
+Standard values for CPU and OS can be found in [RFC-1010].
+
+HINFO records are used to acquire general information about a host. The
+main use is for protocols such as FTP that can use special procedures
+when talking between machines or operating systems of the same type.
+
+3.3.3. MB RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has the
+ specified mailbox.
+
+
+
+Mockapetris [Page 14]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MB records cause additional section processing which looks up an A type
+RRs corresponding to MADNAME.
+
+3.3.4. MD RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which should be able to deliver
+ mail for the domain.
+
+MD records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MD is obsolete. See the definition of MX and [RFC-974] for details of
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 0.
+
+3.3.5. MF RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which will accept mail for
+ forwarding to the domain.
+
+MF records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MF is obsolete. See the definition of MX and [RFC-974] for details ofw
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 10.
+
+
+
+
+
+
+
+Mockapetris [Page 15]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.6. MG RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MGMNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MGMNAME A <domain-name> which specifies a mailbox which is a
+ member of the mail group specified by the domain name.
+
+MG records cause no additional section processing.
+
+3.3.7. MINFO RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+RMAILBX A <domain-name> which specifies a mailbox which is
+ responsible for the mailing list or mailbox. If this
+ domain name names the root, the owner of the MINFO RR is
+ responsible for itself. Note that many existing mailing
+ lists use a mailbox X-request for the RMAILBX field of
+ mailing list X, e.g., Msgroup-request for Msgroup. This
+ field provides a more general mechanism.
+
+
+EMAILBX A <domain-name> which specifies a mailbox which is to
+ receive error messages related to the mailing list or
+ mailbox specified by the owner of the MINFO RR (similar
+ to the ERRORS-TO: field which has been proposed). If
+ this domain name names the root, errors should be
+ returned to the sender of the message.
+
+MINFO records cause no additional section processing. Although these
+records can be associated with a simple mailbox, they are usually used
+with a mailing list.
+
+
+
+
+
+
+
+
+Mockapetris [Page 16]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.8. MR RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NEWNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NEWNAME A <domain-name> which specifies a mailbox which is the
+ proper rename of the specified mailbox.
+
+MR records cause no additional section processing. The main use for MR
+is as a forwarding entry for a user who has moved to a different
+mailbox.
+
+3.3.9. MX RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PREFERENCE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EXCHANGE /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PREFERENCE A 16 bit integer which specifies the preference given to
+ this RR among others at the same owner. Lower values
+ are preferred.
+
+EXCHANGE A <domain-name> which specifies a host willing to act as
+ a mail exchange for the owner name.
+
+MX records cause type A additional section processing for the host
+specified by EXCHANGE. The use of MX RRs is explained in detail in
+[RFC-974].
+
+3.3.10. NULL RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / <anything> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+Anything at all may be in the RDATA field so long as it is 65535 octets
+or less.
+
+
+
+
+Mockapetris [Page 17]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+NULL records cause no additional section processing. NULL RRs are not
+allowed in master files. NULLs are used as placeholders in some
+experimental extensions of the DNS.
+
+3.3.11. NS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NSDNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NSDNAME A <domain-name> which specifies a host which should be
+ authoritative for the specified class and domain.
+
+NS records cause both the usual additional section processing to locate
+a type A record, and, when used in a referral, a special search of the
+zone in which they reside for glue information.
+
+The NS RR states that the named host should be expected to have a zone
+starting at owner name of the specified class. Note that the class may
+not indicate the protocol family which should be used to communicate
+with the host, although it is typically a strong hint. For example,
+hosts which are name servers for either Internet (IN) or Hesiod (HS)
+class information are normally queried using IN class protocols.
+
+3.3.12. PTR RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / PTRDNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PTRDNAME A <domain-name> which points to some location in the
+ domain name space.
+
+PTR records cause no additional section processing. These RRs are used
+in special domains to point to some other location in the domain space.
+These records are simple data, and don't imply any special processing
+similar to that performed by CNAME, which identifies aliases. See the
+description of the IN-ADDR.ARPA domain for an example.
+
+
+
+
+
+
+
+
+Mockapetris [Page 18]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.13. SOA RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | SERIAL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | REFRESH |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RETRY |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | EXPIRE |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | MINIMUM |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MNAME The <domain-name> of the name server that was the
+ original or primary source of data for this zone.
+
+RNAME A <domain-name> which specifies the mailbox of the
+ person responsible for this zone.
+
+SERIAL The unsigned 32 bit version number of the original copy
+ of the zone. Zone transfers preserve this value. This
+ value wraps and should be compared using sequence space
+ arithmetic.
+
+REFRESH A 32 bit time interval before the zone should be
+ refreshed.
+
+RETRY A 32 bit time interval that should elapse before a
+ failed refresh should be retried.
+
+EXPIRE A 32 bit time value that specifies the upper limit on
+ the time interval that can elapse before the zone is no
+ longer authoritative.
+
+
+
+
+
+Mockapetris [Page 19]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MINIMUM The unsigned 32 bit minimum TTL field that should be
+ exported with any RR from this zone.
+
+SOA records cause no additional section processing.
+
+All times are in units of seconds.
+
+Most of these fields are pertinent only for name server maintenance
+operations. However, MINIMUM is used in all query operations that
+retrieve RRs from a zone. Whenever a RR is sent in a response to a
+query, the TTL field is set to the maximum of the TTL field from the RR
+and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower
+bound on the TTL field for all RRs in a zone. Note that this use of
+MINIMUM should occur when the RRs are copied into the response and not
+when the zone is loaded from a master file or via a zone transfer. The
+reason for this provison is to allow future dynamic update facilities to
+change the SOA RR with known semantics.
+
+
+3.3.14. TXT RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / TXT-DATA /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+TXT-DATA One or more <character-string>s.
+
+TXT RRs are used to hold descriptive text. The semantics of the text
+depends on the domain where it is found.
+
+3.4. Internet specific RRs
+
+3.4.1. A RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS A 32 bit Internet address.
+
+Hosts that have multiple Internet addresses will have multiple A
+records.
+
+
+
+
+
+Mockapetris [Page 20]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+A records cause no additional section processing. The RDATA section of
+an A line in a master file is an Internet address expressed as four
+decimal numbers separated by dots without any embedded spaces (e.g.,
+"10.2.0.52" or "192.0.5.6").
+
+3.4.2. WKS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PROTOCOL | |
+ +--+--+--+--+--+--+--+--+ |
+ | |
+ / <BIT MAP> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS An 32 bit Internet address
+
+PROTOCOL An 8 bit IP protocol number
+
+<BIT MAP> A variable length bit map. The bit map must be a
+ multiple of 8 bits long.
+
+The WKS record is used to describe the well known services supported by
+a particular protocol on a particular internet address. The PROTOCOL
+field specifies an IP protocol number, and the bit map has one bit per
+port of the specified protocol. The first bit corresponds to port 0,
+the second to port 1, etc. If the bit map does not include a bit for a
+protocol of interest, that bit is assumed zero. The appropriate values
+and mnemonics for ports and protocols are specified in [RFC-1010].
+
+For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port
+25 (SMTP). If this bit is set, a SMTP server should be listening on TCP
+port 25; if zero, SMTP service is not supported on the specified
+address.
+
+The purpose of WKS RRs is to provide availability information for
+servers for TCP and UDP. If a server supports both TCP and UDP, or has
+multiple Internet addresses, then multiple WKS RRs are used.
+
+WKS RRs cause no additional section processing.
+
+In master files, both ports and protocols are expressed using mnemonics
+or decimal numbers.
+
+
+
+
+Mockapetris [Page 21]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.5. IN-ADDR.ARPA domain
+
+The Internet uses a special domain to support gateway location and
+Internet address to host mapping. Other classes may employ a similar
+strategy in other domains. The intent of this domain is to provide a
+guaranteed method to perform host address to host name mapping, and to
+facilitate queries to locate all gateways on a particular network in the
+Internet.
+
+Note that both of these services are similar to functions that could be
+performed by inverse queries; the difference is that this part of the
+domain name space is structured according to address, and hence can
+guarantee that the appropriate data can be located without an exhaustive
+search of the domain space.
+
+The domain begins at IN-ADDR.ARPA and has a substructure which follows
+the Internet addressing structure.
+
+Domain names in the IN-ADDR.ARPA domain are defined to have up to four
+labels in addition to the IN-ADDR.ARPA suffix. Each label represents
+one octet of an Internet address, and is expressed as a character string
+for a decimal value in the range 0-255 (with leading zeros omitted
+except in the case of a zero octet which is represented by a single
+zero).
+
+Host addresses are represented by domain names that have all four labels
+specified. Thus data for Internet address 10.2.0.52 is located at
+domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to
+read, allows zones to be delegated which are exactly one network of
+address space. For example, 10.IN-ADDR.ARPA can be a zone containing
+data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for
+MILNET. Address nodes are used to hold pointers to primary host names
+in the normal domain space.
+
+Network numbers correspond to some non-terminal nodes at various depths
+in the IN-ADDR.ARPA domain, since Internet network numbers are either 1,
+2, or 3 octets. Network nodes are used to hold pointers to the primary
+host names of gateways attached to that network. Since a gateway is, by
+definition, on more than one network, it will typically have two or more
+network nodes which point at it. Gateways will also have host level
+pointers at their fully qualified addresses.
+
+Both the gateway pointers at network nodes and the normal host pointers
+at full address nodes use the PTR RR to point back to the primary domain
+names of the corresponding hosts.
+
+For example, the IN-ADDR.ARPA domain will contain information about the
+ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's
+
+
+
+Mockapetris [Page 22]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI
+gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET-
+GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4
+and a name GW.LCS.MIT.EDU, the domain database would contain:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU.
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Thus a program which wanted to locate gateways on net 10 would originate
+a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It
+would receive two RRs in response:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+
+The program could then originate QTYPE=A, QCLASS=IN queries for MILNET-
+GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of
+these gateways.
+
+A resolver which wanted to find the host name corresponding to Internet
+host address 10.0.0.6 would pursue a query of the form QTYPE=PTR,
+QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive:
+
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Several cautions apply to the use of these services:
+ - Since the IN-ADDR.ARPA special domain and the normal domain
+ for a particular host or gateway will be in different zones,
+ the possibility exists that that the data may be inconsistent.
+
+ - Gateways will often have two names in separate domains, only
+ one of which can be primary.
+
+ - Systems that use the domain database to initialize their
+ routing tables must start with enough gateway information to
+ guarantee that they can access the appropriate name server.
+
+ - The gateway data only reflects the existence of a gateway in a
+ manner equivalent to the current HOSTS.TXT file. It doesn't
+ replace the dynamic availability information from GGP or EGP.
+
+
+
+Mockapetris [Page 23]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.6. Defining new types, classes, and special namespaces
+
+The previously defined types and classes are the ones in use as of the
+date of this memo. New definitions should be expected. This section
+makes some recommendations to designers considering additions to the
+existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the
+forum where general discussion of design issues takes place.
+
+In general, a new type is appropriate when new information is to be
+added to the database about an existing object, or we need new data
+formats for some totally new object. Designers should attempt to define
+types and their RDATA formats that are generally applicable to all
+classes, and which avoid duplication of information. New classes are
+appropriate when the DNS is to be used for a new protocol, etc which
+requires new class-specific data formats, or when a copy of the existing
+name space is desired, but a separate management domain is necessary.
+
+New types and classes need mnemonics for master files; the format of the
+master files requires that the mnemonics for type and class be disjoint.
+
+TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes
+respectively.
+
+The present system uses multiple RRs to represent multiple values of a
+type rather than storing multiple values in the RDATA section of a
+single RR. This is less efficient for most applications, but does keep
+RRs shorter. The multiple RRs assumption is incorporated in some
+experimental work on dynamic update methods.
+
+The present system attempts to minimize the duplication of data in the
+database in order to insure consistency. Thus, in order to find the
+address of the host for a mail exchange, you map the mail domain name to
+a host name, then the host name to addresses, rather than a direct
+mapping to host address. This approach is preferred because it avoids
+the opportunity for inconsistency.
+
+In defining a new type of data, multiple RR types should not be used to
+create an ordering between entries or express different formats for
+equivalent bindings, instead this information should be carried in the
+body of the RR and a single type used. This policy avoids problems with
+caching multiple types and defining QTYPEs to match multiple types.
+
+For example, the original form of mail exchange binding used two RR
+types one to represent a "closer" exchange (MD) and one to represent a
+"less close" exchange (MF). The difficulty is that the presence of one
+RR type in a cache doesn't convey any information about the other
+because the query which acquired the cached information might have used
+a QTYPE of MF, MD, or MAILA (which matched both). The redesigned
+
+
+
+Mockapetris [Page 24]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+service used a single type (MX) with a "preference" value in the RDATA
+section which can order different RRs. However, if any MX RRs are found
+in the cache, then all should be there.
+
+4. MESSAGES
+
+4.1. Format
+
+All communications inside of the domain protocol are carried in a single
+format called a message. The top level format of message is divided
+into 5 sections (some of which are empty in certain cases) shown below:
+
+ +---------------------+
+ | Header |
+ +---------------------+
+ | Question | the question for the name server
+ +---------------------+
+ | Answer | RRs answering the question
+ +---------------------+
+ | Authority | RRs pointing toward an authority
+ +---------------------+
+ | Additional | RRs holding additional information
+ +---------------------+
+
+The header section is always present. The header includes fields that
+specify which of the remaining sections are present, and also specify
+whether the message is a query or a response, a standard query or some
+other opcode, etc.
+
+The names of the sections after the header are derived from their use in
+standard queries. The question section contains fields that describe a
+question to a name server. These fields are a query type (QTYPE), a
+query class (QCLASS), and a query domain name (QNAME). The last three
+sections have the same format: a possibly empty list of concatenated
+resource records (RRs). The answer section contains RRs that answer the
+question; the authority section contains RRs that point toward an
+authoritative name server; the additional records section contains RRs
+which relate to the query, but are not strictly answers for the
+question.
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 25]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+4.1.1. Header section format
+
+The header contains the following fields:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ID |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QDCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ANCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | NSCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ARCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID A 16 bit identifier assigned by the program that
+ generates any kind of query. This identifier is copied
+ the corresponding reply and can be used by the requester
+ to match up replies to outstanding queries.
+
+QR A one bit field that specifies whether this message is a
+ query (0), or a response (1).
+
+OPCODE A four bit field that specifies kind of query in this
+ message. This value is set by the originator of a query
+ and copied into the response. The values are:
+
+ 0 a standard query (QUERY)
+
+ 1 an inverse query (IQUERY)
+
+ 2 a server status request (STATUS)
+
+ 3-15 reserved for future use
+
+AA Authoritative Answer - this bit is valid in responses,
+ and specifies that the responding name server is an
+ authority for the domain name in question section.
+
+ Note that the contents of the answer section may have
+ multiple owner names because of aliases. The AA bit
+
+
+
+Mockapetris [Page 26]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ corresponds to the name which matches the query name, or
+ the first owner name in the answer section.
+
+TC TrunCation - specifies that this message was truncated
+ due to length greater than that permitted on the
+ transmission channel.
+
+RD Recursion Desired - this bit may be set in a query and
+ is copied into the response. If RD is set, it directs
+ the name server to pursue the query recursively.
+ Recursive query support is optional.
+
+RA Recursion Available - this be is set or cleared in a
+ response, and denotes whether recursive query support is
+ available in the name server.
+
+Z Reserved for future use. Must be zero in all queries
+ and responses.
+
+RCODE Response code - this 4 bit field is set as part of
+ responses. The values have the following
+ interpretation:
+
+ 0 No error condition
+
+ 1 Format error - The name server was
+ unable to interpret the query.
+
+ 2 Server failure - The name server was
+ unable to process this query due to a
+ problem with the name server.
+
+ 3 Name Error - Meaningful only for
+ responses from an authoritative name
+ server, this code signifies that the
+ domain name referenced in the query does
+ not exist.
+
+ 4 Not Implemented - The name server does
+ not support the requested kind of query.
+
+ 5 Refused - The name server refuses to
+ perform the specified operation for
+ policy reasons. For example, a name
+ server may not wish to provide the
+ information to the particular requester,
+ or a name server may not wish to perform
+ a particular operation (e.g., zone
+
+
+
+Mockapetris [Page 27]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ transfer) for particular data.
+
+ 6-15 Reserved for future use.
+
+QDCOUNT an unsigned 16 bit integer specifying the number of
+ entries in the question section.
+
+ANCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the answer section.
+
+NSCOUNT an unsigned 16 bit integer specifying the number of name
+ server resource records in the authority records
+ section.
+
+ARCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the additional records section.
+
+4.1.2. Question section format
+
+The question section is used to carry the "question" in most queries,
+i.e., the parameters that define what is being asked. The section
+contains QDCOUNT (usually 1) entries, each of the following format:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / QNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QTYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QCLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+QNAME a domain name represented as a sequence of labels, where
+ each label consists of a length octet followed by that
+ number of octets. The domain name terminates with the
+ zero length octet for the null label of the root. Note
+ that this field may be an odd number of octets; no
+ padding is used.
+
+QTYPE a two octet code which specifies the type of the query.
+ The values for this field include all codes valid for a
+ TYPE field, together with some more general codes which
+ can match more than one type of RR.
+
+
+
+Mockapetris [Page 28]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+QCLASS a two octet code that specifies the class of the query.
+ For example, the QCLASS field is IN for the Internet.
+
+4.1.3. Resource record format
+
+The answer, authority, and additional sections all share the same
+format: a variable number of resource records, where the number of
+records is specified in the corresponding count field in the header.
+Each resource record has the following format:
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME a domain name to which this resource record pertains.
+
+TYPE two octets containing one of the RR type codes. This
+ field specifies the meaning of the data in the RDATA
+ field.
+
+CLASS two octets which specify the class of the data in the
+ RDATA field.
+
+TTL a 32 bit unsigned integer that specifies the time
+ interval (in seconds) that the resource record may be
+ cached before it should be discarded. Zero values are
+ interpreted to mean that the RR can only be used for the
+ transaction in progress, and should not be cached.
+
+
+
+
+
+Mockapetris [Page 29]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+ For example, the if the TYPE is A and the CLASS is IN,
+ the RDATA field is a 4 octet ARPA Internet address.
+
+4.1.4. Message compression
+
+In order to reduce the size of messages, the domain system utilizes a
+compression scheme which eliminates the repetition of domain names in a
+message. In this scheme, an entire domain name or a list of labels at
+the end of a domain name is replaced with a pointer to a prior occurrence
+of the same name.
+
+The pointer takes the form of a two octet sequence:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | 1 1| OFFSET |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The first two bits are ones. This allows a pointer to be distinguished
+from a label, since the label must begin with two zero bits because
+labels are restricted to 63 octets or less. (The 10 and 01 combinations
+are reserved for future use.) The OFFSET field specifies an offset from
+the start of the message (i.e., the first octet of the ID field in the
+domain header). A zero offset specifies the first byte of the ID field,
+etc.
+
+The compression scheme allows a domain name in a message to be
+represented as either:
+
+ - a sequence of labels ending in a zero octet
+
+ - a pointer
+
+ - a sequence of labels ending with a pointer
+
+Pointers can only be used for occurrences of a domain name where the
+format is not class specific. If this were not the case, a name server
+or resolver would be required to know the format of all RRs it handled.
+As yet, there are no such cases, but they may occur in future RDATA
+formats.
+
+If a domain name is contained in a part of the message subject to a
+length field (such as the RDATA section of an RR), and compression is
+
+
+
+Mockapetris [Page 30]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+used, the length of the compressed name is used in the length
+calculation, rather than the length of the expanded name.
+
+Programs are free to avoid using pointers in messages they generate,
+although this will reduce datagram capacity, and may cause truncation.
+However all programs are required to understand arriving messages that
+contain pointers.
+
+For example, a datagram might need to use the domain names F.ISI.ARPA,
+FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the
+message, these domain names might be represented as:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 20 | 1 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 22 | 3 | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 24 | S | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 26 | 4 | A |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 28 | R | P |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 30 | A | 0 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 40 | 3 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 42 | O | O |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 44 | 1 1| 20 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 64 | 1 1| 26 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 92 | 0 | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The domain name for F.ISI.ARPA is shown at offset 20. The domain name
+FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to
+concatenate a label for FOO to the previously defined F.ISI.ARPA. The
+domain name ARPA is defined at offset 64 using a pointer to the ARPA
+component of the name F.ISI.ARPA at 20; note that this pointer relies on
+ARPA being the last label in the string at 20. The root domain name is
+
+
+
+Mockapetris [Page 31]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+defined by a single octet of zeros at 92; the root domain name has no
+labels.
+
+4.2. Transport
+
+The DNS assumes that messages will be transmitted as datagrams or in a
+byte stream carried by a virtual circuit. While virtual circuits can be
+used for any DNS activity, datagrams are preferred for queries due to
+their lower overhead and better performance. Zone refresh activities
+must use virtual circuits because of the need for reliable transfer.
+
+The Internet supports name server access using TCP [RFC-793] on server
+port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
+port 53 (decimal).
+
+4.2.1. UDP usage
+
+Messages sent using UDP user server port 53 (decimal).
+
+Messages carried by UDP are restricted to 512 bytes (not counting the IP
+or UDP headers). Longer messages are truncated and the TC bit is set in
+the header.
+
+UDP is not acceptable for zone transfers, but is the recommended method
+for standard queries in the Internet. Queries sent using UDP may be
+lost, and hence a retransmission strategy is required. Queries or their
+responses may be reordered by the network, or by processing in name
+servers, so resolvers should not depend on them being returned in order.
+
+The optimal UDP retransmission policy will vary with performance of the
+Internet and the needs of the client, but the following are recommended:
+
+ - The client should try other servers and server addresses
+ before repeating a query to a specific address of a server.
+
+ - The retransmission interval should be based on prior
+ statistics if possible. Too aggressive retransmission can
+ easily slow responses for the community at large. Depending
+ on how well connected the client is to its expected servers,
+ the minimum retransmission interval should be 2-5 seconds.
+
+More suggestions on server selection and retransmission policy can be
+found in the resolver section of this memo.
+
+4.2.2. TCP usage
+
+Messages sent over TCP connections use server port 53 (decimal). The
+message is prefixed with a two byte length field which gives the message
+
+
+
+Mockapetris [Page 32]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+length, excluding the two byte length field. This length field allows
+the low-level processing to assemble a complete message before beginning
+to parse it.
+
+Several connection management policies are recommended:
+
+ - The server should not block other activities waiting for TCP
+ data.
+
+ - The server should support multiple connections.
+
+ - The server should assume that the client will initiate
+ connection closing, and should delay closing its end of the
+ connection until all outstanding client requests have been
+ satisfied.
+
+ - If the server needs to close a dormant connection to reclaim
+ resources, it should wait until the connection has been idle
+ for a period on the order of two minutes. In particular, the
+ server should allow the SOA and AXFR request sequence (which
+ begins a refresh operation) to be made on a single connection.
+ Since the server would be unable to answer queries anyway, a
+ unilateral close or reset may be used instead of a graceful
+ close.
+
+5. MASTER FILES
+
+Master files are text files that contain RRs in text form. Since the
+contents of a zone can be expressed in the form of a list of RRs a
+master file is most often used to define a zone, though it can be used
+to list a cache's contents. Hence, this section first discusses the
+format of RRs in a master file, and then the special considerations when
+a master file is used to create a zone in some name server.
+
+5.1. Format
+
+The format of these files is a sequence of entries. Entries are
+predominantly line-oriented, though parentheses can be used to continue
+a list of items across a line boundary, and text literals can contain
+CRLF within the text. Any combination of tabs and spaces act as a
+delimiter between the separate items that make up an entry. The end of
+any line in the master file can end with a comment. The comment starts
+with a ";" (semicolon).
+
+The following entries are defined:
+
+ <blank>[<comment>]
+
+
+
+
+Mockapetris [Page 33]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ $ORIGIN <domain-name> [<comment>]
+
+ $INCLUDE <file-name> [<domain-name>] [<comment>]
+
+ <domain-name><rr> [<comment>]
+
+ <blank><rr> [<comment>]
+
+Blank lines, with or without comments, are allowed anywhere in the file.
+
+Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is
+followed by a domain name, and resets the current origin for relative
+domain names to the stated name. $INCLUDE inserts the named file into
+the current file, and may optionally specify a domain name that sets the
+relative domain name origin for the included file. $INCLUDE may also
+have a comment. Note that a $INCLUDE entry never changes the relative
+origin of the parent file, regardless of changes to the relative origin
+made within the included file.
+
+The last two forms represent RRs. If an entry for an RR begins with a
+blank, then the RR is assumed to be owned by the last stated owner. If
+an RR entry begins with a <domain-name>, then the owner name is reset.
+
+<rr> contents take one of the following forms:
+
+ [<TTL>] [<class>] <type> <RDATA>
+
+ [<class>] [<TTL>] <type> <RDATA>
+
+The RR begins with optional TTL and class fields, followed by a type and
+RDATA field appropriate to the type and class. Class and type use the
+standard mnemonics, TTL is a decimal integer. Omitted class and TTL
+values are default to the last explicitly stated values. Since type and
+class mnemonics are disjoint, the parse is unique. (Note that this
+order is different from the order used in examples and the order used in
+the actual RRs; the given order allows easier parsing and defaulting.)
+
+<domain-name>s make up a large share of the data in the master file.
+The labels in the domain name are expressed as character strings and
+separated by dots. Quoting conventions allow arbitrary characters to be
+stored in domain names. Domain names that end in a dot are called
+absolute, and are taken as complete. Domain names which do not end in a
+dot are called relative; the actual domain name is the concatenation of
+the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as
+an argument to the master file loading routine. A relative name is an
+error when no origin is available.
+
+
+
+
+
+Mockapetris [Page 34]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+<character-string> is expressed in one or two ways: as a contiguous set
+of characters without interior spaces, or as a string beginning with a "
+and ending with a ". Inside a " delimited string any character can
+occur, except for a " itself, which must be quoted using \ (back slash).
+
+Because these files are text files several special encodings are
+necessary to allow arbitrary data to be loaded. In particular:
+
+ of the root.
+
+@ A free standing @ is used to denote the current origin.
+
+\X where X is any character other than a digit (0-9), is
+ used to quote that character so that its special meaning
+ does not apply. For example, "\." can be used to place
+ a dot character in a label.
+
+\DDD where each D is a digit is the octet corresponding to
+ the decimal number described by DDD. The resulting
+ octet is assumed to be text and is not checked for
+ special meaning.
+
+( ) Parentheses are used to group data that crosses a line
+ boundary. In effect, line terminations are not
+ recognized within parentheses.
+
+; Semicolon is used to start a comment; the remainder of
+ the line is ignored.
+
+5.2. Use of master files to define zones
+
+When a master file is used to load a zone, the operation should be
+suppressed if any errors are encountered in the master file. The
+rationale for this is that a single error can have widespread
+consequences. For example, suppose that the RRs defining a delegation
+have syntax errors; then the server will return authoritative name
+errors for all names in the subzone (except in the case where the
+subzone is also present on the server).
+
+Several other validity checks that should be performed in addition to
+insuring that the file is syntactically correct:
+
+ 1. All RRs in the file should have the same class.
+
+ 2. Exactly one SOA RR should be present at the top of the zone.
+
+ 3. If delegations are present and glue information is required,
+ it should be present.
+
+
+
+Mockapetris [Page 35]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 4. Information present outside of the authoritative nodes in the
+ zone should be glue information, rather than the result of an
+ origin or similar error.
+
+5.3. Master file example
+
+The following is an example file which might be used to define the
+ISI.EDU zone.and is loaded with an origin of ISI.EDU:
+
+@ IN SOA VENERA Action\.domains (
+ 20 ; SERIAL
+ 7200 ; REFRESH
+ 600 ; RETRY
+ 3600000; EXPIRE
+ 60) ; MINIMUM
+
+ NS A.ISI.EDU.
+ NS VENERA
+ NS VAXA
+ MX 10 VENERA
+ MX 20 VAXA
+
+A A 26.3.0.103
+
+VENERA A 10.1.0.52
+ A 128.9.0.32
+
+VAXA A 10.2.0.27
+ A 128.9.0.33
+
+
+$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT
+
+Where the file <SUBSYS>ISI-MAILBOXES.TXT is:
+
+ MOE MB A.ISI.EDU.
+ LARRY MB A.ISI.EDU.
+ CURLEY MB A.ISI.EDU.
+ STOOGES MG MOE
+ MG LARRY
+ MG CURLEY
+
+Note the use of the \ character in the SOA RR to specify the responsible
+person mailbox "Action.domains@E.ISI.EDU".
+
+
+
+
+
+
+
+Mockapetris [Page 36]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+6. NAME SERVER IMPLEMENTATION
+
+6.1. Architecture
+
+The optimal structure for the name server will depend on the host
+operating system and whether the name server is integrated with resolver
+operations, either by supporting recursive service, or by sharing its
+database with a resolver. This section discusses implementation
+considerations for a name server which shares a database with a
+resolver, but most of these concerns are present in any name server.
+
+6.1.1. Control
+
+A name server must employ multiple concurrent activities, whether they
+are implemented as separate tasks in the host's OS or multiplexing
+inside a single name server program. It is simply not acceptable for a
+name server to block the service of UDP requests while it waits for TCP
+data for refreshing or query activities. Similarly, a name server
+should not attempt to provide recursive service without processing such
+requests in parallel, though it may choose to serialize requests from a
+single client, or to regard identical requests from the same client as
+duplicates. A name server should not substantially delay requests while
+it reloads a zone from master files or while it incorporates a newly
+refreshed zone into its database.
+
+6.1.2. Database
+
+While name server implementations are free to use any internal data
+structures they choose, the suggested structure consists of three major
+parts:
+
+ - A "catalog" data structure which lists the zones available to
+ this server, and a "pointer" to the zone data structure. The
+ main purpose of this structure is to find the nearest ancestor
+ zone, if any, for arriving standard queries.
+
+ - Separate data structures for each of the zones held by the
+ name server.
+
+ - A data structure for cached data. (or perhaps separate caches
+ for different classes)
+
+All of these data structures can be implemented an identical tree
+structure format, with different data chained off the nodes in different
+parts: in the catalog the data is pointers to zones, while in the zone
+and cache data structures, the data will be RRs. In designing the tree
+framework the designer should recognize that query processing will need
+to traverse the tree using case-insensitive label comparisons; and that
+
+
+
+Mockapetris [Page 37]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in real data, a few nodes have a very high branching factor (100-1000 or
+more), but the vast majority have a very low branching factor (0-1).
+
+One way to solve the case problem is to store the labels for each node
+in two pieces: a standardized-case representation of the label where all
+ASCII characters are in a single case, together with a bit mask that
+denotes which characters are actually of a different case. The
+branching factor diversity can be handled using a simple linked list for
+a node until the branching factor exceeds some threshold, and
+transitioning to a hash structure after the threshold is exceeded. In
+any case, hash structures used to store tree sections must insure that
+hash functions and procedures preserve the casing conventions of the
+DNS.
+
+The use of separate structures for the different parts of the database
+is motivated by several factors:
+
+ - The catalog structure can be an almost static structure that
+ need change only when the system administrator changes the
+ zones supported by the server. This structure can also be
+ used to store parameters used to control refreshing
+ activities.
+
+ - The individual data structures for zones allow a zone to be
+ replaced simply by changing a pointer in the catalog. Zone
+ refresh operations can build a new structure and, when
+ complete, splice it into the database via a simple pointer
+ replacement. It is very important that when a zone is
+ refreshed, queries should not use old and new data
+ simultaneously.
+
+ - With the proper search procedures, authoritative data in zones
+ will always "hide", and hence take precedence over, cached
+ data.
+
+ - Errors in zone definitions that cause overlapping zones, etc.,
+ may cause erroneous responses to queries, but problem
+ determination is simplified, and the contents of one "bad"
+ zone can't corrupt another.
+
+ - Since the cache is most frequently updated, it is most
+ vulnerable to corruption during system restarts. It can also
+ become full of expired RR data. In either case, it can easily
+ be discarded without disturbing zone data.
+
+A major aspect of database design is selecting a structure which allows
+the name server to deal with crashes of the name server's host. State
+information which a name server should save across system crashes
+
+
+
+Mockapetris [Page 38]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+includes the catalog structure (including the state of refreshing for
+each zone) and the zone data itself.
+
+6.1.3. Time
+
+Both the TTL data for RRs and the timing data for refreshing activities
+depends on 32 bit timers in units of seconds. Inside the database,
+refresh timers and TTLs for cached data conceptually "count down", while
+data in the zone stays with constant TTLs.
+
+A recommended implementation strategy is to store time in two ways: as
+a relative increment and as an absolute time. One way to do this is to
+use positive 32 bit numbers for one type and negative numbers for the
+other. The RRs in zones use relative times; the refresh timers and
+cache data use absolute times. Absolute numbers are taken with respect
+to some known origin and converted to relative values when placed in the
+response to a query. When an absolute TTL is negative after conversion
+to relative, then the data is expired and should be ignored.
+
+6.2. Standard query processing
+
+The major algorithm for standard query processing is presented in
+[RFC-1034].
+
+When processing queries with QCLASS=*, or some other QCLASS which
+matches multiple classes, the response should never be authoritative
+unless the server can guarantee that the response covers all classes.
+
+When composing a response, RRs which are to be inserted in the
+additional section, but duplicate RRs in the answer or authority
+sections, may be omitted from the additional section.
+
+When a response is so long that truncation is required, the truncation
+should start at the end of the response and work forward in the
+datagram. Thus if there is any data for the authority section, the
+answer section is guaranteed to be unique.
+
+The MINIMUM value in the SOA should be used to set a floor on the TTL of
+data distributed from a zone. This floor function should be done when
+the data is copied into a response. This will allow future dynamic
+update protocols to change the SOA MINIMUM field without ambiguous
+semantics.
+
+6.3. Zone refresh and reload processing
+
+In spite of a server's best efforts, it may be unable to load zone data
+from a master file due to syntax errors, etc., or be unable to refresh a
+zone within the its expiration parameter. In this case, the name server
+
+
+
+Mockapetris [Page 39]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+should answer queries as if it were not supposed to possess the zone.
+
+If a master is sending a zone out via AXFR, and a new version is created
+during the transfer, the master should continue to send the old version
+if possible. In any case, it should never send part of one version and
+part of another. If completion is not possible, the master should reset
+the connection on which the zone transfer is taking place.
+
+6.4. Inverse queries (Optional)
+
+Inverse queries are an optional part of the DNS. Name servers are not
+required to support any form of inverse queries. If a name server
+receives an inverse query that it does not support, it returns an error
+response with the "Not Implemented" error set in the header. While
+inverse query support is optional, all name servers must be at least
+able to return the error response.
+
+6.4.1. The contents of inverse queries and responses Inverse
+queries reverse the mappings performed by standard query operations;
+while a standard query maps a domain name to a resource, an inverse
+query maps a resource to a domain name. For example, a standard query
+might bind a domain name to a host address; the corresponding inverse
+query binds the host address to a domain name.
+
+Inverse queries take the form of a single RR in the answer section of
+the message, with an empty question section. The owner name of the
+query RR and its TTL are not significant. The response carries
+questions in the question section which identify all names possessing
+the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows
+about all of the domain name space, the response can never be assumed to
+be complete. Thus inverse queries are primarily useful for database
+management and debugging activities. Inverse queries are NOT an
+acceptable method of mapping host addresses to host names; use the IN-
+ADDR.ARPA domain instead.
+
+Where possible, name servers should provide case-insensitive comparisons
+for inverse queries. Thus an inverse query asking for an MX RR of
+"Venera.isi.edu" should get the same response as a query for
+"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should
+produce the same result as an inverse query for "IBM-pc unix". However,
+this cannot be guaranteed because name servers may possess RRs that
+contain character strings but the name server does not know that the
+data is character.
+
+When a name server processes an inverse query, it either returns:
+
+ 1. zero, one, or multiple domain names for the specified
+ resource as QNAMEs in the question section
+
+
+
+Mockapetris [Page 40]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 2. an error code indicating that the name server doesn't support
+ inverse mapping of the specified resource type.
+
+When the response to an inverse query contains one or more QNAMEs, the
+owner name and TTL of the RR in the answer section which defines the
+inverse query is modified to exactly match an RR found at the first
+QNAME.
+
+RRs returned in the inverse queries cannot be cached using the same
+mechanism as is used for the replies to standard queries. One reason
+for this is that a name might have multiple RRs of the same type, and
+only one would appear. For example, an inverse query for a single
+address of a multiply homed host might create the impression that only
+one address existed.
+
+6.4.2. Inverse query and response example The overall structure
+of an inverse query for retrieving the domain name that corresponds to
+Internet address 10.1.0.52 is shown below:
+
+ +-----------------------------------------+
+ Header | OPCODE=IQUERY, ID=997 |
+ +-----------------------------------------+
+ Question | <empty> |
+ +-----------------------------------------+
+ Answer | <anyname> A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+This query asks for a question whose answer is the Internet style
+address 10.1.0.52. Since the owner name is not known, any domain name
+can be used as a placeholder (and is ignored). A single octet of zero,
+signifying the root, is usually used because it minimizes the length of
+the message. The TTL of the RR is not significant. The response to
+this query might be:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 41]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ +-----------------------------------------+
+ Header | OPCODE=RESPONSE, ID=997 |
+ +-----------------------------------------+
+ Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
+ +-----------------------------------------+
+ Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+Note that the QTYPE in a response to an inverse query is the same as the
+TYPE field in the answer section of the inverse query. Responses to
+inverse queries may contain multiple questions when the inverse is not
+unique. If the question section in the response is not empty, then the
+RR in the answer section is modified to correspond to be an exact copy
+of an RR at the first QNAME.
+
+6.4.3. Inverse query processing
+
+Name servers that support inverse queries can support these operations
+through exhaustive searches of their databases, but this becomes
+impractical as the size of the database increases. An alternative
+approach is to invert the database according to the search key.
+
+For name servers that support multiple zones and a large amount of data,
+the recommended approach is separate inversions for each zone. When a
+particular zone is changed during a refresh, only its inversions need to
+be redone.
+
+Support for transfer of this type of inversion may be included in future
+versions of the domain system, but is not supported in this version.
+
+6.5. Completion queries and responses
+
+The optional completion services described in RFC-882 and RFC-883 have
+been deleted. Redesigned services may become available in the future.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 42]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7. RESOLVER IMPLEMENTATION
+
+The top levels of the recommended resolver algorithm are discussed in
+[RFC-1034]. This section discusses implementation details assuming the
+database structure suggested in the name server implementation section
+of this memo.
+
+7.1. Transforming a user request into a query
+
+The first step a resolver takes is to transform the client's request,
+stated in a format suitable to the local OS, into a search specification
+for RRs at a specific name which match a specific QTYPE and QCLASS.
+Where possible, the QTYPE and QCLASS should correspond to a single type
+and a single class, because this makes the use of cached data much
+simpler. The reason for this is that the presence of data of one type
+in a cache doesn't confirm the existence or non-existence of data of
+other types, hence the only way to be sure is to consult an
+authoritative source. If QCLASS=* is used, then authoritative answers
+won't be available.
+
+Since a resolver must be able to multiplex multiple requests if it is to
+perform its function efficiently, each pending request is usually
+represented in some block of state information. This state block will
+typically contain:
+
+ - A timestamp indicating the time the request began.
+ The timestamp is used to decide whether RRs in the database
+ can be used or are out of date. This timestamp uses the
+ absolute time format previously discussed for RR storage in
+ zones and caches. Note that when an RRs TTL indicates a
+ relative time, the RR must be timely, since it is part of a
+ zone. When the RR has an absolute time, it is part of a
+ cache, and the TTL of the RR is compared against the timestamp
+ for the start of the request.
+
+ Note that using the timestamp is superior to using a current
+ time, since it allows RRs with TTLs of zero to be entered in
+ the cache in the usual manner, but still used by the current
+ request, even after intervals of many seconds due to system
+ load, query retransmission timeouts, etc.
+
+ - Some sort of parameters to limit the amount of work which will
+ be performed for this request.
+
+ The amount of work which a resolver will do in response to a
+ client request must be limited to guard against errors in the
+ database, such as circular CNAME references, and operational
+ problems, such as network partition which prevents the
+
+
+
+Mockapetris [Page 43]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ resolver from accessing the name servers it needs. While
+ local limits on the number of times a resolver will retransmit
+ a particular query to a particular name server address are
+ essential, the resolver should have a global per-request
+ counter to limit work on a single request. The counter should
+ be set to some initial value and decremented whenever the
+ resolver performs any action (retransmission timeout,
+ retransmission, etc.) If the counter passes zero, the request
+ is terminated with a temporary error.
+
+ Note that if the resolver structure allows one request to
+ start others in parallel, such as when the need to access a
+ name server for one request causes a parallel resolve for the
+ name server's addresses, the spawned request should be started
+ with a lower counter. This prevents circular references in
+ the database from starting a chain reaction of resolver
+ activity.
+
+ - The SLIST data structure discussed in [RFC-1034].
+
+ This structure keeps track of the state of a request if it
+ must wait for answers from foreign name servers.
+
+7.2. Sending the queries
+
+As described in [RFC-1034], the basic task of the resolver is to
+formulate a query which will answer the client's request and direct that
+query to name servers which can provide the information. The resolver
+will usually only have very strong hints about which servers to ask, in
+the form of NS RRs, and may have to revise the query, in response to
+CNAMEs, or revise the set of name servers the resolver is asking, in
+response to delegation responses which point the resolver to name
+servers closer to the desired information. In addition to the
+information requested by the client, the resolver may have to call upon
+its own services to determine the address of name servers it wishes to
+contact.
+
+In any case, the model used in this memo assumes that the resolver is
+multiplexing attention between multiple requests, some from the client,
+and some internally generated. Each request is represented by some
+state information, and the desired behavior is that the resolver
+transmit queries to name servers in a way that maximizes the probability
+that the request is answered, minimizes the time that the request takes,
+and avoids excessive transmissions. The key algorithm uses the state
+information of the request to select the next name server address to
+query, and also computes a timeout which will cause the next action
+should a response not arrive. The next action will usually be a
+transmission to some other server, but may be a temporary error to the
+
+
+
+Mockapetris [Page 44]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+client.
+
+The resolver always starts with a list of server names to query (SLIST).
+This list will be all NS RRs which correspond to the nearest ancestor
+zone that the resolver knows about. To avoid startup problems, the
+resolver should have a set of default servers which it will ask should
+it have no current NS RRs which are appropriate. The resolver then adds
+to SLIST all of the known addresses for the name servers, and may start
+parallel requests to acquire the addresses of the servers when the
+resolver has the name, but no addresses, for the name servers.
+
+To complete initialization of SLIST, the resolver attaches whatever
+history information it has to the each address in SLIST. This will
+usually consist of some sort of weighted averages for the response time
+of the address, and the batting average of the address (i.e., how often
+the address responded at all to the request). Note that this
+information should be kept on a per address basis, rather than on a per
+name server basis, because the response time and batting average of a
+particular server may vary considerably from address to address. Note
+also that this information is actually specific to a resolver address /
+server address pair, so a resolver with multiple addresses may wish to
+keep separate histories for each of its addresses. Part of this step
+must deal with addresses which have no such history; in this case an
+expected round trip time of 5-10 seconds should be the worst case, with
+lower estimates for the same local network, etc.
+
+Note that whenever a delegation is followed, the resolver algorithm
+reinitializes SLIST.
+
+The information establishes a partial ranking of the available name
+server addresses. Each time an address is chosen and the state should
+be altered to prevent its selection again until all other addresses have
+been tried. The timeout for each transmission should be 50-100% greater
+than the average predicted value to allow for variance in response.
+
+Some fine points:
+
+ - The resolver may encounter a situation where no addresses are
+ available for any of the name servers named in SLIST, and
+ where the servers in the list are precisely those which would
+ normally be used to look up their own addresses. This
+ situation typically occurs when the glue address RRs have a
+ smaller TTL than the NS RRs marking delegation, or when the
+ resolver caches the result of a NS search. The resolver
+ should detect this condition and restart the search at the
+ next ancestor zone, or alternatively at the root.
+
+
+
+
+
+Mockapetris [Page 45]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ - If a resolver gets a server error or other bizarre response
+ from a name server, it should remove it from SLIST, and may
+ wish to schedule an immediate transmission to the next
+ candidate server address.
+
+7.3. Processing responses
+
+The first step in processing arriving response datagrams is to parse the
+response. This procedure should include:
+
+ - Check the header for reasonableness. Discard datagrams which
+ are queries when responses are expected.
+
+ - Parse the sections of the message, and insure that all RRs are
+ correctly formatted.
+
+ - As an optional step, check the TTLs of arriving data looking
+ for RRs with excessively long TTLs. If a RR has an
+ excessively long TTL, say greater than 1 week, either discard
+ the whole response, or limit all TTLs in the response to 1
+ week.
+
+The next step is to match the response to a current resolver request.
+The recommended strategy is to do a preliminary matching using the ID
+field in the domain header, and then to verify that the question section
+corresponds to the information currently desired. This requires that
+the transmission algorithm devote several bits of the domain ID field to
+a request identifier of some sort. This step has several fine points:
+
+ - Some name servers send their responses from different
+ addresses than the one used to receive the query. That is, a
+ resolver cannot rely that a response will come from the same
+ address which it sent the corresponding query to. This name
+ server bug is typically encountered in UNIX systems.
+
+ - If the resolver retransmits a particular request to a name
+ server it should be able to use a response from any of the
+ transmissions. However, if it is using the response to sample
+ the round trip time to access the name server, it must be able
+ to determine which transmission matches the response (and keep
+ transmission times for each outgoing message), or only
+ calculate round trip times based on initial transmissions.
+
+ - A name server will occasionally not have a current copy of a
+ zone which it should have according to some NS RRs. The
+ resolver should simply remove the name server from the current
+ SLIST, and continue.
+
+
+
+
+Mockapetris [Page 46]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7.4. Using the cache
+
+In general, we expect a resolver to cache all data which it receives in
+responses since it may be useful in answering future client requests.
+However, there are several types of data which should not be cached:
+
+ - When several RRs of the same type are available for a
+ particular owner name, the resolver should either cache them
+ all or none at all. When a response is truncated, and a
+ resolver doesn't know whether it has a complete set, it should
+ not cache a possibly partial set of RRs.
+
+ - Cached data should never be used in preference to
+ authoritative data, so if caching would cause this to happen
+ the data should not be cached.
+
+ - The results of an inverse query should not be cached.
+
+ - The results of standard queries where the QNAME contains "*"
+ labels if the data might be used to construct wildcards. The
+ reason is that the cache does not necessarily contain existing
+ RRs or zone boundary information which is necessary to
+ restrict the application of the wildcard RRs.
+
+ - RR data in responses of dubious reliability. When a resolver
+ receives unsolicited responses or RR data other than that
+ requested, it should discard it without caching it. The basic
+ implication is that all sanity checks on a packet should be
+ performed before any of it is cached.
+
+In a similar vein, when a resolver has a set of RRs for some name in a
+response, and wants to cache the RRs, it should check its cache for
+already existing RRs. Depending on the circumstances, either the data
+in the response or the cache is preferred, but the two should never be
+combined. If the data in the response is from authoritative data in the
+answer section, it is always preferred.
+
+8. MAIL SUPPORT
+
+The domain system defines a standard for mapping mailboxes into domain
+names, and two methods for using the mailbox information to derive mail
+routing information. The first method is called mail exchange binding
+and the other method is mailbox binding. The mailbox encoding standard
+and mail exchange binding are part of the DNS official protocol, and are
+the recommended method for mail routing in the Internet. Mailbox
+binding is an experimental feature which is still under development and
+subject to change.
+
+
+
+
+Mockapetris [Page 47]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+The mailbox encoding standard assumes a mailbox name of the form
+"<local-part>@<mail-domain>". While the syntax allowed in each of these
+sections varies substantially between the various mail internets, the
+preferred syntax for the ARPA Internet is given in [RFC-822].
+
+The DNS encodes the <local-part> as a single label, and encodes the
+<mail-domain> as a domain name. The single label from the <local-part>
+is prefaced to the domain name from <mail-domain> to form the domain
+name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI-
+NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the
+<local-part> contains dots or other special characters, its
+representation in a master file will require the use of backslash
+quoting to ensure that the domain name is properly encoded. For
+example, the mailbox Action.domains@ISI.EDU would be represented as
+Action\.domains.ISI.EDU.
+
+8.1. Mail exchange binding
+
+Mail exchange binding uses the <mail-domain> part of a mailbox
+specification to determine where mail should be sent. The <local-part>
+is not even consulted. [RFC-974] specifies this method in detail, and
+should be consulted before attempting to use mail exchange support.
+
+One of the advantages of this method is that it decouples mail
+destination naming from the hosts used to support mail service, at the
+cost of another layer of indirection in the lookup function. However,
+the addition layer should eliminate the need for complicated "%", "!",
+etc encodings in <local-part>.
+
+The essence of the method is that the <mail-domain> is used as a domain
+name to locate type MX RRs which list hosts willing to accept mail for
+<mail-domain>, together with preference values which rank the hosts
+according to an order specified by the administrators for <mail-domain>.
+
+In this memo, the <mail-domain> ISI.EDU is used in examples, together
+with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for
+ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would
+route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name
+VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host
+addresses.
+
+8.2. Mailbox binding (Experimental)
+
+In mailbox binding, the mailer uses the entire mail destination
+specification to construct a domain name. The encoded domain name for
+the mailbox is used as the QNAME field in a QTYPE=MAILB query.
+
+Several outcomes are possible for this query:
+
+
+
+Mockapetris [Page 48]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 1. The query can return a name error indicating that the mailbox
+ does not exist as a domain name.
+
+ In the long term, this would indicate that the specified
+ mailbox doesn't exist. However, until the use of mailbox
+ binding is universal, this error condition should be
+ interpreted to mean that the organization identified by the
+ global part does not support mailbox binding. The
+ appropriate procedure is to revert to exchange binding at
+ this point.
+
+ 2. The query can return a Mail Rename (MR) RR.
+
+ The MR RR carries new mailbox specification in its RDATA
+ field. The mailer should replace the old mailbox with the
+ new one and retry the operation.
+
+ 3. The query can return a MB RR.
+
+ The MB RR carries a domain name for a host in its RDATA
+ field. The mailer should deliver the message to that host
+ via whatever protocol is applicable, e.g., b,SMTP.
+
+ 4. The query can return one or more Mail Group (MG) RRs.
+
+ This condition means that the mailbox was actually a mailing
+ list or mail group, rather than a single mailbox. Each MG RR
+ has a RDATA field that identifies a mailbox that is a member
+ of the group. The mailer should deliver a copy of the
+ message to each member.
+
+ 5. The query can return a MB RR as well as one or more MG RRs.
+
+ This condition means the the mailbox was actually a mailing
+ list. The mailer can either deliver the message to the host
+ specified by the MB RR, which will in turn do the delivery to
+ all members, or the mailer can use the MG RRs to do the
+ expansion itself.
+
+In any of these cases, the response may include a Mail Information
+(MINFO) RR. This RR is usually associated with a mail group, but is
+legal with a MB. The MINFO RR identifies two mailboxes. One of these
+identifies a responsible person for the original mailbox name. This
+mailbox should be used for requests to be added to a mail group, etc.
+The second mailbox name in the MINFO RR identifies a mailbox that should
+receive error messages for mail failures. This is particularly
+appropriate for mailing lists when errors in member names should be
+reported to a person other than the one who sends a message to the list.
+
+
+
+Mockapetris [Page 49]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+New fields may be added to this RR in the future.
+
+
+9. REFERENCES and BIBLIOGRAPHY
+
+[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena
+ Technical Plan - Name Service, April 1987, version 1.9.
+
+ Describes the fundamentals of the Hesiod name service.
+
+[IEN-116] J. Postel, "Internet Name Server", IEN-116,
+ USC/Information Sciences Institute, August 1979.
+
+ A name service obsoleted by the Domain Name System, but
+ still in use.
+
+[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks",
+ Communications of the ACM, October 1986, volume 29, number
+ 10.
+
+[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network
+ Information Center, SRI International, December 1977.
+
+[RFC-768] J. Postel, "User Datagram Protocol", RFC-768,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793,
+ USC/Information Sciences Institute, September 1981.
+
+[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT,
+ September 1981.
+
+ Suggests introduction of a hierarchy in place of a flat
+ name space for the Internet.
+
+[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805,
+ USC/Information Sciences Institute, February 1982.
+
+[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD
+ Internet Host Table Specification", RFC-810, Network
+ Information Center, SRI International, March 1982.
+
+ Obsolete. See RFC-952.
+
+[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames
+ Server", RFC-811, Network Information Center, SRI
+ International, March 1982.
+
+
+
+
+Mockapetris [Page 50]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Obsolete. See RFC-953.
+
+[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812,
+ Network Information Center, SRI International, March
+ 1982.
+
+[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for
+ Internet User Applications", RFC-819, Network
+ Information Center, SRI International, August 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-830] Z. Su, "A Distributed System for Internet Name Service",
+ RFC-830, Network Information Center, SRI International,
+ October 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-882] P. Mockapetris, "Domain names - Concepts and
+ Facilities," RFC-882, USC/Information Sciences
+ Institute, November 1983.
+
+ Superseded by this memo.
+
+[RFC-883] P. Mockapetris, "Domain names - Implementation and
+ Specification," RFC-883, USC/Information Sciences
+ Institute, November 1983.
+
+ Superseded by this memo.
+
+[RFC-920] J. Postel and J. Reynolds, "Domain Requirements",
+ RFC-920, USC/Information Sciences Institute,
+ October 1984.
+
+ Explains the naming scheme for top level domains.
+
+[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host
+ Table Specification", RFC-952, SRI, October 1985.
+
+ Specifies the format of HOSTS.TXT, the host/address
+ table replaced by the DNS.
+
+
+
+
+
+Mockapetris [Page 51]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server",
+ RFC-953, SRI, October 1985.
+
+ This RFC contains the official specification of the
+ hostname server protocol, which is obsoleted by the DNS.
+ This TCP based protocol accesses information stored in
+ the RFC-952 format, and is used to obtain copies of the
+ host table.
+
+[RFC-973] P. Mockapetris, "Domain System Changes and
+ Observations", RFC-973, USC/Information Sciences
+ Institute, January 1986.
+
+ Describes changes to RFC-882 and RFC-883 and reasons for
+ them.
+
+[RFC-974] C. Partridge, "Mail routing and the domain system",
+ RFC-974, CSNET CIC BBN Labs, January 1986.
+
+ Describes the transition from HOSTS.TXT based mail
+ addressing to the more powerful MX system used with the
+ domain system.
+
+[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Concepts and Methods",
+ RFC-1001, March 1987.
+
+ This RFC and RFC-1002 are a preliminary design for
+ NETBIOS on top of TCP/IP which proposes to base NetBIOS
+ name service on top of the DNS.
+
+[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Detailed
+ Specifications", RFC-1002, March 1987.
+
+[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010,
+ USC/Information Sciences Institute, May 1987.
+
+ Contains socket numbers and mnemonics for host names,
+ operating systems, etc.
+
+[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031,
+ November 1987.
+
+ Describes a plan for converting the MILNET to the DNS.
+
+[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for
+ Administrators", RFC-1032, November 1987.
+
+
+
+Mockapetris [Page 52]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Describes the registration policies used by the NIC to
+ administer the top level domains and delegate subzones.
+
+[RFC-1033] M. Lottor, "Domain Administrators Operations Guide",
+ RFC-1033, November 1987.
+
+ A cookbook for domain administrators.
+
+[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET
+ Name Server", Computer Networks, vol 6, nr 3, July 1982.
+
+ Describes a name service for CSNET which is independent
+ from the DNS and DNS use in the CSNET.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 53]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Index
+
+ * 13
+
+ ; 33, 35
+
+ <character-string> 35
+ <domain-name> 34
+
+ @ 35
+
+ \ 35
+
+ A 12
+
+ Byte order 8
+
+ CH 13
+ Character case 9
+ CLASS 11
+ CNAME 12
+ Completion 42
+ CS 13
+
+ Hesiod 13
+ HINFO 12
+ HS 13
+
+ IN 13
+ IN-ADDR.ARPA domain 22
+ Inverse queries 40
+
+ Mailbox names 47
+ MB 12
+ MD 12
+ MF 12
+ MG 12
+ MINFO 12
+ MINIMUM 20
+ MR 12
+ MX 12
+
+ NS 12
+ NULL 12
+
+ Port numbers 32
+ Primary server 5
+ PTR 12, 18
+
+
+
+Mockapetris [Page 54]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ QCLASS 13
+ QTYPE 12
+
+ RDATA 12
+ RDLENGTH 11
+
+ Secondary server 5
+ SOA 12
+ Stub resolvers 7
+
+ TCP 32
+ TXT 12
+ TYPE 11
+
+ UDP 32
+
+ WKS 12
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 55]
+
diff --git a/lib/dns/tests/testdata/dst/test1.ecdsa256sig b/lib/dns/tests/testdata/dst/test1.ecdsa256sig
new file mode 100644
index 0000000..dcae9d1
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/test1.ecdsa256sig
@@ -0,0 +1 @@
+72E0998732EECAE2BEA12A278DFDEE14DB09A43C1E646A08BB0A6EEB90C5B75F9B359BEC1580313BFA8012C1DC15D34D1B227C71AD23161E2757AEB162AE3D99
diff --git a/lib/dns/tests/testdata/dst/test1.rsasha256sig b/lib/dns/tests/testdata/dst/test1.rsasha256sig
new file mode 100644
index 0000000..36e0b09
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/test1.rsasha256sig
@@ -0,0 +1 @@
+C5CC8AB9FB5C0B4F03650456C993A868EB674ACBF2A867E023DC00F17D240CEDCADB8714981B7B48CF6CF86722632610FF312063B5E6D20EF441B89F02BC6813A35F9C6F045D017DB75C8724DBAA0C55A0D4EA850339944C75890B4DD0382AFA3E30E1CAA7B190C1B1FB17B5DD2279C0DF1049911E64198B3376070A34F38F4B
diff --git a/lib/dns/tests/testdata/dst/test2.data b/lib/dns/tests/testdata/dst/test2.data
new file mode 100644
index 0000000..a323bb3
--- /dev/null
+++ b/lib/dns/tests/testdata/dst/test2.data
@@ -0,0 +1,3077 @@
+Network Working Group P. Mockapetris
+Request for Comments: 1035 ISI
+ November 1987
+Obsoletes: RFCs 882, 883, 973
+
+ DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION
+
+
+1. STATUS OF THIS MEMO
+
+This RFC describes the details of the domain system and protocol, and
+assumes that the reader is familiar with the concepts discussed in a
+companion RFC, "Domain Names - Concepts and Facilities" [RFC-4301].
+
+The domain system is a mixture of functions and data types which are an
+official protocol and functions and data types which are still
+experimental. Since the domain system is intentionally extensible, new
+data types and experimental behavior should always be expected in parts
+of the system beyond the official protocol. The official protocol parts
+include standard queries, responses and the Internet class RR data
+formats (e.g., host addresses). Since the previous RFC set, several
+definitions have changed, so some previous definitions are obsolete.
+
+Experimental or obsolete features are clearly marked in these RFCs, and
+such information should be used with caution.
+
+The reader is especially cautioned not to depend on the values which
+appear in examples to be current or complete, since their purpose is
+primarily pedagogical. Distribution of this memo is unlimited.
+
+ Table of Contents
+
+ 1. STATUS OF THIS MEMO 1
+ 2. INTRODUCTION 3
+ 2.1. Overview 3
+ 2.2. Common configurations 4
+ 2.3. Conventions 7
+ 2.3.1. Preferred name syntax 7
+ 2.3.2. Data Transmission Order 8
+ 2.3.3. Character Case 9
+ 2.3.4. Size limits 10
+ 3. DOMAIN NAME SPACE AND RR DEFINITIONS 10
+ 3.1. Name space definitions 10
+ 3.2. RR definitions 11
+ 3.2.1. Format 11
+ 3.2.2. TYPE values 12
+ 3.2.3. QTYPE values 12
+ 3.2.4. CLASS values 13
+
+
+
+Mockapetris [Page 1]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 3.2.5. QCLASS values 13
+ 3.3. Standard RRs 13
+ 3.3.1. CNAME RDATA format 14
+ 3.3.2. HINFO RDATA format 14
+ 3.3.3. MB RDATA format (EXPERIMENTAL) 14
+ 3.3.4. MD RDATA format (Obsolete) 15
+ 3.3.5. MF RDATA format (Obsolete) 15
+ 3.3.6. MG RDATA format (EXPERIMENTAL) 16
+ 3.3.7. MINFO RDATA format (EXPERIMENTAL) 16
+ 3.3.8. MR RDATA format (EXPERIMENTAL) 17
+ 3.3.9. MX RDATA format 17
+ 3.3.10. NULL RDATA format (EXPERIMENTAL) 17
+ 3.3.11. NS RDATA format 18
+ 3.3.12. PTR RDATA format 18
+ 3.3.13. SOA RDATA format 19
+ 3.3.14. TXT RDATA format 20
+ 3.4. ARPA Internet specific RRs 20
+ 3.4.1. A RDATA format 20
+ 3.4.2. WKS RDATA format 21
+ 3.5. IN-ADDR.ARPA domain 22
+ 3.6. Defining new types, classes, and special namespaces 24
+ 4. MESSAGES 25
+ 4.1. Format 25
+ 4.1.1. Header section format 26
+ 4.1.2. Question section format 28
+ 4.1.3. Resource record format 29
+ 4.1.4. Message compression 30
+ 4.2. Transport 32
+ 4.2.1. UDP usage 32
+ 4.2.2. TCP usage 32
+ 5. MASTER FILES 33
+ 5.1. Format 33
+ 5.2. Use of master files to define zones 35
+ 5.3. Master file example 36
+ 6. NAME SERVER IMPLEMENTATION 37
+ 6.1. Architecture 37
+ 6.1.1. Control 37
+ 6.1.2. Database 37
+ 6.1.3. Time 39
+ 6.2. Standard query processing 39
+ 6.3. Zone refresh and reload processing 39
+ 6.4. Inverse queries (Optional) 40
+ 6.4.1. The contents of inverse queries and responses 40
+ 6.4.2. Inverse query and response example 41
+ 6.4.3. Inverse query processing 42
+
+
+
+
+
+
+Mockapetris [Page 2]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 6.5. Completion queries and responses 42
+ 7. RESOLVER IMPLEMENTATION 43
+ 7.1. Transforming a user request into a query 43
+ 7.2. Sending the queries 44
+ 7.3. Processing responses 46
+ 7.4. Using the cache 47
+ 8. MAIL SUPPORT 47
+ 8.1. Mail exchange binding 48
+ 8.2. Mailbox binding (Experimental) 48
+ 9. REFERENCES and BIBLIOGRAPHY 50
+ Index 54
+
+2. INTRODUCTION
+
+2.1. Overview
+
+The goal of domain names is to provide a mechanism for naming resources
+in such a way that the names are usable in different hosts, networks,
+protocol families, internets, and administrative organizations.
+
+From the user's point of view, domain names are useful as arguments to a
+local agent, called a resolver, which retrieves information associated
+with the domain name. Thus a user might ask for the host address or
+mail information associated with a particular domain name. To enable
+the user to request a particular type of information, an appropriate
+query type is passed to the resolver with the domain name. To the user,
+the domain tree is a single information space; the resolver is
+responsible for hiding the distribution of data among name servers from
+the user.
+
+From the resolver's point of view, the database that makes up the domain
+space is distributed among various name servers. Different parts of the
+domain space are stored in different name servers, although a particular
+data item will be stored redundantly in two or more name servers. The
+resolver starts with knowledge of at least one name server. When the
+resolver processes a user query it asks a known name server for the
+information; in return, the resolver either receives the desired
+information or a referral to another name server. Using these
+referrals, resolvers learn the identities and contents of other name
+servers. Resolvers are responsible for dealing with the distribution of
+the domain space and dealing with the effects of name server failure by
+consulting redundant databases in other servers.
+
+Name servers manage two kinds of data. The first kind of data held in
+sets called zones; each zone is the complete database for a particular
+"pruned" subtree of the domain space. This data is called
+authoritative. A name server periodically checks to make sure that its
+zones are up to date, and if not, obtains a new copy of updated zones
+
+
+
+Mockapetris [Page 3]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+from master files stored locally or in another name server. The second
+kind of data is cached data which was acquired by a local resolver.
+This data may be incomplete, but improves the performance of the
+retrieval process when non-local data is repeatedly accessed. Cached
+data is eventually discarded by a timeout mechanism.
+
+This functional structure isolates the problems of user interface,
+failure recovery, and distribution in the resolvers and isolates the
+database update and refresh problems in the name servers.
+
+2.2. Common configurations
+
+A host can participate in the domain name system in a number of ways,
+depending on whether the host runs programs that retrieve information
+from the domain system, name servers that answer queries from other
+hosts, or various combinations of both functions. The simplest, and
+perhaps most typical, configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | cache | |
+ +----------+ |
+
+User programs interact with the domain name space through resolvers; the
+format of user queries and user responses is specific to the host and
+its operating system. User queries will typically be operating system
+calls, and the resolver and its cache will be part of the host operating
+system. Less capable hosts may choose to implement the resolver as a
+subroutine to be linked in with every program that needs its services.
+Resolvers answer user queries with information they acquire via queries
+to foreign name servers and the local cache.
+
+Note that the resolver may have to make several queries to several
+different foreign name servers to answer a particular user query, and
+hence the resolution of a user query may involve several network
+accesses and an arbitrary amount of time. The queries to foreign name
+servers and the corresponding responses have a standard format described
+
+
+
+Mockapetris [Page 4]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in this memo, and may be datagrams.
+
+Depending on its capabilities, a name server could be a stand alone
+program on a dedicated machine or a process or processes on a large
+timeshared host. A simple configuration might be:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+
+Here a primary name server acquires information about one or more zones
+by reading master files from its local file system, and answers queries
+about those zones that arrive from foreign resolvers.
+
+The DNS requires that all zones be redundantly supported by more than
+one name server. Designated secondary servers can acquire zones and
+check for updates from the primary server using the zone transfer
+protocol of the DNS. This configuration is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ |
+ / /| |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+In this configuration, the name server periodically establishes a
+virtual circuit to a foreign name server to acquire a copy of a zone or
+to check that an existing copy has not changed. The messages sent for
+
+
+
+Mockapetris [Page 5]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+these maintenance activities follow the same form as queries and
+responses, but the message sequences are somewhat different.
+
+The information flow in a host that supports all aspects of the domain
+name system is shown below:
+
+ Local Host | Foreign
+ |
+ +---------+ +----------+ | +--------+
+ | | user queries | |queries | | |
+ | User |-------------->| |---------|->|Foreign |
+ | Program | | Resolver | | | Name |
+ | |<--------------| |<--------|--| Server |
+ | | user responses| |responses| | |
+ +---------+ +----------+ | +--------+
+ | A |
+ cache additions | | references |
+ V | |
+ +----------+ |
+ | Shared | |
+ | database | |
+ +----------+ |
+ A | |
+ +---------+ refreshes | | references |
+ / /| | V |
+ +---------+ | +----------+ | +--------+
+ | | | | |responses| | |
+ | | | | Name |---------|->|Foreign |
+ | Master |-------------->| Server | | |Resolver|
+ | files | | | |<--------|--| |
+ | |/ | | queries | +--------+
+ +---------+ +----------+ |
+ A |maintenance | +--------+
+ | +------------|->| |
+ | queries | |Foreign |
+ | | | Name |
+ +------------------|--| Server |
+ maintenance responses | +--------+
+
+The shared database holds domain space data for the local name server
+and resolver. The contents of the shared database will typically be a
+mixture of authoritative data maintained by the periodic refresh
+operations of the name server and cached data from previous resolver
+requests. The structure of the domain data and the necessity for
+synchronization between name servers and resolvers imply the general
+characteristics of this database, but the actual format is up to the
+local implementor.
+
+
+
+
+Mockapetris [Page 6]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Information flow can also be tailored so that a group of hosts act
+together to optimize activities. Sometimes this is done to offload less
+capable hosts so that they do not have to implement a full resolver.
+This can be appropriate for PCs or hosts which want to minimize the
+amount of new network code which is required. This scheme can also
+allow a group of hosts can share a small number of caches rather than
+maintaining a large number of separate caches, on the premise that the
+centralized caches will have a higher hit ratio. In either case,
+resolvers are replaced with stub resolvers which act as front ends to
+resolvers located in a recursive server in one or more name servers
+known to perform that service:
+
+ Local Hosts | Foreign
+ |
+ +---------+ |
+ | | responses |
+ | Stub |<--------------------+ |
+ | Resolver| | |
+ | |----------------+ | |
+ +---------+ recursive | | |
+ queries | | |
+ V | |
+ +---------+ recursive +----------+ | +--------+
+ | | queries | |queries | | |
+ | Stub |-------------->| Recursive|---------|->|Foreign |
+ | Resolver| | Server | | | Name |
+ | |<--------------| |<--------|--| Server |
+ +---------+ responses | |responses| | |
+ +----------+ | +--------+
+ | Central | |
+ | cache | |
+ +----------+ |
+
+In any case, note that domain components are always replicated for
+reliability whenever possible.
+
+2.3. Conventions
+
+The domain system has several conventions dealing with low-level, but
+fundamental, issues. While the implementor is free to violate these
+conventions WITHIN HIS OWN SYSTEM, he must observe these conventions in
+ALL behavior observed from other hosts.
+
+2.3.1. Preferred name syntax
+
+The DNS specifications attempt to be as general as possible in the rules
+for constructing domain names. The idea is that the name of any
+existing object can be expressed as a domain name with minimal changes.
+
+
+
+Mockapetris [Page 7]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+However, when assigning a domain name for an object, the prudent user
+will select a name which satisfies both the rules of the domain system
+and any existing rules for the object, whether these rules are published
+or implied by existing programs.
+
+For example, when naming a mail domain, the user should satisfy both the
+rules of this memo and those in RFC-822. When creating a new host name,
+the old rules for HOSTS.TXT should be followed. This avoids problems
+when old software is converted to use domain names.
+
+The following syntax will result in fewer problems with many
+
+applications that use domain names (e.g., mail, TELNET).
+
+<domain> ::= <subdomain> | " "
+
+<subdomain> ::= <label> | <subdomain> "." <label>
+
+<label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
+
+<ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
+
+<let-dig-hyp> ::= <let-dig> | "-"
+
+<let-dig> ::= <letter> | <digit>
+
+<letter> ::= any one of the 52 alphabetic characters A through Z in
+upper case and a through z in lower case
+
+<digit> ::= any one of the ten digits 0 through 9
+
+Note that while upper and lower case letters are allowed in domain
+names, no significance is attached to the case. That is, two names with
+the same spelling but different case are to be treated as if identical.
+
+The labels must follow the rules for ARPANET host names. They must
+start with a letter, end with a letter or digit, and have as interior
+characters only letters, digits, and hyphen. There are also some
+restrictions on the length. Labels must be 63 characters or less.
+
+For example, the following strings identify hosts in the Internet:
+
+A.ISI.EDU XX.LCS.MIT.EDU SRI-NIC.ARPA
+
+2.3.2. Data Transmission Order
+
+The order of transmission of the header and data described in this
+document is resolved to the octet level. Whenever a diagram shows a
+
+
+
+Mockapetris [Page 8]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+group of octets, the order of transmission of those octets is the normal
+order in which they are read in English. For example, in the following
+diagram, the octets are transmitted in the order they are numbered.
+
+ 0 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 1 | 2 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 3 | 4 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ | 5 | 6 |
+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+Whenever an octet represents a numeric quantity, the left most bit in
+the diagram is the high order or most significant bit. That is, the bit
+labeled 0 is the most significant bit. For example, the following
+diagram represents the value 170 (decimal).
+
+ 0 1 2 3 4 5 6 7
+ +-+-+-+-+-+-+-+-+
+ |1 0 1 0 1 0 1 0|
+ +-+-+-+-+-+-+-+-+
+
+Similarly, whenever a multi-octet field represents a numeric quantity
+the left most bit of the whole field is the most significant bit. When
+a multi-octet quantity is transmitted the most significant octet is
+transmitted first.
+
+2.3.3. Character Case
+
+For all parts of the DNS that are part of the official protocol, all
+comparisons between character strings (e.g., labels, domain names, etc.)
+are done in a case-insensitive manner. At present, this rule is in
+force throughout the domain system without exception. However, future
+additions beyond current usage may need to use the full binary octet
+capabilities in names, so attempts to store domain names in 7-bit ASCII
+or use of special bytes to terminate labels, etc., should be avoided.
+
+When data enters the domain system, its original case should be
+preserved whenever possible. In certain circumstances this cannot be
+done. For example, if two RRs are stored in a database, one at x.y and
+one at X.Y, they are actually stored at the same place in the database,
+and hence only one casing would be preserved. The basic rule is that
+case can be discarded only when data is used to define structure in a
+database, and two names are identical when compared in a case
+insensitive manner.
+
+
+
+
+Mockapetris [Page 9]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Loss of case sensitive data must be minimized. Thus while data for x.y
+and X.Y may both be stored under a single location x.y or X.Y, data for
+a.x and B.X would never be stored under A.x, A.X, b.x, or b.X. In
+general, this preserves the case of the first label of a domain name,
+but forces standardization of interior node labels.
+
+Systems administrators who enter data into the domain database should
+take care to represent the data they supply to the domain system in a
+case-consistent manner if their system is case-sensitive. The data
+distribution system in the domain system will ensure that consistent
+representations are preserved.
+
+2.3.4. Size limits
+
+Various objects and parameters in the DNS have size limits. They are
+listed below. Some could be easily changed, others are more
+fundamental.
+
+labels 63 octets or less
+
+names 255 octets or less
+
+TTL positive values of a signed 32 bit number.
+
+UDP messages 512 octets or less
+
+3. DOMAIN NAME SPACE AND RR DEFINITIONS
+
+3.1. Name space definitions
+
+Domain names in messages are expressed in terms of a sequence of labels.
+Each label is represented as a one octet length field followed by that
+number of octets. Since every domain name ends with the null label of
+the root, a domain name is terminated by a length byte of zero. The
+high order two bits of every length octet must be zero, and the
+remaining six bits of the length field limit the label to 63 octets or
+less.
+
+To simplify implementations, the total length of a domain name (i.e.,
+label octets and label length octets) is restricted to 255 octets or
+less.
+
+Although labels can contain any 8 bit values in octets that make up a
+label, it is strongly recommended that labels follow the preferred
+syntax described elsewhere in this memo, which is compatible with
+existing host naming conventions. Name servers and resolvers must
+compare labels in a case-insensitive manner (i.e., A=a), assuming ASCII
+with zero parity. Non-alphabetic codes must match exactly.
+
+
+
+Mockapetris [Page 10]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.2. RR definitions
+
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+
+where:
+
+NAME an owner name, i.e., the name of the node to which this
+ resource record pertains.
+
+TYPE two octets containing one of the RR TYPE codes.
+
+CLASS two octets containing one of the RR CLASS codes.
+
+TTL a 32 bit signed integer that specifies the time interval
+ that the resource record may be cached before the source
+ of the information should again be consulted. Zero
+ values are interpreted to mean that the RR can only be
+ used for the transaction in progress, and should not be
+ cached. For example, SOA records are always distributed
+ with a zero TTL to prohibit caching. Zero values can
+ also be used for extremely volatile data.
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+
+
+Mockapetris [Page 11]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+
+3.2.2. TYPE values
+
+TYPE fields are used in resource records. Note that these types are a
+subset of QTYPEs.
+
+TYPE value and meaning
+
+A 1 a host address
+
+NS 2 an authoritative name server
+
+MD 3 a mail destination (Obsolete - use MX)
+
+MF 4 a mail forwarder (Obsolete - use MX)
+
+CNAME 5 the canonical name for an alias
+
+SOA 6 marks the start of a zone of authority
+
+MB 7 a mailbox domain name (EXPERIMENTAL)
+
+MG 8 a mail group member (EXPERIMENTAL)
+
+MR 9 a mail rename domain name (EXPERIMENTAL)
+
+NULL 10 a null RR (EXPERIMENTAL)
+
+WKS 11 a well known service description
+
+PTR 12 a domain name pointer
+
+HINFO 13 host information
+
+MINFO 14 mailbox or mail list information
+
+MX 15 mail exchange
+
+TXT 16 text strings
+
+3.2.3. QTYPE values
+
+QTYPE fields appear in the question part of a query. QTYPES are a
+superset of TYPEs, hence all TYPEs are valid QTYPEs. In addition, the
+following QTYPEs are defined:
+
+
+
+Mockapetris [Page 12]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+AXFR 252 A request for a transfer of an entire zone
+
+MAILB 253 A request for mailbox-related records (MB, MG or MR)
+
+MAILA 254 A request for mail agent RRs (Obsolete - see MX)
+
+* 255 A request for all records
+
+3.2.4. CLASS values
+
+CLASS fields appear in resource records. The following CLASS mnemonics
+and values are defined:
+
+IN 1 the Internet
+
+CS 2 the CSNET class (Obsolete - used only for examples in
+ some obsolete RFCs)
+
+CH 3 the CHAOS class
+
+HS 4 Hesiod [Dyer 87]
+
+3.2.5. QCLASS values
+
+QCLASS fields appear in the question section of a query. QCLASS values
+are a superset of CLASS values; every CLASS is a valid QCLASS. In
+addition to CLASS values, the following QCLASSes are defined:
+
+* 255 any class
+
+3.3. Standard RRs
+
+The following RR definitions are expected to occur, at least
+potentially, in all classes. In particular, NS, SOA, CNAME, and PTR
+will be used in all classes, and have the same format in all classes.
+Because their RDATA format is known, all domain names in the RDATA
+section of these RRs may be compressed.
+
+<domain-name> is a domain name represented as a series of labels, and
+terminated by a label with zero length. <character-string> is a single
+length octet followed by that number of characters. <character-string>
+is treated as binary information, and can be up to 256 characters in
+length (including the length octet).
+
+
+
+
+
+
+
+
+Mockapetris [Page 13]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.1. CNAME RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CNAME A <domain-name> which specifies the canonical or primary
+ name for the owner. The owner name is an alias.
+
+CNAME RRs cause no additional section processing, but name servers may
+choose to restart the query at the canonical name in certain cases. See
+the description of name server logic in [RFC-1034] for details.
+
+3.3.2. HINFO RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / CPU /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / OS /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+CPU A <character-string> which specifies the CPU type.
+
+OS A <character-string> which specifies the operating
+ system type.
+
+Standard values for CPU and OS can be found in [RFC-1010].
+
+HINFO records are used to acquire general information about a host. The
+main use is for protocols such as FTP that can use special procedures
+when talking between machines or operating systems of the same type.
+
+3.3.3. MB RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has the
+ specified mailbox.
+
+
+
+Mockapetris [Page 14]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MB records cause additional section processing which looks up an A type
+RRs corresponding to MADNAME.
+
+3.3.4. MD RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which should be able to deliver
+ mail for the domain.
+
+MD records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MD is obsolete. See the definition of MX and [RFC-974] for details of
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 0.
+
+3.3.5. MF RDATA format (Obsolete)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MADNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MADNAME A <domain-name> which specifies a host which has a mail
+ agent for the domain which will accept mail for
+ forwarding to the domain.
+
+MF records cause additional section processing which looks up an A type
+record corresponding to MADNAME.
+
+MF is obsolete. See the definition of MX and [RFC-974] for details ofw
+the new scheme. The recommended policy for dealing with MD RRs found in
+a master file is to reject them, or to convert them to MX RRs with a
+preference of 10.
+
+
+
+
+
+
+
+Mockapetris [Page 15]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.6. MG RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MGMNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MGMNAME A <domain-name> which specifies a mailbox which is a
+ member of the mail group specified by the domain name.
+
+MG records cause no additional section processing.
+
+3.3.7. MINFO RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EMAILBX /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+RMAILBX A <domain-name> which specifies a mailbox which is
+ responsible for the mailing list or mailbox. If this
+ domain name names the root, the owner of the MINFO RR is
+ responsible for itself. Note that many existing mailing
+ lists use a mailbox X-request for the RMAILBX field of
+ mailing list X, e.g., Msgroup-request for Msgroup. This
+ field provides a more general mechanism.
+
+
+EMAILBX A <domain-name> which specifies a mailbox which is to
+ receive error messages related to the mailing list or
+ mailbox specified by the owner of the MINFO RR (similar
+ to the ERRORS-TO: field which has been proposed). If
+ this domain name names the root, errors should be
+ returned to the sender of the message.
+
+MINFO records cause no additional section processing. Although these
+records can be associated with a simple mailbox, they are usually used
+with a mailing list.
+
+
+
+
+
+
+
+
+Mockapetris [Page 16]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.8. MR RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NEWNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NEWNAME A <domain-name> which specifies a mailbox which is the
+ proper rename of the specified mailbox.
+
+MR records cause no additional section processing. The main use for MR
+is as a forwarding entry for a user who has moved to a different
+mailbox.
+
+3.3.9. MX RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PREFERENCE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / EXCHANGE /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PREFERENCE A 16 bit integer which specifies the preference given to
+ this RR among others at the same owner. Lower values
+ are preferred.
+
+EXCHANGE A <domain-name> which specifies a host willing to act as
+ a mail exchange for the owner name.
+
+MX records cause type A additional section processing for the host
+specified by EXCHANGE. The use of MX RRs is explained in detail in
+[RFC-974].
+
+3.3.10. NULL RDATA format (EXPERIMENTAL)
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / <anything> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+Anything at all may be in the RDATA field so long as it is 65535 octets
+or less.
+
+
+
+
+Mockapetris [Page 17]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+NULL records cause no additional section processing. NULL RRs are not
+allowed in master files. NULLs are used as placeholders in some
+experimental extensions of the DNS.
+
+3.3.11. NS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / NSDNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NSDNAME A <domain-name> which specifies a host which should be
+ authoritative for the specified class and domain.
+
+NS records cause both the usual additional section processing to locate
+a type A record, and, when used in a referral, a special search of the
+zone in which they reside for glue information.
+
+The NS RR states that the named host should be expected to have a zone
+starting at owner name of the specified class. Note that the class may
+not indicate the protocol family which should be used to communicate
+with the host, although it is typically a strong hint. For example,
+hosts which are name servers for either Internet (IN) or Hesiod (HS)
+class information are normally queried using IN class protocols.
+
+3.3.12. PTR RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / PTRDNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+PTRDNAME A <domain-name> which points to some location in the
+ domain name space.
+
+PTR records cause no additional section processing. These RRs are used
+in special domains to point to some other location in the domain space.
+These records are simple data, and don't imply any special processing
+similar to that performed by CNAME, which identifies aliases. See the
+description of the IN-ADDR.ARPA domain for an example.
+
+
+
+
+
+
+
+
+Mockapetris [Page 18]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.3.13. SOA RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / MNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / RNAME /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | SERIAL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | REFRESH |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RETRY |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | EXPIRE |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | MINIMUM |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+MNAME The <domain-name> of the name server that was the
+ original or primary source of data for this zone.
+
+RNAME A <domain-name> which specifies the mailbox of the
+ person responsible for this zone.
+
+SERIAL The unsigned 32 bit version number of the original copy
+ of the zone. Zone transfers preserve this value. This
+ value wraps and should be compared using sequence space
+ arithmetic.
+
+REFRESH A 32 bit time interval before the zone should be
+ refreshed.
+
+RETRY A 32 bit time interval that should elapse before a
+ failed refresh should be retried.
+
+EXPIRE A 32 bit time value that specifies the upper limit on
+ the time interval that can elapse before the zone is no
+ longer authoritative.
+
+
+
+
+
+Mockapetris [Page 19]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+MINIMUM The unsigned 32 bit minimum TTL field that should be
+ exported with any RR from this zone.
+
+SOA records cause no additional section processing.
+
+All times are in units of seconds.
+
+Most of these fields are pertinent only for name server maintenance
+operations. However, MINIMUM is used in all query operations that
+retrieve RRs from a zone. Whenever a RR is sent in a response to a
+query, the TTL field is set to the maximum of the TTL field from the RR
+and the MINIMUM field in the appropriate SOA. Thus MINIMUM is a lower
+bound on the TTL field for all RRs in a zone. Note that this use of
+MINIMUM should occur when the RRs are copied into the response and not
+when the zone is loaded from a master file or via a zone transfer. The
+reason for this provison is to allow future dynamic update facilities to
+change the SOA RR with known semantics.
+
+
+3.3.14. TXT RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ / TXT-DATA /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+TXT-DATA One or more <character-string>s.
+
+TXT RRs are used to hold descriptive text. The semantics of the text
+depends on the domain where it is found.
+
+3.4. Internet specific RRs
+
+3.4.1. A RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS A 32 bit Internet address.
+
+Hosts that have multiple Internet addresses will have multiple A
+records.
+
+
+
+
+
+Mockapetris [Page 20]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+A records cause no additional section processing. The RDATA section of
+an A line in a master file is an Internet address expressed as four
+decimal numbers separated by dots without any embedded spaces (e.g.,
+"10.2.0.52" or "192.0.5.6").
+
+3.4.2. WKS RDATA format
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ADDRESS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | PROTOCOL | |
+ +--+--+--+--+--+--+--+--+ |
+ | |
+ / <BIT MAP> /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ADDRESS An 32 bit Internet address
+
+PROTOCOL An 8 bit IP protocol number
+
+<BIT MAP> A variable length bit map. The bit map must be a
+ multiple of 8 bits long.
+
+The WKS record is used to describe the well known services supported by
+a particular protocol on a particular internet address. The PROTOCOL
+field specifies an IP protocol number, and the bit map has one bit per
+port of the specified protocol. The first bit corresponds to port 0,
+the second to port 1, etc. If the bit map does not include a bit for a
+protocol of interest, that bit is assumed zero. The appropriate values
+and mnemonics for ports and protocols are specified in [RFC-1010].
+
+For example, if PROTOCOL=TCP (6), the 26th bit corresponds to TCP port
+25 (SMTP). If this bit is set, a SMTP server should be listening on TCP
+port 25; if zero, SMTP service is not supported on the specified
+address.
+
+The purpose of WKS RRs is to provide availability information for
+servers for TCP and UDP. If a server supports both TCP and UDP, or has
+multiple Internet addresses, then multiple WKS RRs are used.
+
+WKS RRs cause no additional section processing.
+
+In master files, both ports and protocols are expressed using mnemonics
+or decimal numbers.
+
+
+
+
+Mockapetris [Page 21]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.5. IN-ADDR.ARPA domain
+
+The Internet uses a special domain to support gateway location and
+Internet address to host mapping. Other classes may employ a similar
+strategy in other domains. The intent of this domain is to provide a
+guaranteed method to perform host address to host name mapping, and to
+facilitate queries to locate all gateways on a particular network in the
+Internet.
+
+Note that both of these services are similar to functions that could be
+performed by inverse queries; the difference is that this part of the
+domain name space is structured according to address, and hence can
+guarantee that the appropriate data can be located without an exhaustive
+search of the domain space.
+
+The domain begins at IN-ADDR.ARPA and has a substructure which follows
+the Internet addressing structure.
+
+Domain names in the IN-ADDR.ARPA domain are defined to have up to four
+labels in addition to the IN-ADDR.ARPA suffix. Each label represents
+one octet of an Internet address, and is expressed as a character string
+for a decimal value in the range 0-255 (with leading zeros omitted
+except in the case of a zero octet which is represented by a single
+zero).
+
+Host addresses are represented by domain names that have all four labels
+specified. Thus data for Internet address 10.2.0.52 is located at
+domain name 52.0.2.10.IN-ADDR.ARPA. The reversal, though awkward to
+read, allows zones to be delegated which are exactly one network of
+address space. For example, 10.IN-ADDR.ARPA can be a zone containing
+data for the ARPANET, while 26.IN-ADDR.ARPA can be a separate zone for
+MILNET. Address nodes are used to hold pointers to primary host names
+in the normal domain space.
+
+Network numbers correspond to some non-terminal nodes at various depths
+in the IN-ADDR.ARPA domain, since Internet network numbers are either 1,
+2, or 3 octets. Network nodes are used to hold pointers to the primary
+host names of gateways attached to that network. Since a gateway is, by
+definition, on more than one network, it will typically have two or more
+network nodes which point at it. Gateways will also have host level
+pointers at their fully qualified addresses.
+
+Both the gateway pointers at network nodes and the normal host pointers
+at full address nodes use the PTR RR to point back to the primary domain
+names of the corresponding hosts.
+
+For example, the IN-ADDR.ARPA domain will contain information about the
+ISI gateway between net 10 and 26, an MIT gateway from net 10 to MIT's
+
+
+
+Mockapetris [Page 22]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+net 18, and hosts A.ISI.EDU and MULTICS.MIT.EDU. Assuming that ISI
+gateway has addresses 10.2.0.22 and 26.0.0.103, and a name MILNET-
+GW.ISI.EDU, and the MIT gateway has addresses 10.0.0.77 and 18.10.0.4
+and a name GW.LCS.MIT.EDU, the domain database would contain:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 22.0.2.10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 103.0.0.26.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 77.0.0.10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 4.0.10.18.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+ 103.0.3.26.IN-ADDR.ARPA. PTR A.ISI.EDU.
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Thus a program which wanted to locate gateways on net 10 would originate
+a query of the form QTYPE=PTR, QCLASS=IN, QNAME=10.IN-ADDR.ARPA. It
+would receive two RRs in response:
+
+ 10.IN-ADDR.ARPA. PTR MILNET-GW.ISI.EDU.
+ 10.IN-ADDR.ARPA. PTR GW.LCS.MIT.EDU.
+
+The program could then originate QTYPE=A, QCLASS=IN queries for MILNET-
+GW.ISI.EDU. and GW.LCS.MIT.EDU. to discover the Internet addresses of
+these gateways.
+
+A resolver which wanted to find the host name corresponding to Internet
+host address 10.0.0.6 would pursue a query of the form QTYPE=PTR,
+QCLASS=IN, QNAME=6.0.0.10.IN-ADDR.ARPA, and would receive:
+
+ 6.0.0.10.IN-ADDR.ARPA. PTR MULTICS.MIT.EDU.
+
+Several cautions apply to the use of these services:
+ - Since the IN-ADDR.ARPA special domain and the normal domain
+ for a particular host or gateway will be in different zones,
+ the possibility exists that that the data may be inconsistent.
+
+ - Gateways will often have two names in separate domains, only
+ one of which can be primary.
+
+ - Systems that use the domain database to initialize their
+ routing tables must start with enough gateway information to
+ guarantee that they can access the appropriate name server.
+
+ - The gateway data only reflects the existence of a gateway in a
+ manner equivalent to the current HOSTS.TXT file. It doesn't
+ replace the dynamic availability information from GGP or EGP.
+
+
+
+Mockapetris [Page 23]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+3.6. Defining new types, classes, and special namespaces
+
+The previously defined types and classes are the ones in use as of the
+date of this memo. New definitions should be expected. This section
+makes some recommendations to designers considering additions to the
+existing facilities. The mailing list NAMEDROPPERS@SRI-NIC.ARPA is the
+forum where general discussion of design issues takes place.
+
+In general, a new type is appropriate when new information is to be
+added to the database about an existing object, or we need new data
+formats for some totally new object. Designers should attempt to define
+types and their RDATA formats that are generally applicable to all
+classes, and which avoid duplication of information. New classes are
+appropriate when the DNS is to be used for a new protocol, etc which
+requires new class-specific data formats, or when a copy of the existing
+name space is desired, but a separate management domain is necessary.
+
+New types and classes need mnemonics for master files; the format of the
+master files requires that the mnemonics for type and class be disjoint.
+
+TYPE and CLASS values must be a proper subset of QTYPEs and QCLASSes
+respectively.
+
+The present system uses multiple RRs to represent multiple values of a
+type rather than storing multiple values in the RDATA section of a
+single RR. This is less efficient for most applications, but does keep
+RRs shorter. The multiple RRs assumption is incorporated in some
+experimental work on dynamic update methods.
+
+The present system attempts to minimize the duplication of data in the
+database in order to insure consistency. Thus, in order to find the
+address of the host for a mail exchange, you map the mail domain name to
+a host name, then the host name to addresses, rather than a direct
+mapping to host address. This approach is preferred because it avoids
+the opportunity for inconsistency.
+
+In defining a new type of data, multiple RR types should not be used to
+create an ordering between entries or express different formats for
+equivalent bindings, instead this information should be carried in the
+body of the RR and a single type used. This policy avoids problems with
+caching multiple types and defining QTYPEs to match multiple types.
+
+For example, the original form of mail exchange binding used two RR
+types one to represent a "closer" exchange (MD) and one to represent a
+"less close" exchange (MF). The difficulty is that the presence of one
+RR type in a cache doesn't convey any information about the other
+because the query which acquired the cached information might have used
+a QTYPE of MF, MD, or MAILA (which matched both). The redesigned
+
+
+
+Mockapetris [Page 24]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+service used a single type (MX) with a "preference" value in the RDATA
+section which can order different RRs. However, if any MX RRs are found
+in the cache, then all should be there.
+
+4. MESSAGES
+
+4.1. Format
+
+All communications inside of the domain protocol are carried in a single
+format called a message. The top level format of message is divided
+into 5 sections (some of which are empty in certain cases) shown below:
+
+ +---------------------+
+ | Header |
+ +---------------------+
+ | Question | the question for the name server
+ +---------------------+
+ | Answer | RRs answering the question
+ +---------------------+
+ | Authority | RRs pointing toward an authority
+ +---------------------+
+ | Additional | RRs holding additional information
+ +---------------------+
+
+The header section is always present. The header includes fields that
+specify which of the remaining sections are present, and also specify
+whether the message is a query or a response, a standard query or some
+other opcode, etc.
+
+The names of the sections after the header are derived from their use in
+standard queries. The question section contains fields that describe a
+question to a name server. These fields are a query type (QTYPE), a
+query class (QCLASS), and a query domain name (QNAME). The last three
+sections have the same format: a possibly empty list of concatenated
+resource records (RRs). The answer section contains RRs that answer the
+question; the authority section contains RRs that point toward an
+authoritative name server; the additional records section contains RRs
+which relate to the query, but are not strictly answers for the
+question.
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 25]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+4.1.1. Header section format
+
+The header contains the following fields:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ID |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ |QR| Opcode |AA|TC|RD|RA| Z | RCODE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QDCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ANCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | NSCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | ARCOUNT |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID A 16 bit identifier assigned by the program that
+ generates any kind of query. This identifier is copied
+ the corresponding reply and can be used by the requester
+ to match up replies to outstanding queries.
+
+QR A one bit field that specifies whether this message is a
+ query (0), or a response (1).
+
+OPCODE A four bit field that specifies kind of query in this
+ message. This value is set by the originator of a query
+ and copied into the response. The values are:
+
+ 0 a standard query (QUERY)
+
+ 1 an inverse query (IQUERY)
+
+ 2 a server status request (STATUS)
+
+ 3-15 reserved for future use
+
+AA Authoritative Answer - this bit is valid in responses,
+ and specifies that the responding name server is an
+ authority for the domain name in question section.
+
+ Note that the contents of the answer section may have
+ multiple owner names because of aliases. The AA bit
+
+
+
+Mockapetris [Page 26]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ corresponds to the name which matches the query name, or
+ the first owner name in the answer section.
+
+TC TrunCation - specifies that this message was truncated
+ due to length greater than that permitted on the
+ transmission channel.
+
+RD Recursion Desired - this bit may be set in a query and
+ is copied into the response. If RD is set, it directs
+ the name server to pursue the query recursively.
+ Recursive query support is optional.
+
+RA Recursion Available - this be is set or cleared in a
+ response, and denotes whether recursive query support is
+ available in the name server.
+
+Z Reserved for future use. Must be zero in all queries
+ and responses.
+
+RCODE Response code - this 4 bit field is set as part of
+ responses. The values have the following
+ interpretation:
+
+ 0 No error condition
+
+ 1 Format error - The name server was
+ unable to interpret the query.
+
+ 2 Server failure - The name server was
+ unable to process this query due to a
+ problem with the name server.
+
+ 3 Name Error - Meaningful only for
+ responses from an authoritative name
+ server, this code signifies that the
+ domain name referenced in the query does
+ not exist.
+
+ 4 Not Implemented - The name server does
+ not support the requested kind of query.
+
+ 5 Refused - The name server refuses to
+ perform the specified operation for
+ policy reasons. For example, a name
+ server may not wish to provide the
+ information to the particular requester,
+ or a name server may not wish to perform
+ a particular operation (e.g., zone
+
+
+
+Mockapetris [Page 27]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ transfer) for particular data.
+
+ 6-15 Reserved for future use.
+
+QDCOUNT an unsigned 16 bit integer specifying the number of
+ entries in the question section.
+
+ANCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the answer section.
+
+NSCOUNT an unsigned 16 bit integer specifying the number of name
+ server resource records in the authority records
+ section.
+
+ARCOUNT an unsigned 16 bit integer specifying the number of
+ resource records in the additional records section.
+
+4.1.2. Question section format
+
+The question section is used to carry the "question" in most queries,
+i.e., the parameters that define what is being asked. The section
+contains QDCOUNT (usually 1) entries, each of the following format:
+
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / QNAME /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QTYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | QCLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+QNAME a domain name represented as a sequence of labels, where
+ each label consists of a length octet followed by that
+ number of octets. The domain name terminates with the
+ zero length octet for the null label of the root. Note
+ that this field may be an odd number of octets; no
+ padding is used.
+
+QTYPE a two octet code which specifies the type of the query.
+ The values for this field include all codes valid for a
+ TYPE field, together with some more general codes which
+ can match more than one type of RR.
+
+
+
+Mockapetris [Page 28]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+QCLASS a two octet code that specifies the class of the query.
+ For example, the QCLASS field is IN for the Internet.
+
+4.1.3. Resource record format
+
+The answer, authority, and additional sections all share the same
+format: a variable number of resource records, where the number of
+records is specified in the corresponding count field in the header.
+Each resource record has the following format:
+ 1 1 1 1 1 1
+ 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | |
+ / /
+ / NAME /
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TYPE |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | CLASS |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | TTL |
+ | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | RDLENGTH |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+ / RDATA /
+ / /
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME a domain name to which this resource record pertains.
+
+TYPE two octets containing one of the RR type codes. This
+ field specifies the meaning of the data in the RDATA
+ field.
+
+CLASS two octets which specify the class of the data in the
+ RDATA field.
+
+TTL a 32 bit unsigned integer that specifies the time
+ interval (in seconds) that the resource record may be
+ cached before it should be discarded. Zero values are
+ interpreted to mean that the RR can only be used for the
+ transaction in progress, and should not be cached.
+
+
+
+
+
+Mockapetris [Page 29]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+RDLENGTH an unsigned 16 bit integer that specifies the length in
+ octets of the RDATA field.
+
+RDATA a variable length string of octets that describes the
+ resource. The format of this information varies
+ according to the TYPE and CLASS of the resource record.
+ For example, the if the TYPE is A and the CLASS is IN,
+ the RDATA field is a 4 octet ARPA Internet address.
+
+4.1.4. Message compression
+
+In order to reduce the size of messages, the domain system utilizes a
+compression scheme which eliminates the repetition of domain names in a
+message. In this scheme, an entire domain name or a list of labels at
+the end of a domain name is replaced with a pointer to a prior occurrence
+of the same name.
+
+The pointer takes the form of a two octet sequence:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ | 1 1| OFFSET |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The first two bits are ones. This allows a pointer to be distinguished
+from a label, since the label must begin with two zero bits because
+labels are restricted to 63 octets or less. (The 10 and 01 combinations
+are reserved for future use.) The OFFSET field specifies an offset from
+the start of the message (i.e., the first octet of the ID field in the
+domain header). A zero offset specifies the first byte of the ID field,
+etc.
+
+The compression scheme allows a domain name in a message to be
+represented as either:
+
+ - a sequence of labels ending in a zero octet
+
+ - a pointer
+
+ - a sequence of labels ending with a pointer
+
+Pointers can only be used for occurrences of a domain name where the
+format is not class specific. If this were not the case, a name server
+or resolver would be required to know the format of all RRs it handled.
+As yet, there are no such cases, but they may occur in future RDATA
+formats.
+
+If a domain name is contained in a part of the message subject to a
+length field (such as the RDATA section of an RR), and compression is
+
+
+
+Mockapetris [Page 30]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+used, the length of the compressed name is used in the length
+calculation, rather than the length of the expanded name.
+
+Programs are free to avoid using pointers in messages they generate,
+although this will reduce datagram capacity, and may cause truncation.
+However all programs are required to understand arriving messages that
+contain pointers.
+
+For example, a datagram might need to use the domain names F.ISI.ARPA,
+FOO.F.ISI.ARPA, ARPA, and the root. Ignoring the other fields of the
+message, these domain names might be represented as:
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 20 | 1 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 22 | 3 | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 24 | S | I |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 26 | 4 | A |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 28 | R | P |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 30 | A | 0 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 40 | 3 | F |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 42 | O | O |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 44 | 1 1| 20 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 64 | 1 1| 26 |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ 92 | 0 | |
+ +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+The domain name for F.ISI.ARPA is shown at offset 20. The domain name
+FOO.F.ISI.ARPA is shown at offset 40; this definition uses a pointer to
+concatenate a label for FOO to the previously defined F.ISI.ARPA. The
+domain name ARPA is defined at offset 64 using a pointer to the ARPA
+component of the name F.ISI.ARPA at 20; note that this pointer relies on
+ARPA being the last label in the string at 20. The root domain name is
+
+
+
+Mockapetris [Page 31]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+defined by a single octet of zeros at 92; the root domain name has no
+labels.
+
+4.2. Transport
+
+The DNS assumes that messages will be transmitted as datagrams or in a
+byte stream carried by a virtual circuit. While virtual circuits can be
+used for any DNS activity, datagrams are preferred for queries due to
+their lower overhead and better performance. Zone refresh activities
+must use virtual circuits because of the need for reliable transfer.
+
+The Internet supports name server access using TCP [RFC-793] on server
+port 53 (decimal) as well as datagram access using UDP [RFC-768] on UDP
+port 53 (decimal).
+
+4.2.1. UDP usage
+
+Messages sent using UDP user server port 53 (decimal).
+
+Messages carried by UDP are restricted to 512 bytes (not counting the IP
+or UDP headers). Longer messages are truncated and the TC bit is set in
+the header.
+
+UDP is not acceptable for zone transfers, but is the recommended method
+for standard queries in the Internet. Queries sent using UDP may be
+lost, and hence a retransmission strategy is required. Queries or their
+responses may be reordered by the network, or by processing in name
+servers, so resolvers should not depend on them being returned in order.
+
+The optimal UDP retransmission policy will vary with performance of the
+Internet and the needs of the client, but the following are recommended:
+
+ - The client should try other servers and server addresses
+ before repeating a query to a specific address of a server.
+
+ - The retransmission interval should be based on prior
+ statistics if possible. Too aggressive retransmission can
+ easily slow responses for the community at large. Depending
+ on how well connected the client is to its expected servers,
+ the minimum retransmission interval should be 2-5 seconds.
+
+More suggestions on server selection and retransmission policy can be
+found in the resolver section of this memo.
+
+4.2.2. TCP usage
+
+Messages sent over TCP connections use server port 53 (decimal). The
+message is prefixed with a two byte length field which gives the message
+
+
+
+Mockapetris [Page 32]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+length, excluding the two byte length field. This length field allows
+the low-level processing to assemble a complete message before beginning
+to parse it.
+
+Several connection management policies are recommended:
+
+ - The server should not block other activities waiting for TCP
+ data.
+
+ - The server should support multiple connections.
+
+ - The server should assume that the client will initiate
+ connection closing, and should delay closing its end of the
+ connection until all outstanding client requests have been
+ satisfied.
+
+ - If the server needs to close a dormant connection to reclaim
+ resources, it should wait until the connection has been idle
+ for a period on the order of two minutes. In particular, the
+ server should allow the SOA and AXFR request sequence (which
+ begins a refresh operation) to be made on a single connection.
+ Since the server would be unable to answer queries anyway, a
+ unilateral close or reset may be used instead of a graceful
+ close.
+
+5. MASTER FILES
+
+Master files are text files that contain RRs in text form. Since the
+contents of a zone can be expressed in the form of a list of RRs a
+master file is most often used to define a zone, though it can be used
+to list a cache's contents. Hence, this section first discusses the
+format of RRs in a master file, and then the special considerations when
+a master file is used to create a zone in some name server.
+
+5.1. Format
+
+The format of these files is a sequence of entries. Entries are
+predominantly line-oriented, though parentheses can be used to continue
+a list of items across a line boundary, and text literals can contain
+CRLF within the text. Any combination of tabs and spaces act as a
+delimiter between the separate items that make up an entry. The end of
+any line in the master file can end with a comment. The comment starts
+with a ";" (semicolon).
+
+The following entries are defined:
+
+ <blank>[<comment>]
+
+
+
+
+Mockapetris [Page 33]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ $ORIGIN <domain-name> [<comment>]
+
+ $INCLUDE <file-name> [<domain-name>] [<comment>]
+
+ <domain-name><rr> [<comment>]
+
+ <blank><rr> [<comment>]
+
+Blank lines, with or without comments, are allowed anywhere in the file.
+
+Two control entries are defined: $ORIGIN and $INCLUDE. $ORIGIN is
+followed by a domain name, and resets the current origin for relative
+domain names to the stated name. $INCLUDE inserts the named file into
+the current file, and may optionally specify a domain name that sets the
+relative domain name origin for the included file. $INCLUDE may also
+have a comment. Note that a $INCLUDE entry never changes the relative
+origin of the parent file, regardless of changes to the relative origin
+made within the included file.
+
+The last two forms represent RRs. If an entry for an RR begins with a
+blank, then the RR is assumed to be owned by the last stated owner. If
+an RR entry begins with a <domain-name>, then the owner name is reset.
+
+<rr> contents take one of the following forms:
+
+ [<TTL>] [<class>] <type> <RDATA>
+
+ [<class>] [<TTL>] <type> <RDATA>
+
+The RR begins with optional TTL and class fields, followed by a type and
+RDATA field appropriate to the type and class. Class and type use the
+standard mnemonics, TTL is a decimal integer. Omitted class and TTL
+values are default to the last explicitly stated values. Since type and
+class mnemonics are disjoint, the parse is unique. (Note that this
+order is different from the order used in examples and the order used in
+the actual RRs; the given order allows easier parsing and defaulting.)
+
+<domain-name>s make up a large share of the data in the master file.
+The labels in the domain name are expressed as character strings and
+separated by dots. Quoting conventions allow arbitrary characters to be
+stored in domain names. Domain names that end in a dot are called
+absolute, and are taken as complete. Domain names which do not end in a
+dot are called relative; the actual domain name is the concatenation of
+the relative part with an origin specified in a $ORIGIN, $INCLUDE, or as
+an argument to the master file loading routine. A relative name is an
+error when no origin is available.
+
+
+
+
+
+Mockapetris [Page 34]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+<character-string> is expressed in one or two ways: as a contiguous set
+of characters without interior spaces, or as a string beginning with a "
+and ending with a ". Inside a " delimited string any character can
+occur, except for a " itself, which must be quoted using \ (back slash).
+
+Because these files are text files several special encodings are
+necessary to allow arbitrary data to be loaded. In particular:
+
+ of the root.
+
+@ A free standing @ is used to denote the current origin.
+
+\X where X is any character other than a digit (0-9), is
+ used to quote that character so that its special meaning
+ does not apply. For example, "\." can be used to place
+ a dot character in a label.
+
+\DDD where each D is a digit is the octet corresponding to
+ the decimal number described by DDD. The resulting
+ octet is assumed to be text and is not checked for
+ special meaning.
+
+( ) Parentheses are used to group data that crosses a line
+ boundary. In effect, line terminations are not
+ recognized within parentheses.
+
+; Semicolon is used to start a comment; the remainder of
+ the line is ignored.
+
+5.2. Use of master files to define zones
+
+When a master file is used to load a zone, the operation should be
+suppressed if any errors are encountered in the master file. The
+rationale for this is that a single error can have widespread
+consequences. For example, suppose that the RRs defining a delegation
+have syntax errors; then the server will return authoritative name
+errors for all names in the subzone (except in the case where the
+subzone is also present on the server).
+
+Several other validity checks that should be performed in addition to
+insuring that the file is syntactically correct:
+
+ 1. All RRs in the file should have the same class.
+
+ 2. Exactly one SOA RR should be present at the top of the zone.
+
+ 3. If delegations are present and glue information is required,
+ it should be present.
+
+
+
+Mockapetris [Page 35]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 4. Information present outside of the authoritative nodes in the
+ zone should be glue information, rather than the result of an
+ origin or similar error.
+
+5.3. Master file example
+
+The following is an example file which might be used to define the
+ISI.EDU zone.and is loaded with an origin of ISI.EDU:
+
+@ IN SOA VENERA Action\.domains (
+ 20 ; SERIAL
+ 7200 ; REFRESH
+ 600 ; RETRY
+ 3600000; EXPIRE
+ 60) ; MINIMUM
+
+ NS A.ISI.EDU.
+ NS VENERA
+ NS VAXA
+ MX 10 VENERA
+ MX 20 VAXA
+
+A A 26.3.0.103
+
+VENERA A 10.1.0.52
+ A 128.9.0.32
+
+VAXA A 10.2.0.27
+ A 128.9.0.33
+
+
+$INCLUDE <SUBSYS>ISI-MAILBOXES.TXT
+
+Where the file <SUBSYS>ISI-MAILBOXES.TXT is:
+
+ MOE MB A.ISI.EDU.
+ LARRY MB A.ISI.EDU.
+ CURLEY MB A.ISI.EDU.
+ STOOGES MG MOE
+ MG LARRY
+ MG CURLEY
+
+Note the use of the \ character in the SOA RR to specify the responsible
+person mailbox "Action.domains@E.ISI.EDU".
+
+
+
+
+
+
+
+Mockapetris [Page 36]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+6. NAME SERVER IMPLEMENTATION
+
+6.1. Architecture
+
+The optimal structure for the name server will depend on the host
+operating system and whether the name server is integrated with resolver
+operations, either by supporting recursive service, or by sharing its
+database with a resolver. This section discusses implementation
+considerations for a name server which shares a database with a
+resolver, but most of these concerns are present in any name server.
+
+6.1.1. Control
+
+A name server must employ multiple concurrent activities, whether they
+are implemented as separate tasks in the host's OS or multiplexing
+inside a single name server program. It is simply not acceptable for a
+name server to block the service of UDP requests while it waits for TCP
+data for refreshing or query activities. Similarly, a name server
+should not attempt to provide recursive service without processing such
+requests in parallel, though it may choose to serialize requests from a
+single client, or to regard identical requests from the same client as
+duplicates. A name server should not substantially delay requests while
+it reloads a zone from master files or while it incorporates a newly
+refreshed zone into its database.
+
+6.1.2. Database
+
+While name server implementations are free to use any internal data
+structures they choose, the suggested structure consists of three major
+parts:
+
+ - A "catalog" data structure which lists the zones available to
+ this server, and a "pointer" to the zone data structure. The
+ main purpose of this structure is to find the nearest ancestor
+ zone, if any, for arriving standard queries.
+
+ - Separate data structures for each of the zones held by the
+ name server.
+
+ - A data structure for cached data. (or perhaps separate caches
+ for different classes)
+
+All of these data structures can be implemented an identical tree
+structure format, with different data chained off the nodes in different
+parts: in the catalog the data is pointers to zones, while in the zone
+and cache data structures, the data will be RRs. In designing the tree
+framework the designer should recognize that query processing will need
+to traverse the tree using case-insensitive label comparisons; and that
+
+
+
+Mockapetris [Page 37]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+in real data, a few nodes have a very high branching factor (100-1000 or
+more), but the vast majority have a very low branching factor (0-1).
+
+One way to solve the case problem is to store the labels for each node
+in two pieces: a standardized-case representation of the label where all
+ASCII characters are in a single case, together with a bit mask that
+denotes which characters are actually of a different case. The
+branching factor diversity can be handled using a simple linked list for
+a node until the branching factor exceeds some threshold, and
+transitioning to a hash structure after the threshold is exceeded. In
+any case, hash structures used to store tree sections must insure that
+hash functions and procedures preserve the casing conventions of the
+DNS.
+
+The use of separate structures for the different parts of the database
+is motivated by several factors:
+
+ - The catalog structure can be an almost static structure that
+ need change only when the system administrator changes the
+ zones supported by the server. This structure can also be
+ used to store parameters used to control refreshing
+ activities.
+
+ - The individual data structures for zones allow a zone to be
+ replaced simply by changing a pointer in the catalog. Zone
+ refresh operations can build a new structure and, when
+ complete, splice it into the database via a simple pointer
+ replacement. It is very important that when a zone is
+ refreshed, queries should not use old and new data
+ simultaneously.
+
+ - With the proper search procedures, authoritative data in zones
+ will always "hide", and hence take precedence over, cached
+ data.
+
+ - Errors in zone definitions that cause overlapping zones, etc.,
+ may cause erroneous responses to queries, but problem
+ determination is simplified, and the contents of one "bad"
+ zone can't corrupt another.
+
+ - Since the cache is most frequently updated, it is most
+ vulnerable to corruption during system restarts. It can also
+ become full of expired RR data. In either case, it can easily
+ be discarded without disturbing zone data.
+
+A major aspect of database design is selecting a structure which allows
+the name server to deal with crashes of the name server's host. State
+information which a name server should save across system crashes
+
+
+
+Mockapetris [Page 38]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+includes the catalog structure (including the state of refreshing for
+each zone) and the zone data itself.
+
+6.1.3. Time
+
+Both the TTL data for RRs and the timing data for refreshing activities
+depends on 32 bit timers in units of seconds. Inside the database,
+refresh timers and TTLs for cached data conceptually "count down", while
+data in the zone stays with constant TTLs.
+
+A recommended implementation strategy is to store time in two ways: as
+a relative increment and as an absolute time. One way to do this is to
+use positive 32 bit numbers for one type and negative numbers for the
+other. The RRs in zones use relative times; the refresh timers and
+cache data use absolute times. Absolute numbers are taken with respect
+to some known origin and converted to relative values when placed in the
+response to a query. When an absolute TTL is negative after conversion
+to relative, then the data is expired and should be ignored.
+
+6.2. Standard query processing
+
+The major algorithm for standard query processing is presented in
+[RFC-1034].
+
+When processing queries with QCLASS=*, or some other QCLASS which
+matches multiple classes, the response should never be authoritative
+unless the server can guarantee that the response covers all classes.
+
+When composing a response, RRs which are to be inserted in the
+additional section, but duplicate RRs in the answer or authority
+sections, may be omitted from the additional section.
+
+When a response is so long that truncation is required, the truncation
+should start at the end of the response and work forward in the
+datagram. Thus if there is any data for the authority section, the
+answer section is guaranteed to be unique.
+
+The MINIMUM value in the SOA should be used to set a floor on the TTL of
+data distributed from a zone. This floor function should be done when
+the data is copied into a response. This will allow future dynamic
+update protocols to change the SOA MINIMUM field without ambiguous
+semantics.
+
+6.3. Zone refresh and reload processing
+
+In spite of a server's best efforts, it may be unable to load zone data
+from a master file due to syntax errors, etc., or be unable to refresh a
+zone within the its expiration parameter. In this case, the name server
+
+
+
+Mockapetris [Page 39]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+should answer queries as if it were not supposed to possess the zone.
+
+If a master is sending a zone out via AXFR, and a new version is created
+during the transfer, the master should continue to send the old version
+if possible. In any case, it should never send part of one version and
+part of another. If completion is not possible, the master should reset
+the connection on which the zone transfer is taking place.
+
+6.4. Inverse queries (Optional)
+
+Inverse queries are an optional part of the DNS. Name servers are not
+required to support any form of inverse queries. If a name server
+receives an inverse query that it does not support, it returns an error
+response with the "Not Implemented" error set in the header. While
+inverse query support is optional, all name servers must be at least
+able to return the error response.
+
+6.4.1. The contents of inverse queries and responses Inverse
+queries reverse the mappings performed by standard query operations;
+while a standard query maps a domain name to a resource, an inverse
+query maps a resource to a domain name. For example, a standard query
+might bind a domain name to a host address; the corresponding inverse
+query binds the host address to a domain name.
+
+Inverse queries take the form of a single RR in the answer section of
+the message, with an empty question section. The owner name of the
+query RR and its TTL are not significant. The response carries
+questions in the question section which identify all names possessing
+the query RR WHICH THE NAME SERVER KNOWS. Since no name server knows
+about all of the domain name space, the response can never be assumed to
+be complete. Thus inverse queries are primarily useful for database
+management and debugging activities. Inverse queries are NOT an
+acceptable method of mapping host addresses to host names; use the IN-
+ADDR.ARPA domain instead.
+
+Where possible, name servers should provide case-insensitive comparisons
+for inverse queries. Thus an inverse query asking for an MX RR of
+"Venera.isi.edu" should get the same response as a query for
+"VENERA.ISI.EDU"; an inverse query for HINFO RR "IBM-PC UNIX" should
+produce the same result as an inverse query for "IBM-pc unix". However,
+this cannot be guaranteed because name servers may possess RRs that
+contain character strings but the name server does not know that the
+data is character.
+
+When a name server processes an inverse query, it either returns:
+
+ 1. zero, one, or multiple domain names for the specified
+ resource as QNAMEs in the question section
+
+
+
+Mockapetris [Page 40]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 2. an error code indicating that the name server doesn't support
+ inverse mapping of the specified resource type.
+
+When the response to an inverse query contains one or more QNAMEs, the
+owner name and TTL of the RR in the answer section which defines the
+inverse query is modified to exactly match an RR found at the first
+QNAME.
+
+RRs returned in the inverse queries cannot be cached using the same
+mechanism as is used for the replies to standard queries. One reason
+for this is that a name might have multiple RRs of the same type, and
+only one would appear. For example, an inverse query for a single
+address of a multiply homed host might create the impression that only
+one address existed.
+
+6.4.2. Inverse query and response example The overall structure
+of an inverse query for retrieving the domain name that corresponds to
+Internet address 10.1.0.52 is shown below:
+
+ +-----------------------------------------+
+ Header | OPCODE=IQUERY, ID=997 |
+ +-----------------------------------------+
+ Question | <empty> |
+ +-----------------------------------------+
+ Answer | <anyname> A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+This query asks for a question whose answer is the Internet style
+address 10.1.0.52. Since the owner name is not known, any domain name
+can be used as a placeholder (and is ignored). A single octet of zero,
+signifying the root, is usually used because it minimizes the length of
+the message. The TTL of the RR is not significant. The response to
+this query might be:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 41]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ +-----------------------------------------+
+ Header | OPCODE=RESPONSE, ID=997 |
+ +-----------------------------------------+
+ Question |QTYPE=A, QCLASS=IN, QNAME=VENERA.ISI.EDU |
+ +-----------------------------------------+
+ Answer | VENERA.ISI.EDU A IN 10.1.0.52 |
+ +-----------------------------------------+
+ Authority | <empty> |
+ +-----------------------------------------+
+ Additional | <empty> |
+ +-----------------------------------------+
+
+Note that the QTYPE in a response to an inverse query is the same as the
+TYPE field in the answer section of the inverse query. Responses to
+inverse queries may contain multiple questions when the inverse is not
+unique. If the question section in the response is not empty, then the
+RR in the answer section is modified to correspond to be an exact copy
+of an RR at the first QNAME.
+
+6.4.3. Inverse query processing
+
+Name servers that support inverse queries can support these operations
+through exhaustive searches of their databases, but this becomes
+impractical as the size of the database increases. An alternative
+approach is to invert the database according to the search key.
+
+For name servers that support multiple zones and a large amount of data,
+the recommended approach is separate inversions for each zone. When a
+particular zone is changed during a refresh, only its inversions need to
+be redone.
+
+Support for transfer of this type of inversion may be included in future
+versions of the domain system, but is not supported in this version.
+
+6.5. Completion queries and responses
+
+The optional completion services described in RFC-882 and RFC-883 have
+been deleted. Redesigned services may become available in the future.
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 42]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7. RESOLVER IMPLEMENTATION
+
+The top levels of the recommended resolver algorithm are discussed in
+[RFC-1034]. This section discusses implementation details assuming the
+database structure suggested in the name server implementation section
+of this memo.
+
+7.1. Transforming a user request into a query
+
+The first step a resolver takes is to transform the client's request,
+stated in a format suitable to the local OS, into a search specification
+for RRs at a specific name which match a specific QTYPE and QCLASS.
+Where possible, the QTYPE and QCLASS should correspond to a single type
+and a single class, because this makes the use of cached data much
+simpler. The reason for this is that the presence of data of one type
+in a cache doesn't confirm the existence or non-existence of data of
+other types, hence the only way to be sure is to consult an
+authoritative source. If QCLASS=* is used, then authoritative answers
+won't be available.
+
+Since a resolver must be able to multiplex multiple requests if it is to
+perform its function efficiently, each pending request is usually
+represented in some block of state information. This state block will
+typically contain:
+
+ - A timestamp indicating the time the request began.
+ The timestamp is used to decide whether RRs in the database
+ can be used or are out of date. This timestamp uses the
+ absolute time format previously discussed for RR storage in
+ zones and caches. Note that when an RRs TTL indicates a
+ relative time, the RR must be timely, since it is part of a
+ zone. When the RR has an absolute time, it is part of a
+ cache, and the TTL of the RR is compared against the timestamp
+ for the start of the request.
+
+ Note that using the timestamp is superior to using a current
+ time, since it allows RRs with TTLs of zero to be entered in
+ the cache in the usual manner, but still used by the current
+ request, even after intervals of many seconds due to system
+ load, query retransmission timeouts, etc.
+
+ - Some sort of parameters to limit the amount of work which will
+ be performed for this request.
+
+ The amount of work which a resolver will do in response to a
+ client request must be limited to guard against errors in the
+ database, such as circular CNAME references, and operational
+ problems, such as network partition which prevents the
+
+
+
+Mockapetris [Page 43]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ resolver from accessing the name servers it needs. While
+ local limits on the number of times a resolver will retransmit
+ a particular query to a particular name server address are
+ essential, the resolver should have a global per-request
+ counter to limit work on a single request. The counter should
+ be set to some initial value and decremented whenever the
+ resolver performs any action (retransmission timeout,
+ retransmission, etc.) If the counter passes zero, the request
+ is terminated with a temporary error.
+
+ Note that if the resolver structure allows one request to
+ start others in parallel, such as when the need to access a
+ name server for one request causes a parallel resolve for the
+ name server's addresses, the spawned request should be started
+ with a lower counter. This prevents circular references in
+ the database from starting a chain reaction of resolver
+ activity.
+
+ - The SLIST data structure discussed in [RFC-1034].
+
+ This structure keeps track of the state of a request if it
+ must wait for answers from foreign name servers.
+
+7.2. Sending the queries
+
+As described in [RFC-1034], the basic task of the resolver is to
+formulate a query which will answer the client's request and direct that
+query to name servers which can provide the information. The resolver
+will usually only have very strong hints about which servers to ask, in
+the form of NS RRs, and may have to revise the query, in response to
+CNAMEs, or revise the set of name servers the resolver is asking, in
+response to delegation responses which point the resolver to name
+servers closer to the desired information. In addition to the
+information requested by the client, the resolver may have to call upon
+its own services to determine the address of name servers it wishes to
+contact.
+
+In any case, the model used in this memo assumes that the resolver is
+multiplexing attention between multiple requests, some from the client,
+and some internally generated. Each request is represented by some
+state information, and the desired behavior is that the resolver
+transmit queries to name servers in a way that maximizes the probability
+that the request is answered, minimizes the time that the request takes,
+and avoids excessive transmissions. The key algorithm uses the state
+information of the request to select the next name server address to
+query, and also computes a timeout which will cause the next action
+should a response not arrive. The next action will usually be a
+transmission to some other server, but may be a temporary error to the
+
+
+
+Mockapetris [Page 44]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+client.
+
+The resolver always starts with a list of server names to query (SLIST).
+This list will be all NS RRs which correspond to the nearest ancestor
+zone that the resolver knows about. To avoid startup problems, the
+resolver should have a set of default servers which it will ask should
+it have no current NS RRs which are appropriate. The resolver then adds
+to SLIST all of the known addresses for the name servers, and may start
+parallel requests to acquire the addresses of the servers when the
+resolver has the name, but no addresses, for the name servers.
+
+To complete initialization of SLIST, the resolver attaches whatever
+history information it has to the each address in SLIST. This will
+usually consist of some sort of weighted averages for the response time
+of the address, and the batting average of the address (i.e., how often
+the address responded at all to the request). Note that this
+information should be kept on a per address basis, rather than on a per
+name server basis, because the response time and batting average of a
+particular server may vary considerably from address to address. Note
+also that this information is actually specific to a resolver address /
+server address pair, so a resolver with multiple addresses may wish to
+keep separate histories for each of its addresses. Part of this step
+must deal with addresses which have no such history; in this case an
+expected round trip time of 5-10 seconds should be the worst case, with
+lower estimates for the same local network, etc.
+
+Note that whenever a delegation is followed, the resolver algorithm
+reinitializes SLIST.
+
+The information establishes a partial ranking of the available name
+server addresses. Each time an address is chosen and the state should
+be altered to prevent its selection again until all other addresses have
+been tried. The timeout for each transmission should be 50-100% greater
+than the average predicted value to allow for variance in response.
+
+Some fine points:
+
+ - The resolver may encounter a situation where no addresses are
+ available for any of the name servers named in SLIST, and
+ where the servers in the list are precisely those which would
+ normally be used to look up their own addresses. This
+ situation typically occurs when the glue address RRs have a
+ smaller TTL than the NS RRs marking delegation, or when the
+ resolver caches the result of a NS search. The resolver
+ should detect this condition and restart the search at the
+ next ancestor zone, or alternatively at the root.
+
+
+
+
+
+Mockapetris [Page 45]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ - If a resolver gets a server error or other bizarre response
+ from a name server, it should remove it from SLIST, and may
+ wish to schedule an immediate transmission to the next
+ candidate server address.
+
+7.3. Processing responses
+
+The first step in processing arriving response datagrams is to parse the
+response. This procedure should include:
+
+ - Check the header for reasonableness. Discard datagrams which
+ are queries when responses are expected.
+
+ - Parse the sections of the message, and insure that all RRs are
+ correctly formatted.
+
+ - As an optional step, check the TTLs of arriving data looking
+ for RRs with excessively long TTLs. If a RR has an
+ excessively long TTL, say greater than 1 week, either discard
+ the whole response, or limit all TTLs in the response to 1
+ week.
+
+The next step is to match the response to a current resolver request.
+The recommended strategy is to do a preliminary matching using the ID
+field in the domain header, and then to verify that the question section
+corresponds to the information currently desired. This requires that
+the transmission algorithm devote several bits of the domain ID field to
+a request identifier of some sort. This step has several fine points:
+
+ - Some name servers send their responses from different
+ addresses than the one used to receive the query. That is, a
+ resolver cannot rely that a response will come from the same
+ address which it sent the corresponding query to. This name
+ server bug is typically encountered in UNIX systems.
+
+ - If the resolver retransmits a particular request to a name
+ server it should be able to use a response from any of the
+ transmissions. However, if it is using the response to sample
+ the round trip time to access the name server, it must be able
+ to determine which transmission matches the response (and keep
+ transmission times for each outgoing message), or only
+ calculate round trip times based on initial transmissions.
+
+ - A name server will occasionally not have a current copy of a
+ zone which it should have according to some NS RRs. The
+ resolver should simply remove the name server from the current
+ SLIST, and continue.
+
+
+
+
+Mockapetris [Page 46]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+7.4. Using the cache
+
+In general, we expect a resolver to cache all data which it receives in
+responses since it may be useful in answering future client requests.
+However, there are several types of data which should not be cached:
+
+ - When several RRs of the same type are available for a
+ particular owner name, the resolver should either cache them
+ all or none at all. When a response is truncated, and a
+ resolver doesn't know whether it has a complete set, it should
+ not cache a possibly partial set of RRs.
+
+ - Cached data should never be used in preference to
+ authoritative data, so if caching would cause this to happen
+ the data should not be cached.
+
+ - The results of an inverse query should not be cached.
+
+ - The results of standard queries where the QNAME contains "*"
+ labels if the data might be used to construct wildcards. The
+ reason is that the cache does not necessarily contain existing
+ RRs or zone boundary information which is necessary to
+ restrict the application of the wildcard RRs.
+
+ - RR data in responses of dubious reliability. When a resolver
+ receives unsolicited responses or RR data other than that
+ requested, it should discard it without caching it. The basic
+ implication is that all sanity checks on a packet should be
+ performed before any of it is cached.
+
+In a similar vein, when a resolver has a set of RRs for some name in a
+response, and wants to cache the RRs, it should check its cache for
+already existing RRs. Depending on the circumstances, either the data
+in the response or the cache is preferred, but the two should never be
+combined. If the data in the response is from authoritative data in the
+answer section, it is always preferred.
+
+8. MAIL SUPPORT
+
+The domain system defines a standard for mapping mailboxes into domain
+names, and two methods for using the mailbox information to derive mail
+routing information. The first method is called mail exchange binding
+and the other method is mailbox binding. The mailbox encoding standard
+and mail exchange binding are part of the DNS official protocol, and are
+the recommended method for mail routing in the Internet. Mailbox
+binding is an experimental feature which is still under development and
+subject to change.
+
+
+
+
+Mockapetris [Page 47]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+The mailbox encoding standard assumes a mailbox name of the form
+"<local-part>@<mail-domain>". While the syntax allowed in each of these
+sections varies substantially between the various mail internets, the
+preferred syntax for the ARPA Internet is given in [RFC-822].
+
+The DNS encodes the <local-part> as a single label, and encodes the
+<mail-domain> as a domain name. The single label from the <local-part>
+is prefaced to the domain name from <mail-domain> to form the domain
+name corresponding to the mailbox. Thus the mailbox HOSTMASTER@SRI-
+NIC.ARPA is mapped into the domain name HOSTMASTER.SRI-NIC.ARPA. If the
+<local-part> contains dots or other special characters, its
+representation in a master file will require the use of backslash
+quoting to ensure that the domain name is properly encoded. For
+example, the mailbox Action.domains@ISI.EDU would be represented as
+Action\.domains.ISI.EDU.
+
+8.1. Mail exchange binding
+
+Mail exchange binding uses the <mail-domain> part of a mailbox
+specification to determine where mail should be sent. The <local-part>
+is not even consulted. [RFC-974] specifies this method in detail, and
+should be consulted before attempting to use mail exchange support.
+
+One of the advantages of this method is that it decouples mail
+destination naming from the hosts used to support mail service, at the
+cost of another layer of indirection in the lookup function. However,
+the addition layer should eliminate the need for complicated "%", "!",
+etc encodings in <local-part>.
+
+The essence of the method is that the <mail-domain> is used as a domain
+name to locate type MX RRs which list hosts willing to accept mail for
+<mail-domain>, together with preference values which rank the hosts
+according to an order specified by the administrators for <mail-domain>.
+
+In this memo, the <mail-domain> ISI.EDU is used in examples, together
+with the hosts VENERA.ISI.EDU and VAXA.ISI.EDU as mail exchanges for
+ISI.EDU. If a mailer had a message for Mockapetris@ISI.EDU, it would
+route it by looking up MX RRs for ISI.EDU. The MX RRs at ISI.EDU name
+VENERA.ISI.EDU and VAXA.ISI.EDU, and type A queries can find the host
+addresses.
+
+8.2. Mailbox binding (Experimental)
+
+In mailbox binding, the mailer uses the entire mail destination
+specification to construct a domain name. The encoded domain name for
+the mailbox is used as the QNAME field in a QTYPE=MAILB query.
+
+Several outcomes are possible for this query:
+
+
+
+Mockapetris [Page 48]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ 1. The query can return a name error indicating that the mailbox
+ does not exist as a domain name.
+
+ In the long term, this would indicate that the specified
+ mailbox doesn't exist. However, until the use of mailbox
+ binding is universal, this error condition should be
+ interpreted to mean that the organization identified by the
+ global part does not support mailbox binding. The
+ appropriate procedure is to revert to exchange binding at
+ this point.
+
+ 2. The query can return a Mail Rename (MR) RR.
+
+ The MR RR carries new mailbox specification in its RDATA
+ field. The mailer should replace the old mailbox with the
+ new one and retry the operation.
+
+ 3. The query can return a MB RR.
+
+ The MB RR carries a domain name for a host in its RDATA
+ field. The mailer should deliver the message to that host
+ via whatever protocol is applicable, e.g., b,SMTP.
+
+ 4. The query can return one or more Mail Group (MG) RRs.
+
+ This condition means that the mailbox was actually a mailing
+ list or mail group, rather than a single mailbox. Each MG RR
+ has a RDATA field that identifies a mailbox that is a member
+ of the group. The mailer should deliver a copy of the
+ message to each member.
+
+ 5. The query can return a MB RR as well as one or more MG RRs.
+
+ This condition means the the mailbox was actually a mailing
+ list. The mailer can either deliver the message to the host
+ specified by the MB RR, which will in turn do the delivery to
+ all members, or the mailer can use the MG RRs to do the
+ expansion itself.
+
+In any of these cases, the response may include a Mail Information
+(MINFO) RR. This RR is usually associated with a mail group, but is
+legal with a MB. The MINFO RR identifies two mailboxes. One of these
+identifies a responsible person for the original mailbox name. This
+mailbox should be used for requests to be added to a mail group, etc.
+The second mailbox name in the MINFO RR identifies a mailbox that should
+receive error messages for mail failures. This is particularly
+appropriate for mailing lists when errors in member names should be
+reported to a person other than the one who sends a message to the list.
+
+
+
+Mockapetris [Page 49]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+New fields may be added to this RR in the future.
+
+
+9. REFERENCES and BIBLIOGRAPHY
+
+[Dyer 87] S. Dyer, F. Hsu, "Hesiod", Project Athena
+ Technical Plan - Name Service, April 1987, version 1.9.
+
+ Describes the fundamentals of the Hesiod name service.
+
+[IEN-116] J. Postel, "Internet Name Server", IEN-116,
+ USC/Information Sciences Institute, August 1979.
+
+ A name service obsoleted by the Domain Name System, but
+ still in use.
+
+[Quarterman 86] J. Quarterman, and J. Hoskins, "Notable Computer Networks",
+ Communications of the ACM, October 1986, volume 29, number
+ 10.
+
+[RFC-742] K. Harrenstien, "NAME/FINGER", RFC-742, Network
+ Information Center, SRI International, December 1977.
+
+[RFC-768] J. Postel, "User Datagram Protocol", RFC-768,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-793] J. Postel, "Transmission Control Protocol", RFC-793,
+ USC/Information Sciences Institute, September 1981.
+
+[RFC-799] D. Mills, "Internet Name Domains", RFC-799, COMSAT,
+ September 1981.
+
+ Suggests introduction of a hierarchy in place of a flat
+ name space for the Internet.
+
+[RFC-805] J. Postel, "Computer Mail Meeting Notes", RFC-805,
+ USC/Information Sciences Institute, February 1982.
+
+[RFC-810] E. Feinler, K. Harrenstien, Z. Su, and V. White, "DOD
+ Internet Host Table Specification", RFC-810, Network
+ Information Center, SRI International, March 1982.
+
+ Obsolete. See RFC-952.
+
+[RFC-811] K. Harrenstien, V. White, and E. Feinler, "Hostnames
+ Server", RFC-811, Network Information Center, SRI
+ International, March 1982.
+
+
+
+
+Mockapetris [Page 50]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Obsolete. See RFC-953.
+
+[RFC-812] K. Harrenstien, and V. White, "NICNAME/WHOIS", RFC-812,
+ Network Information Center, SRI International, March
+ 1982.
+
+[RFC-819] Z. Su, and J. Postel, "The Domain Naming Convention for
+ Internet User Applications", RFC-819, Network
+ Information Center, SRI International, August 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-821] J. Postel, "Simple Mail Transfer Protocol", RFC-821,
+ USC/Information Sciences Institute, August 1980.
+
+[RFC-830] Z. Su, "A Distributed System for Internet Name Service",
+ RFC-830, Network Information Center, SRI International,
+ October 1982.
+
+ Early thoughts on the design of the domain system.
+ Current implementation is completely different.
+
+[RFC-882] P. Mockapetris, "Domain names - Concepts and
+ Facilities," RFC-882, USC/Information Sciences
+ Institute, November 1983.
+
+ Superseded by this memo.
+
+[RFC-883] P. Mockapetris, "Domain names - Implementation and
+ Specification," RFC-883, USC/Information Sciences
+ Institute, November 1983.
+
+ Superseded by this memo.
+
+[RFC-920] J. Postel and J. Reynolds, "Domain Requirements",
+ RFC-920, USC/Information Sciences Institute,
+ October 1984.
+
+ Explains the naming scheme for top level domains.
+
+[RFC-952] K. Harrenstien, M. Stahl, E. Feinler, "DoD Internet Host
+ Table Specification", RFC-952, SRI, October 1985.
+
+ Specifies the format of HOSTS.TXT, the host/address
+ table replaced by the DNS.
+
+
+
+
+
+Mockapetris [Page 51]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+[RFC-953] K. Harrenstien, M. Stahl, E. Feinler, "HOSTNAME Server",
+ RFC-953, SRI, October 1985.
+
+ This RFC contains the official specification of the
+ hostname server protocol, which is obsoleted by the DNS.
+ This TCP based protocol accesses information stored in
+ the RFC-952 format, and is used to obtain copies of the
+ host table.
+
+[RFC-973] P. Mockapetris, "Domain System Changes and
+ Observations", RFC-973, USC/Information Sciences
+ Institute, January 1986.
+
+ Describes changes to RFC-882 and RFC-883 and reasons for
+ them.
+
+[RFC-974] C. Partridge, "Mail routing and the domain system",
+ RFC-974, CSNET CIC BBN Labs, January 1986.
+
+ Describes the transition from HOSTS.TXT based mail
+ addressing to the more powerful MX system used with the
+ domain system.
+
+[RFC-1001] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Concepts and Methods",
+ RFC-1001, March 1987.
+
+ This RFC and RFC-1002 are a preliminary design for
+ NETBIOS on top of TCP/IP which proposes to base NetBIOS
+ name service on top of the DNS.
+
+[RFC-1002] NetBIOS Working Group, "Protocol standard for a NetBIOS
+ service on a TCP/UDP transport: Detailed
+ Specifications", RFC-1002, March 1987.
+
+[RFC-1010] J. Reynolds, and J. Postel, "Assigned Numbers", RFC-1010,
+ USC/Information Sciences Institute, May 1987.
+
+ Contains socket numbers and mnemonics for host names,
+ operating systems, etc.
+
+[RFC-1031] W. Lazear, "MILNET Name Domain Transition", RFC-1031,
+ November 1987.
+
+ Describes a plan for converting the MILNET to the DNS.
+
+[RFC-1032] M. Stahl, "Establishing a Domain - Guidelines for
+ Administrators", RFC-1032, November 1987.
+
+
+
+Mockapetris [Page 52]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ Describes the registration policies used by the NIC to
+ administer the top level domains and delegate subzones.
+
+[RFC-1033] M. Lottor, "Domain Administrators Operations Guide",
+ RFC-1033, November 1987.
+
+ A cookbook for domain administrators.
+
+[Solomon 82] M. Solomon, L. Landweber, and D. Neuhengen, "The CSNET
+ Name Server", Computer Networks, vol 6, nr 3, July 1982.
+
+ Describes a name service for CSNET which is independent
+ from the DNS and DNS use in the CSNET.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 53]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+Index
+
+ * 13
+
+ ; 33, 35
+
+ <character-string> 35
+ <domain-name> 34
+
+ @ 35
+
+ \ 35
+
+ A 12
+
+ Byte order 8
+
+ CH 13
+ Character case 9
+ CLASS 11
+ CNAME 12
+ Completion 42
+ CS 13
+
+ Hesiod 13
+ HINFO 12
+ HS 13
+
+ IN 13
+ IN-ADDR.ARPA domain 22
+ Inverse queries 40
+
+ Mailbox names 47
+ MB 12
+ MD 12
+ MF 12
+ MG 12
+ MINFO 12
+ MINIMUM 20
+ MR 12
+ MX 12
+
+ NS 12
+ NULL 12
+
+ Port numbers 32
+ Primary server 5
+ PTR 12, 18
+
+
+
+Mockapetris [Page 54]
+
+RFC 1035 Domain Implementation and Specification November 1987
+
+
+ QCLASS 13
+ QTYPE 12
+
+ RDATA 12
+ RDLENGTH 11
+
+ Secondary server 5
+ SOA 12
+ Stub resolvers 7
+
+ TCP 32
+ TXT 12
+ TYPE 11
+
+ UDP 32
+
+ WKS 12
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Mockapetris [Page 55]
+
diff --git a/lib/dns/tests/testdata/dstrandom/random.data b/lib/dns/tests/testdata/dstrandom/random.data
new file mode 100644
index 0000000..354add0
--- /dev/null
+++ b/lib/dns/tests/testdata/dstrandom/random.data
Binary files differ
diff --git a/lib/dns/tests/testdata/master/master1.data b/lib/dns/tests/testdata/master/master1.data
new file mode 100644
index 0000000..030bc68
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master1.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.vix.com.
+ in ns ns2.vix.com.
+ in ns ns3.vix.com.
+b in a 1.2.3.4
diff --git a/lib/dns/tests/testdata/master/master10.data b/lib/dns/tests/testdata/master/master10.data
new file mode 100644
index 0000000..9ee052f
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master10.data
@@ -0,0 +1,7 @@
+;
+; the following black line contains spaces
+
+;
+@ 300 IN A 10.0.0.1
+ ;
+;
diff --git a/lib/dns/tests/testdata/master/master11.data b/lib/dns/tests/testdata/master/master11.data
new file mode 100644
index 0000000..0aaec25
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master11.data
@@ -0,0 +1,6 @@
+;
+; The following serial number contains a leading 0 and a 9 so the
+; we can catch cases where it is incorrectly treated as a octal
+; number.
+;
+@ 300 IN SOA ns hostmaster 00090000 1200 3600 604800 300
diff --git a/lib/dns/tests/testdata/master/master12.data.in b/lib/dns/tests/testdata/master/master12.data.in
new file mode 100644
index 0000000..3634388
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master12.data.in
@@ -0,0 +1 @@
+00000002000000004ed7306600000051000100060000000003e80000000100060474657374000035096c6f63616c686f7374000a706f73746d6173746572096c6f63616c686f73740076cb8ab100000e100000070800093a8000000e1000000046000100020000000003e8000000030006047465737400000c026e730376697803636f6d00000d036e73320376697803636f6d00000d036e73330376697803636f6d0000000022000100010000000003e80000000100080162047465737400000401020304
diff --git a/lib/dns/tests/testdata/master/master13.data.in b/lib/dns/tests/testdata/master/master13.data.in
new file mode 100644
index 0000000..d1c262f
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master13.data.in
@@ -0,0 +1 @@
+00000002000000014ed7337f00000000000000000000000000000051000100060000000003e80000000100060474657374000035096c6f63616c686f7374000a706f73746d6173746572096c6f63616c686f73740076cb8ab100000e100000070800093a8000000e1000000046000100020000000003e8000000030006047465737400000c026e730376697803636f6d00000d036e73320376697803636f6d00000d036e73330376697803636f6d0000000022000100010000000003e80000000100080162047465737400000401020304
diff --git a/lib/dns/tests/testdata/master/master14.data.in b/lib/dns/tests/testdata/master/master14.data.in
new file mode 100644
index 0000000..149a25f
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master14.data.in
@@ -0,0 +1 @@
+00000002000000014ed7337f0000000277df41e50000000000000051000100060000000003e80000000100060474657374000035096c6f63616c686f7374000a706f73746d6173746572096c6f63616c686f73740076cb8ab100000e100000070800093a8000000e1000000046000100020000000003e8000000030006047465737400000c026e730376697803636f6d00000d036e73320376697803636f6d00000d036e73330376697803636f6d0000000022000100010000000003e80000000100080162047465737400000401020304
diff --git a/lib/dns/tests/testdata/master/master15.data b/lib/dns/tests/testdata/master/master15.data
new file mode 100644
index 0000000..cf413ce
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master15.data
@@ -0,0 +1,1609 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.vix.com.
+ in ns ns2.vix.com.
+ in ns ns3.vix.com.
+b in a 1.2.3.4
+c in txt ( TOOBIGTOOBIGTOOBIGTOOBIGTOOBIGTOOBI
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890 )
diff --git a/lib/dns/tests/testdata/master/master16.data b/lib/dns/tests/testdata/master/master16.data
new file mode 100644
index 0000000..e969bd3
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master16.data
@@ -0,0 +1,1609 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.vix.com.
+ in ns ns2.vix.com.
+ in ns ns3.vix.com.
+b in a 1.2.3.4
+c in txt ( MAXSIZSEMAXSIZSEMAXSIZSEMAXSIZSMAX
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890
+ 1234567890123456789012345678901234567890 )
diff --git a/lib/dns/tests/testdata/master/master17.data b/lib/dns/tests/testdata/master/master17.data
new file mode 100644
index 0000000..4b2b63d
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master17.data
@@ -0,0 +1,14 @@
+$ORIGIN test.
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.test.
+ in ns ns2.test.
+ in ns ns3.test.
+b in a 1.2.3.4
+$ORIGIN sub.test.
+ in a 4.3.2.1
diff --git a/lib/dns/tests/testdata/master/master18.data b/lib/dns/tests/testdata/master/master18.data
new file mode 100644
index 0000000..dddf04e
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master18.data
@@ -0,0 +1,10 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+$INCLUDE "testkeys/Kexample.+008+20386.key";
+$INCLUDE "testkeys/Kexample.+008+37464.key";
diff --git a/lib/dns/tests/testdata/master/master2.data b/lib/dns/tests/testdata/master/master2.data
new file mode 100644
index 0000000..b8ca38d
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master2.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/lib/dns/tests/testdata/master/master3.data b/lib/dns/tests/testdata/master/master3.data
new file mode 100644
index 0000000..7283af6
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master3.data
@@ -0,0 +1,11 @@
+$TTL 1000
+ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.vix.com
+ in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/lib/dns/tests/testdata/master/master4.data b/lib/dns/tests/testdata/master/master4.data
new file mode 100644
index 0000000..3a694ea
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master4.data
@@ -0,0 +1,11 @@
+
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a in ns ns.vix.com.
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/lib/dns/tests/testdata/master/master5.data b/lib/dns/tests/testdata/master/master5.data
new file mode 100644
index 0000000..95234bd
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master5.data
@@ -0,0 +1,11 @@
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+a any ns ns.vix.com.
+a in ns ns2vix.com.
+a in ns ns3vix.com.
+b in a 1.2.3.4
diff --git a/lib/dns/tests/testdata/master/master6.data b/lib/dns/tests/testdata/master/master6.data
new file mode 100644
index 0000000..a9a37bb
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master6.data
@@ -0,0 +1,33 @@
+
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+secure1 3600 IN DNSKEY (
+ FLAG2|FLAG4|FLAG5|NTYP3|FLAG8|FLAG9|FLAG10|FLAG11|SIG15
+ 3 3
+ ArT0a8FtOZWEONG2YQVl9+RA34op30JPz4NPEroCxm2yImT2
+ 2OYggnPIzrgayyepgKU1PfTTypnJDTwrSrtISyEsj7tjM7/n
+ 03DP8VWSn0aLwpUuc7Sx9vtM1Wi+YeiA4Bv2Oz1VB9de4qql
+ sIq+KLn8J4wz95bGnJ0mHUB7oTDJ3Hl1zeaCMdX69Kr46yAY
+ AvGJJdGGDYxYgxzx2zNdzypkYSkxpdsNqUt38tabSfdvCn12
+ pnmSWjlVJsjHhsaYnrPhouN5acOXMNbxNVbGU5LZ8Es6EYbV
+ /7YMt8VUkA8/8UCszBBT7XAJ3OFjiMO8mvxrZZFzvwJlPBQ1
+ oFq/TNZlSe+N )
+
+secure2 3600 in DNSKEY (
+ flag2|flag4|flag5|ntyp3|flag8|flag9|flag10|flag11|sig15
+ 3 3
+ ArT0a8FtOZWEONG2YQVl9+RA34op30JPz4NPEroCxm2yImT2
+ 2OYggnPIzrgayyepgKU1PfTTypnJDTwrSrtISyEsj7tjM7/n
+ 03DP8VWSn0aLwpUuc7Sx9vtM1Wi+YeiA4Bv2Oz1VB9de4qql
+ sIq+KLn8J4wz95bGnJ0mHUB7oTDJ3Hl1zeaCMdX69Kr46yAY
+ AvGJJdGGDYxYgxzx2zNdzypkYSkxpdsNqUt38tabSfdvCn12
+ pnmSWjlVJsjHhsaYnrPhouN5acOXMNbxNVbGU5LZ8Es6EYbV
+ /7YMt8VUkA8/8UCszBBT7XAJ3OFjiMO8mvxrZZFzvwJlPBQ1
+ oFq/TNZlSe+N )
+
diff --git a/lib/dns/tests/testdata/master/master7.data b/lib/dns/tests/testdata/master/master7.data
new file mode 100644
index 0000000..2638b5d
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master7.data
@@ -0,0 +1,17 @@
+
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+
+secure1 3600 IN DNSKEY (
+ NOKEY|FLAG2|FLAG4|FLAG5|NTYP3|FLAG8|FLAG9|FLAG10|FLAG11|SIG15
+ 3 3 )
+
+secure2 3600 in DNSKEY (
+ nokey|flag2|flag4|flag5|ntyp3|flag8|flag9|flag10|flag11|sig15
+ 3 3 )
+
diff --git a/lib/dns/tests/testdata/master/master8.data b/lib/dns/tests/testdata/master/master8.data
new file mode 100644
index 0000000..d16b6f3
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master8.data
@@ -0,0 +1,4 @@
+;
+; master6.data contains a good zone file
+;
+$include testdata/master/master6.data
diff --git a/lib/dns/tests/testdata/master/master9.data b/lib/dns/tests/testdata/master/master9.data
new file mode 100644
index 0000000..b22688b
--- /dev/null
+++ b/lib/dns/tests/testdata/master/master9.data
@@ -0,0 +1,4 @@
+;
+; master5.data is bad
+;
+$include testdata/master/master5.data
diff --git a/lib/dns/tests/testdata/nsec3/1024.db b/lib/dns/tests/testdata/nsec3/1024.db
new file mode 100644
index 0000000..2576328
--- /dev/null
+++ b/lib/dns/tests/testdata/nsec3/1024.db
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 0
+test. SOA . . 0 0 0 0 0
+test. NS .
+; 1024 bit key.
+test. IN DNSKEY 256 3 5 AwEAAd5oKx06HRE6NRrTDz49lljdRmxgp/4YB/cyMkpwUMkaLhDNCfTq hql84ab2LRbtUWLHFXGWENvxPGQzVHeleXu+3ThNfFOwIaySedxHmLGT lTtBRDhPc8iSb+2IYDemmA+ut8kwHhCVz/tDMbD/dgAswdOtmXCpQyJk Q1HqY3Xj
diff --git a/lib/dns/tests/testdata/nsec3/2048.db b/lib/dns/tests/testdata/nsec3/2048.db
new file mode 100644
index 0000000..26dd980
--- /dev/null
+++ b/lib/dns/tests/testdata/nsec3/2048.db
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 0
+test. SOA . . 0 0 0 0 0
+test. NS .
+; 2048 bits
+test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00=
diff --git a/lib/dns/tests/testdata/nsec3/4096.db b/lib/dns/tests/testdata/nsec3/4096.db
new file mode 100644
index 0000000..d628c33
--- /dev/null
+++ b/lib/dns/tests/testdata/nsec3/4096.db
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 0
+test. SOA . . 0 0 0 0 0
+test. NS .
+; 4096 bits
+test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3
diff --git a/lib/dns/tests/testdata/nsec3/min-1024.db b/lib/dns/tests/testdata/nsec3/min-1024.db
new file mode 100644
index 0000000..360c282
--- /dev/null
+++ b/lib/dns/tests/testdata/nsec3/min-1024.db
@@ -0,0 +1,20 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 0
+test. SOA . . 0 0 0 0 0
+test. NS .
+; 1024 bit key.
+test. IN DNSKEY 256 3 5 AwEAAd5oKx06HRE6NRrTDz49lljdRmxgp/4YB/cyMkpwUMkaLhDNCfTq hql84ab2LRbtUWLHFXGWENvxPGQzVHeleXu+3ThNfFOwIaySedxHmLGT lTtBRDhPc8iSb+2IYDemmA+ut8kwHhCVz/tDMbD/dgAswdOtmXCpQyJk Q1HqY3Xj
+; 2048 bits
+test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00=
+; 4096 bits
+test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3
diff --git a/lib/dns/tests/testdata/nsec3/min-2048.db b/lib/dns/tests/testdata/nsec3/min-2048.db
new file mode 100644
index 0000000..606264e
--- /dev/null
+++ b/lib/dns/tests/testdata/nsec3/min-2048.db
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 0
+test. SOA . . 0 0 0 0 0
+test. NS .
+; 2048 bits
+test. IN DNSKEY 256 3 5 AwEAAcfQX59iZr9gK+XzhTZQ5KWrfCLA0iYHTqheEIhC2dXS8gUSppQS g9SmzH2129u/LSSb7gqJSoLLAsn36iinqCqUXl2BT6xzwznbSP3mn0hn N6DegsykcYhHycKH6ifjZiMN+SGGeNsi5rhoW5Cj9ptw3C3yQnrFNDbS GZCT97z5lpQU3ZcvP4RDNk7dhri7Bh3SJeaCFoqx00NgFvlBR48hosSG bGUbUKzNf58GBTkW4Us2jIWsreZx8LLLev232Hy7NU9L19k+hVq7pJOf Uvtrn5fmGSutWOzsR+8EacOnh0lwssCKjutk5MSmfdFC5P7CTZkdq58L 8he13HGmr00=
+; 4096 bits
+test. IN DNSKEY 256 3 5 AwEAAbYlqbKxXoq9mzkqdsAaSZ3XywBVAb2sCTgrQBCExyGEYNpWw3LN +imCrLQi7jHKQW6GZIqKNgQaiFEwr3zK8nPWbwNwyKU9a2hhINv/gim1 5iA87Vu7DiiJrQ0O79ospvsGsKknBQ41zaaQMp3Q/W1S6WNe4uyh4C/f R0qmxT+8MyXEqCpTGb+e+YT6BuqpNQPuYYYvUJ1/HJltzY/lY2b9RZ+Q ZJ23Zje79YIRM0kJapqj11fDUDeynhDL1DUikYCwRfQiO/blChhOHjIa uTK1qqRY3fqanLGOufpLTr7GRpL7RxeRIMJfDzmcjFLmCsMA1AJ56Bxq jiXr3ODgn9D30vAB74Lr7lqLQSWyrSlJjoZLLhmPrEP/nnuCxEhOhDRA XJpJWpcQ4Hdu+yb5K/qldnsGLLI1Hr0GmhLTDHsxDb6BxM7/8rv8QeQY GKSGshBqD2lO1xUVT8inbi8uXI1iyN68vHX6xoFT5wsjls70PxSZPO5i F40vn6BWNsHtKWOCDqMKYx8hYwiv0zETVwxBaj58vylFwYGU+g1wIQmF Pgi2HKv4KaxgikUvdFISre5rxVoG5VrmmXWiNJcLTbwZ+tE1xujCNU1c V31CaIB5hdSnkEvQADr5V64RTxWAKuSLNMU+XUqTkaJHasSm3OPJOteo SPj2uoesuxNFYps3
diff --git a/lib/dns/tests/testdata/nsec3param/nsec3.db.signed b/lib/dns/tests/testdata/nsec3param/nsec3.db.signed
new file mode 100644
index 0000000..aeced0e
--- /dev/null
+++ b/lib/dns/tests/testdata/nsec3param/nsec3.db.signed
@@ -0,0 +1,73 @@
+; File written on Mon Nov 16 16:04:21 2020
+; dnssec_signzone version 9.16.8
+nsec3. 1000 IN SOA nsec3. postmaster.nsec3. (
+ 1993050801 ; serial
+ 3600 ; refresh (1 hour)
+ 1800 ; retry (30 minutes)
+ 604800 ; expire (1 week)
+ 3600 ; minimum (1 hour)
+ )
+ 1000 RRSIG SOA 13 1 1000 (
+ 20201216140421 20201116140421 40382 nsec3.
+ qh61ZPgQaNLAoIQvAoTLbR3sLBY7XATaMGSS
+ fYOssQWvgAzpAzhalmF/cSXmQ/RZQOyIdpVg
+ v3rgyTxA2vGNnA== )
+ 1000 NS ns1.nsec3.
+ 1000 NS ns2.nsec3.
+ 1000 RRSIG NS 13 1 1000 (
+ 20201216140421 20201116140421 40382 nsec3.
+ 4Le+e5Lu/taEvrvrmBn/z+QP4zhzUqwO6v70
+ WYrzCggUls8+fUd2unBHDPWag1oSKfNpGGWA
+ crihrs4RhMPfZA== )
+ 1000 DNSKEY 257 3 13 (
+ VKkttSi/v3lAyzUYnykwdwowXfDOQ7wdN9BT
+ +eb8fVfgRApvuun9hjUBlv7ogriU/GAb60B8
+ juj9bXZADT+OGg==
+ ) ; KSK; alg = ECDSAP256SHA256 ; key id = 40382
+ 1000 RRSIG DNSKEY 13 1 1000 (
+ 20201216140421 20201116140421 40382 nsec3.
+ ZnBqGgWvHwjjQBSIRPXe2fx6+MsQp1QQdzJ0
+ QaEyaOmud5JPatUXaV9eFRcPNCsi+2HZSZVp
+ vsAGUCge7w6u9A== )
+ 0 NSEC3PARAM 1 0 5 FEDCBA98
+ 0 RRSIG NSEC3PARAM 13 1 0 (
+ 20201216140421 20201116140421 40382 nsec3.
+ WPTD+5vr54YtvGqCUJHPvGdF7Wd4piZYltcs
+ cztBRfdM7FRJ/zvrDS72rt6zm0TYSXzawqt/
+ MiwOkYKv2vxfUg== )
+ns2.nsec3. 1000 IN A 1.2.3.5
+ 1000 RRSIG A 13 2 1000 (
+ 20201216140421 20201116140421 40382 nsec3.
+ l9Mc2Y5JFmllSxJj3GUdH6RtEsYfhjJU39sa
+ vAVa4zxv6S9vU+vLvTA05aQ+DPLvKTX+WNH7
+ dDa+Yy5ffBs68g== )
+QVCH33BSJ0Q2C74FEDFDBCFQHO255NEB.nsec3. 3600 IN NSEC3 1 0 5 FEDCBA98 (
+ STH5N5QDVC5DGEN5VGUC7JGALSM3R8AP
+ A RRSIG )
+ 3600 RRSIG NSEC3 13 2 3600 (
+ 20201216140421 20201116140421 40382 nsec3.
+ F/wKQtv+RlBHG1WCz0CkHlTSoUiRx0z+qBI1
+ GTHoXSjgG1NSHqTI4C32AasZSMp+uuF2R8KW
+ 9z4gOLucl0Xmfg== )
+STH5N5QDVC5DGEN5VGUC7JGALSM3R8AP.nsec3. 3600 IN NSEC3 1 0 5 FEDCBA98 (
+ A084TNR6VJ2ND5K1U0AI4HO4EPVKBG4U
+ NS SOA RRSIG DNSKEY NSEC3PARAM )
+ 3600 RRSIG NSEC3 13 2 3600 (
+ 20201216140421 20201116140421 40382 nsec3.
+ 9TgGFGY3vwkxMFlXy3oKMgHPqvcPozKDHZzc
+ Ny6eJn3TXNX5bLhiT5rw5+CCtyOEQmn3pf0X
+ njK7jZBAcBV+5Q== )
+A084TNR6VJ2ND5K1U0AI4HO4EPVKBG4U.nsec3. 3600 IN NSEC3 1 0 5 FEDCBA98 (
+ QVCH33BSJ0Q2C74FEDFDBCFQHO255NEB
+ A RRSIG )
+ 3600 RRSIG NSEC3 13 2 3600 (
+ 20201216140421 20201116140421 40382 nsec3.
+ auf+5lrkMESIfdFK8bf4yg1a+NLGWzgUmohS
+ ydcKaJz0XcnULegatWdfE75jmZoDeqKNpwdL
+ 5lQ77GF4cEh1OQ== )
+ns1.nsec3. 1000 IN A 1.2.3.4
+ 1000 RRSIG A 13 2 1000 (
+ 20201216140421 20201116140421 40382 nsec3.
+ yAmr1EE8qe+Jl+wQXOdj/uSjMFUmns0D1lx6
+ zAVe9BaQwvF3wR7ZUk/u9G0RrUBchmEj0+yq
+ KEsw32Tru4Romg== )
diff --git a/lib/dns/tests/testdata/zt/zone1.db b/lib/dns/tests/testdata/zt/zone1.db
new file mode 100644
index 0000000..85e7951
--- /dev/null
+++ b/lib/dns/tests/testdata/zt/zone1.db
@@ -0,0 +1,22 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 1000
+@ in soa localhost. postmaster.localhost. (
+ 1993050801 ;serial
+ 3600 ;refresh
+ 1800 ;retry
+ 604800 ;expiration
+ 3600 ) ;minimum
+ in ns ns.vix.com.
+ in ns ns2.vix.com.
+ in ns ns3.vix.com.
+a in a 1.2.3.4
diff --git a/lib/dns/tests/testkeys/Kexample.+008+20386.key b/lib/dns/tests/testkeys/Kexample.+008+20386.key
new file mode 100644
index 0000000..3404dca
--- /dev/null
+++ b/lib/dns/tests/testkeys/Kexample.+008+20386.key
@@ -0,0 +1,5 @@
+; This is a key-signing key, keyid 20386, for example.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example. IN DNSKEY 257 3 8 AwEAAZd7/hBRvMooz0sepkD/2r3Bp021f8lGzDj6sZEVbg1hcqZTzURc eGkS541wyOqjvJv2KBi5qLLE2HthmexmOBycjTQ7EiKd1P9bE8RgF8Et j73X/CHLiX6YL7cb93TXWiUvbRh4E6D2URgOmxMdMOXTuCvjvDaGVCOt Jc77UUosuBeurZzP8g8t/zccAUTzu2cdRyI5/ZxOBfJaDtc9TlRdWsaN Af+nT0C14ccH7QVlKjjaYV4lXueruDW3yTTzu9bQ1ikgegsCLi/tcD/1 dWTOI9whV06szs+ouhuJkZuhIjrGDtOHCpjPjIxOOrIZceU1YSY30kAR QNVzshJqyx8=
diff --git a/lib/dns/tests/testkeys/Kexample.+008+20386.private b/lib/dns/tests/testkeys/Kexample.+008+20386.private
new file mode 100644
index 0000000..d8cff93
--- /dev/null
+++ b/lib/dns/tests/testkeys/Kexample.+008+20386.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: l3v+EFG8yijPSx6mQP/avcGnTbV/yUbMOPqxkRVuDWFyplPNRFx4aRLnjXDI6qO8m/YoGLmossTYe2GZ7GY4HJyNNDsSIp3U/1sTxGAXwS2Pvdf8IcuJfpgvtxv3dNdaJS9tGHgToPZRGA6bEx0w5dO4K+O8NoZUI60lzvtRSiy4F66tnM/yDy3/NxwBRPO7Zx1HIjn9nE4F8loO1z1OVF1axo0B/6dPQLXhxwftBWUqONphXiVe56u4NbfJNPO71tDWKSB6CwIuL+1wP/V1ZM4j3CFXTqzOz6i6G4mRm6EiOsYO04cKmM+MjE46shlx5TVhJjfSQBFA1XOyEmrLHw==
+PublicExponent: AQAB
+PrivateExponent: aSkynrGfldfuz/9e+xCjEcg2FMRDCb+UVpnyWv29gJx9sunKPgLTtF3jUVVSpVE1xi+EdmWsry3n+v8uk+YCXhpwDCpV1KItE3huqIzs8LZoaypdZjieIrwTo9JOX1aAxf++hJYXSk60zTaWgRZqs6He4Nkf99oY3wt8i8v8CrkfQy76K/qK9xUVv5GHrEZzCGLfLv77eqDab/J84ANxc0kUtQvgt2/JTHofXmcA6/YDh5PWB8KRw1PjQTck61/xIgfI6ky/yIF1riCQCYXwTv7jcmMV/QvQ+dfN+HZ2CSGp7xcH2Yxe9OhAY823ZkmkOQ2YZPjIj6dEoRMmSiaagQ==
+Prime1: x2GMnpRPwvUhM+yPRa7nh5Jjl4mbofeOtVrxe1hEVy8l2UGFh+FDZCbyoLRNUTYDji00NHpGtmcAyoY9pLdOn7ci4zqGVnNJcIY75Ie4p6J7pPfDh9d+AGtJ5NpNhr1sjD0bFncJC2FGY9vj4eC0CkatMu/Qovrd2FwZ8VpDsAk=
+Prime2: woB8MYsEfSYGD0hZGtmgK6UQ+Oo9smxdPmahLYXnLSAdqtqZbZX+ABk/kFduT+XwlHOXmp3HMmUtQTRZBaQyBrsFWfWjOGevByEsT9aLQSZOEgnqy4xrc9XNwDs4/WkrEgw/TOVnZYdaCyLxsFl4bpTX8Fj3yVqg/tJvuUMWG+c=
+Exponent1: iQO7a9rF+VcVSyZ8yslIaL0r3Z5+Kk8CbhSiMD5XMIbA/sztI5SlCDVPtSpSm8V/qfvcjVeeMokUXRjlUcV6rX1f50F3wf8V79L/Y6v1NJYPXC273CU1fLo+HJv8fOS9rJ3teIGy4HQnuEYLE1WkxA8PxRpSiT3WqHGajmaWb2k=
+Exponent2: elMWSI5Wz2KXkwr8Rz+xVWGl7/ZZwRoX9oPTQG8jeiTlo6uBrQMVUPiQGnZyQTuq96JPKYWrXs11DbofdsXSVJtQfUhYU8QZtxEs7jVPNTUjCoNEMKnqdlpz4T8d03pOBTbApNruEVNz1OcwO6m5bUqdGGLLy838zOaKL2i6wec=
+Coefficient: q2mejAmT3A4H2C0rT1hm8XQFuISHjAAEyM9t09Q8tEeQ0lHi4gMVA3bXoAn9U21eBkFQDwvyB0vqlVSGgRqHovOKx9uXAU9eoDxGcJsFlGsM0aUsUjGVXv5kVmaw8a5PHBbvYAbgAZUmKqrVF0PWD3o+/DbzP9PCmlJcqxoAulU=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/testkeys/Kexample.+008+37464.key b/lib/dns/tests/testkeys/Kexample.+008+37464.key
new file mode 100644
index 0000000..3dd0619
--- /dev/null
+++ b/lib/dns/tests/testkeys/Kexample.+008+37464.key
@@ -0,0 +1,5 @@
+; This is a zone-signing key, keyid 37464, for example.
+; Created: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Publish: 20000101000000 (Sat Jan 1 00:00:00 2000)
+; Activate: 20000101000000 (Sat Jan 1 00:00:00 2000)
+example. IN DNSKEY 256 3 8 AwEAAbxHOF8G0xw9ekCodhL8KivuZ3o0jmGlycLiXBjBN8c5R5fjLjUh D0gy3IDbDC+kLaPhHGF/MwrSEjrgSowxZ8nrxDzsq5ZdpeUsYaNrbQEY /mqf35T/9/Ulm4v06x58v/NTugWd05Xq04aAyfm7EViyGFzmVOVfPnll h9xQtvWEWoRWPseFw+dY5/nc/+xB/IsQMihoH2rO+cek/lsP3R9DsHCG RbQ/ks/+rrp6/O+QJZyZrzsONl7mlMDXNy3Pz9J4qMW2W6Mz702LN324 7/9UsetDGGbuZfrCLMpKWXzdsJm36DOk4aMooS9111plfXaXQgQNcL5G 021utpTau+8=
diff --git a/lib/dns/tests/testkeys/Kexample.+008+37464.private b/lib/dns/tests/testkeys/Kexample.+008+37464.private
new file mode 100644
index 0000000..ecc2ad0
--- /dev/null
+++ b/lib/dns/tests/testkeys/Kexample.+008+37464.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.3
+Algorithm: 8 (RSASHA256)
+Modulus: vEc4XwbTHD16QKh2EvwqK+5nejSOYaXJwuJcGME3xzlHl+MuNSEPSDLcgNsML6Qto+EcYX8zCtISOuBKjDFnyevEPOyrll2l5Sxho2ttARj+ap/flP/39SWbi/TrHny/81O6BZ3TlerThoDJ+bsRWLIYXOZU5V8+eWWH3FC29YRahFY+x4XD51jn+dz/7EH8ixAyKGgfas75x6T+Ww/dH0OwcIZFtD+Sz/6uunr875AlnJmvOw42XuaUwNc3Lc/P0nioxbZbozPvTYs3fbjv/1Sx60MYZu5l+sIsykpZfN2wmbfoM6ThoyihL3XXWmV9dpdCBA1wvkbTbW62lNq77w==
+PublicExponent: AQAB
+PrivateExponent: AhR3VvVoV6OGOjiiNUt728hidEMoX4PJWtHNWqinyRek5tSnqgaXeKC3NuU0mUIjDvBps9oH4lK3yNa5fBr/nodwP4wNyTd3obR/z6JcLersxJjHi4nYX2ju8vjdsBSIulNudqlrsPhLJe0+Tff3FRfClSQmQ/JtakHo4lIx8zxiOJY8aWFeHGdWJDkAf6NStt3eVYyOyAwISfv3muaGPZKShiIOfLyTvqFqzwYFgdTWmvFqTdwgjIMc5XAwqw73WP2BPCN+fdCiMtrw0fCrhWzw/gfMJBHdOPH0diUZysAJhM0vdVKQzEi/g3YOo00fahZiPzaxNtZnLNj2mA54YQ==
+Prime1: 5YpfVjEtL1owW9gSFbIMx65POr+fiktxirgy1bc5fSsVqUgG6zhbaN/VpWcNZG0Zg5xd6S7C8V3djGlnJN8wZIyjIh7+Z3WWjqbOD9oY7rC1fR+W0OvbCmZiEzOpRJ5qoMOh1MzkkanhMy0/ICpaa8eQ9zEb80oTIQpFgoLn7K0=
+Prime2: 0fs3ncL5/2qzq2dmPXLYcOfc1EGSuESO0VpREP8EpTkyPKeVw5LaF9TgZRqPWlRf2T0LPoZ766xLAn090u0pLQ5fWM96NMas7kS+rxtRssat6MiQo3YfoU3ysk3xuPzrMBHyn/N42CjSG+bJEToHR7V16KsCT6dBIPkI3tj/Yos=
+Exponent1: Bdsp44ENrg+W/EDe9T69pLqFuvH4mAaktu1MHre198OJoe/8fTPK4ToUsUuXw+Akrn7mxnQy9QV4CYUG5KHtEiOkZdJ0mx8c4DbROwZNbImFl9OefWYHCJTkG6lNwDpqbf+PuWYgzraO0EdvPNrXw7grsqLGG8bgBg/FBjdgw2E=
+Exponent2: uV1pxW0fwGhzX3aR/ODrTRCCEyYn3V84LHvsYHKfqTOKs5zFSrbSrIMR7G676ePeESogSPvzXSLlvLbO4urVlJ7BcOcHXJuegWBSbMZTItzdHUgg1wwp8/2Zp+nC36j1/aN6adVG8ptmj5b2HKz7TERWaCS+j454oiD1wbQSDu0=
+Coefficient: JO6RxBIaoEd/Z4ITcsYT8TslP1KmIuAqdhMt3FSpqeogUDut7f3FZIEyNi4wsrSK5peIQSVmO2pQLupS+eRIPHXZ1vh5kcFAsgd7XBb7Fvsg26/WSjhB4wjx+wgWzVomK0519pfdtH854fePWPkdDKtLNL2zh0APne3GjwrbNEM=
+Created: 20000101000000
+Publish: 20000101000000
+Activate: 20000101000000
diff --git a/lib/dns/tests/time_test.c b/lib/dns/tests/time_test.c
new file mode 100644
index 0000000..a1e50f8
--- /dev/null
+++ b/lib/dns/tests/time_test.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/util.h>
+
+#include <dns/time.h>
+
+#include "dnstest.h"
+
+#define TEST_ORIGIN "test"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* value = 0xfffffffff <-> 19691231235959 */
+static void
+epoch_minus_one_test(void **state) {
+ const char *test_text = "19691231235959";
+ const uint32_t test_time = 0xffffffff;
+ isc_result_t result;
+ isc_buffer_t target;
+ uint32_t when;
+ char buf[128];
+
+ UNUSED(state);
+
+ memset(buf, 0, sizeof(buf));
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_time32_totext(test_time, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(buf, test_text);
+ result = dns_time32_fromtext(test_text, &when);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(when, test_time);
+}
+
+/* value = 0x000000000 <-> 19700101000000*/
+static void
+epoch_test(void **state) {
+ const char *test_text = "19700101000000";
+ const uint32_t test_time = 0x00000000;
+ isc_result_t result;
+ isc_buffer_t target;
+ uint32_t when;
+ char buf[128];
+
+ UNUSED(state);
+
+ memset(buf, 0, sizeof(buf));
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_time32_totext(test_time, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(buf, test_text);
+ result = dns_time32_fromtext(test_text, &when);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(when, test_time);
+}
+
+/* value = 0x7fffffff <-> 20380119031407 */
+static void
+half_maxint_test(void **state) {
+ const char *test_text = "20380119031407";
+ const uint32_t test_time = 0x7fffffff;
+ isc_result_t result;
+ isc_buffer_t target;
+ uint32_t when;
+ char buf[128];
+
+ UNUSED(state);
+
+ memset(buf, 0, sizeof(buf));
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_time32_totext(test_time, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(buf, test_text);
+ result = dns_time32_fromtext(test_text, &when);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(when, test_time);
+}
+
+/* value = 0x80000000 <-> 20380119031408 */
+static void
+half_plus_one_test(void **state) {
+ const char *test_text = "20380119031408";
+ const uint32_t test_time = 0x80000000;
+ isc_result_t result;
+ isc_buffer_t target;
+ uint32_t when;
+ char buf[128];
+
+ UNUSED(state);
+
+ memset(buf, 0, sizeof(buf));
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_time32_totext(test_time, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(buf, test_text);
+ result = dns_time32_fromtext(test_text, &when);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(when, test_time);
+}
+
+/* value = 0xef68f5d0 <-> 19610307130000 */
+static void
+fifty_before_test(void **state) {
+ isc_result_t result;
+ const char *test_text = "19610307130000";
+ const uint32_t test_time = 0xef68f5d0;
+ isc_buffer_t target;
+ uint32_t when;
+ char buf[128];
+
+ UNUSED(state);
+
+ memset(buf, 0, sizeof(buf));
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_time32_totext(test_time, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(buf, test_text);
+ result = dns_time32_fromtext(test_text, &when);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(when, test_time);
+}
+
+/* value = 0x4d74d6d0 <-> 20110307130000 */
+static void
+some_ago_test(void **state) {
+ const char *test_text = "20110307130000";
+ const uint32_t test_time = 0x4d74d6d0;
+ isc_result_t result;
+ isc_buffer_t target;
+ uint32_t when;
+ char buf[128];
+
+ UNUSED(state);
+
+ memset(buf, 0, sizeof(buf));
+ isc_buffer_init(&target, buf, sizeof(buf));
+ result = dns_time32_totext(test_time, &target);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_string_equal(buf, test_text);
+ result = dns_time32_fromtext(test_text, &when);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(when, test_time);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(epoch_minus_one_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(epoch_test, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(half_maxint_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(half_plus_one_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(fifty_before_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(some_ago_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/tsig_test.c b/lib/dns/tests/tsig_test.c
new file mode 100644
index 0000000..1354ef7
--- /dev/null
+++ b/lib/dns/tests/tsig_test.c
@@ -0,0 +1,605 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/mem.h>
+#include <isc/print.h>
+#include <isc/util.h>
+
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/tsig.h>
+
+#include "../tsig_p.h"
+#include "dnstest.h"
+
+#define CHECK(r) \
+ do { \
+ result = (r); \
+ if (result != ISC_R_SUCCESS) { \
+ goto cleanup; \
+ } \
+ } while (0)
+
+#define TEST_ORIGIN "test"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static int debug = 0;
+
+static isc_result_t
+add_mac(dst_context_t *tsigctx, isc_buffer_t *buf) {
+ dns_rdata_any_tsig_t tsig;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ isc_buffer_t databuf;
+ isc_region_t r;
+ isc_result_t result;
+ unsigned char tsigbuf[1024];
+
+ isc_buffer_usedregion(buf, &r);
+ dns_rdata_fromregion(&rdata, dns_rdataclass_any, dns_rdatatype_tsig,
+ &r);
+ isc_buffer_init(&databuf, tsigbuf, sizeof(tsigbuf));
+ CHECK(dns_rdata_tostruct(&rdata, &tsig, NULL));
+ isc_buffer_putuint16(&databuf, tsig.siglen);
+ isc_buffer_putmem(&databuf, tsig.signature, tsig.siglen);
+ isc_buffer_usedregion(&databuf, &r);
+ result = dst_context_adddata(tsigctx, &r);
+ dns_rdata_freestruct(&tsig);
+cleanup:
+ return (result);
+}
+
+static isc_result_t
+add_tsig(dst_context_t *tsigctx, dns_tsigkey_t *key, isc_buffer_t *target) {
+ dns_compress_t cctx;
+ dns_rdata_any_tsig_t tsig;
+ dns_rdata_t rdata = DNS_RDATA_INIT;
+ dns_rdatalist_t rdatalist;
+ dns_rdataset_t rdataset;
+ isc_buffer_t *dynbuf = NULL;
+ isc_buffer_t databuf;
+ isc_buffer_t sigbuf;
+ isc_region_t r;
+ isc_result_t result = ISC_R_SUCCESS;
+ isc_stdtime_t now;
+ unsigned char tsigbuf[1024];
+ unsigned int count;
+ unsigned int sigsize = 0;
+ bool invalidate_ctx = false;
+
+ memset(&tsig, 0, sizeof(tsig));
+
+ CHECK(dns_compress_init(&cctx, -1, dt_mctx));
+ invalidate_ctx = true;
+
+ tsig.common.rdclass = dns_rdataclass_any;
+ tsig.common.rdtype = dns_rdatatype_tsig;
+ ISC_LINK_INIT(&tsig.common, link);
+ dns_name_init(&tsig.algorithm, NULL);
+ dns_name_clone(key->algorithm, &tsig.algorithm);
+
+ isc_stdtime_get(&now);
+ tsig.timesigned = now;
+ tsig.fudge = DNS_TSIG_FUDGE;
+ tsig.originalid = 50;
+ tsig.error = dns_rcode_noerror;
+ tsig.otherlen = 0;
+ tsig.other = NULL;
+
+ isc_buffer_init(&databuf, tsigbuf, sizeof(tsigbuf));
+ isc_buffer_putuint48(&databuf, tsig.timesigned);
+ isc_buffer_putuint16(&databuf, tsig.fudge);
+ isc_buffer_usedregion(&databuf, &r);
+ CHECK(dst_context_adddata(tsigctx, &r));
+
+ CHECK(dst_key_sigsize(key->key, &sigsize));
+ tsig.signature = isc_mem_get(dt_mctx, sigsize);
+ isc_buffer_init(&sigbuf, tsig.signature, sigsize);
+ CHECK(dst_context_sign(tsigctx, &sigbuf));
+ tsig.siglen = isc_buffer_usedlength(&sigbuf);
+ assert_int_equal(sigsize, tsig.siglen);
+
+ isc_buffer_allocate(dt_mctx, &dynbuf, 512);
+ CHECK(dns_rdata_fromstruct(&rdata, dns_rdataclass_any,
+ dns_rdatatype_tsig, &tsig, dynbuf));
+ dns_rdatalist_init(&rdatalist);
+ rdatalist.rdclass = dns_rdataclass_any;
+ rdatalist.type = dns_rdatatype_tsig;
+ ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
+ dns_rdataset_init(&rdataset);
+ CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset));
+ CHECK(dns_rdataset_towire(&rdataset, &key->name, &cctx, target, 0,
+ &count));
+
+ /*
+ * Fixup additional record count.
+ */
+ ((unsigned char *)target->base)[11]++;
+ if (((unsigned char *)target->base)[11] == 0) {
+ ((unsigned char *)target->base)[10]++;
+ }
+cleanup:
+ if (tsig.signature != NULL) {
+ isc_mem_put(dt_mctx, tsig.signature, sigsize);
+ }
+ if (dynbuf != NULL) {
+ isc_buffer_free(&dynbuf);
+ }
+ if (invalidate_ctx) {
+ dns_compress_invalidate(&cctx);
+ }
+
+ return (result);
+}
+
+static void
+printmessage(dns_message_t *msg) {
+ isc_buffer_t b;
+ char *buf = NULL;
+ int len = 1024;
+ isc_result_t result = ISC_R_SUCCESS;
+
+ if (!debug) {
+ return;
+ }
+
+ do {
+ buf = isc_mem_get(dt_mctx, len);
+
+ isc_buffer_init(&b, buf, len);
+ result = dns_message_totext(msg, &dns_master_style_debug, 0,
+ &b);
+ if (result == ISC_R_NOSPACE) {
+ isc_mem_put(dt_mctx, buf, len);
+ len *= 2;
+ } else if (result == ISC_R_SUCCESS) {
+ printf("%.*s\n", (int)isc_buffer_usedlength(&b), buf);
+ }
+ } while (result == ISC_R_NOSPACE);
+
+ if (buf != NULL) {
+ isc_mem_put(dt_mctx, buf, len);
+ }
+}
+
+static void
+render(isc_buffer_t *buf, unsigned flags, dns_tsigkey_t *key,
+ isc_buffer_t **tsigin, isc_buffer_t **tsigout, dst_context_t *tsigctx) {
+ dns_message_t *msg = NULL;
+ dns_compress_t cctx;
+ isc_result_t result;
+
+ dns_message_create(dt_mctx, DNS_MESSAGE_INTENTRENDER, &msg);
+ assert_non_null(msg);
+
+ msg->id = 50;
+ msg->rcode = dns_rcode_noerror;
+ msg->flags = flags;
+
+ /*
+ * XXXMPA: this hack needs to be replaced with use of
+ * dns_message_reply() at some point.
+ */
+ if ((flags & DNS_MESSAGEFLAG_QR) != 0) {
+ msg->verified_sig = 1;
+ }
+
+ if (tsigin == tsigout) {
+ msg->tcp_continuation = 1;
+ }
+
+ if (tsigctx == NULL) {
+ result = dns_message_settsigkey(msg, key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_message_setquerytsig(msg, *tsigin);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+
+ result = dns_compress_init(&cctx, -1, dt_mctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_message_renderbegin(msg, &cctx, buf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_message_renderend(msg);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ if (tsigctx != NULL) {
+ isc_region_t r;
+
+ isc_buffer_usedregion(buf, &r);
+ result = dst_context_adddata(tsigctx, &r);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ } else {
+ if (tsigin == tsigout && *tsigin != NULL) {
+ isc_buffer_free(tsigin);
+ }
+
+ result = dns_message_getquerytsig(msg, dt_mctx, tsigout);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ }
+
+ dns_compress_invalidate(&cctx);
+ dns_message_detach(&msg);
+}
+
+/*
+ * Test tsig tcp-continuation validation:
+ * Check that a simulated three message TCP sequence where the first
+ * and last messages contain TSIGs but the intermediate message doesn't
+ * correctly verifies.
+ */
+static void
+tsig_tcp_test(void **state) {
+ const dns_name_t *tsigowner = NULL;
+ dns_fixedname_t fkeyname;
+ dns_message_t *msg = NULL;
+ dns_name_t *keyname;
+ dns_tsig_keyring_t *ring = NULL;
+ dns_tsigkey_t *key = NULL;
+ isc_buffer_t *buf = NULL;
+ isc_buffer_t *querytsig = NULL;
+ isc_buffer_t *tsigin = NULL;
+ isc_buffer_t *tsigout = NULL;
+ isc_result_t result;
+ unsigned char secret[16] = { 0 };
+ dst_context_t *tsigctx = NULL;
+ dst_context_t *outctx = NULL;
+
+ UNUSED(state);
+
+ /* isc_log_setdebuglevel(lctx, 99); */
+
+ keyname = dns_fixedname_initname(&fkeyname);
+ result = dns_name_fromstring(keyname, "test", 0, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_tsigkeyring_create(dt_mctx, &ring);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_tsigkey_create(keyname, dns_tsig_hmacsha256_name, secret,
+ sizeof(secret), false, NULL, 0, 0, dt_mctx,
+ ring, &key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(key);
+
+ /*
+ * Create request.
+ */
+ isc_buffer_allocate(dt_mctx, &buf, 65535);
+ render(buf, 0, key, &tsigout, &querytsig, NULL);
+ isc_buffer_free(&buf);
+
+ /*
+ * Create response message 1.
+ */
+ isc_buffer_allocate(dt_mctx, &buf, 65535);
+ render(buf, DNS_MESSAGEFLAG_QR, key, &querytsig, &tsigout, NULL);
+ assert_non_null(tsigout);
+
+ /*
+ * Process response message 1.
+ */
+ dns_message_create(dt_mctx, DNS_MESSAGE_INTENTPARSE, &msg);
+ assert_non_null(msg);
+
+ result = dns_message_settsigkey(msg, key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_message_parse(msg, buf, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ printmessage(msg);
+
+ result = dns_message_setquerytsig(msg, querytsig);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_tsig_verify(buf, msg, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(msg->verified_sig, 1);
+ assert_int_equal(msg->tsigstatus, dns_rcode_noerror);
+
+ /*
+ * Check that we have a TSIG in the first message.
+ */
+ assert_non_null(dns_message_gettsig(msg, &tsigowner));
+
+ result = dns_message_getquerytsig(msg, dt_mctx, &tsigin);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ tsigctx = msg->tsigctx;
+ msg->tsigctx = NULL;
+ isc_buffer_free(&buf);
+ dns_message_detach(&msg);
+
+ result = dst_context_create(key->key, dt_mctx, DNS_LOGCATEGORY_DNSSEC,
+ false, 0, &outctx);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(outctx);
+
+ /*
+ * Start digesting.
+ */
+ result = add_mac(outctx, tsigout);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Create response message 2.
+ */
+ isc_buffer_allocate(dt_mctx, &buf, 65535);
+
+ assert_int_equal(result, ISC_R_SUCCESS);
+ render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx);
+
+ /*
+ * Process response message 2.
+ */
+ dns_message_create(dt_mctx, DNS_MESSAGE_INTENTPARSE, &msg);
+ assert_non_null(msg);
+
+ msg->tcp_continuation = 1;
+ msg->tsigctx = tsigctx;
+ tsigctx = NULL;
+
+ result = dns_message_settsigkey(msg, key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_message_parse(msg, buf, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ printmessage(msg);
+
+ result = dns_message_setquerytsig(msg, tsigin);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_tsig_verify(buf, msg, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(msg->verified_sig, 0);
+ assert_int_equal(msg->tsigstatus, dns_rcode_noerror);
+
+ /*
+ * Check that we don't have a TSIG in the second message.
+ */
+ tsigowner = NULL;
+ assert_true(dns_message_gettsig(msg, &tsigowner) == NULL);
+
+ tsigctx = msg->tsigctx;
+ msg->tsigctx = NULL;
+ isc_buffer_free(&buf);
+ dns_message_detach(&msg);
+
+ /*
+ * Create response message 3.
+ */
+ isc_buffer_allocate(dt_mctx, &buf, 65535);
+ render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx);
+
+ result = add_tsig(outctx, key, buf);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /*
+ * Process response message 3.
+ */
+ dns_message_create(dt_mctx, DNS_MESSAGE_INTENTPARSE, &msg);
+ assert_non_null(msg);
+
+ msg->tcp_continuation = 1;
+ msg->tsigctx = tsigctx;
+ tsigctx = NULL;
+
+ result = dns_message_settsigkey(msg, key);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_message_parse(msg, buf, 0);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ printmessage(msg);
+
+ /*
+ * Check that we had a TSIG in the third message.
+ */
+ assert_non_null(dns_message_gettsig(msg, &tsigowner));
+
+ result = dns_message_setquerytsig(msg, tsigin);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_tsig_verify(buf, msg, NULL, NULL);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(msg->verified_sig, 1);
+ assert_int_equal(msg->tsigstatus, dns_rcode_noerror);
+
+ if (tsigin != NULL) {
+ isc_buffer_free(&tsigin);
+ }
+
+ result = dns_message_getquerytsig(msg, dt_mctx, &tsigin);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ isc_buffer_free(&buf);
+ dns_message_detach(&msg);
+
+ if (outctx != NULL) {
+ dst_context_destroy(&outctx);
+ }
+ if (querytsig != NULL) {
+ isc_buffer_free(&querytsig);
+ }
+ if (tsigin != NULL) {
+ isc_buffer_free(&tsigin);
+ }
+ if (tsigout != NULL) {
+ isc_buffer_free(&tsigout);
+ }
+ dns_tsigkey_detach(&key);
+ if (ring != NULL) {
+ dns_tsigkeyring_detach(&ring);
+ }
+}
+
+/* Tests the dns__tsig_algvalid function */
+static void
+algvalid_test(void **state) {
+ UNUSED(state);
+
+ assert_true(dns__tsig_algvalid(DST_ALG_HMACMD5));
+
+ assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA1));
+ assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA224));
+ assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA256));
+ assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA384));
+ assert_true(dns__tsig_algvalid(DST_ALG_HMACSHA512));
+
+ assert_false(dns__tsig_algvalid(DST_ALG_GSSAPI));
+}
+
+/* Tests the dns__tsig_algfromname function */
+static void
+algfromname_test(void **state) {
+ UNUSED(state);
+
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACMD5_NAME),
+ DST_ALG_HMACMD5);
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA1_NAME),
+ DST_ALG_HMACSHA1);
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA224_NAME),
+ DST_ALG_HMACSHA224);
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA256_NAME),
+ DST_ALG_HMACSHA256);
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA384_NAME),
+ DST_ALG_HMACSHA384);
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_HMACSHA512_NAME),
+ DST_ALG_HMACSHA512);
+
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_GSSAPI_NAME),
+ DST_ALG_GSSAPI);
+ assert_int_equal(dns__tsig_algfromname(DNS_TSIG_GSSAPIMS_NAME),
+ DST_ALG_GSSAPI);
+
+ assert_int_equal(dns__tsig_algfromname(dns_rootname), 0);
+}
+
+/* Tests the dns__tsig_algnamefromname function */
+
+/*
+ * Helper function to create a dns_name_t from a string and see if
+ * the dns__tsig_algnamefromname function can correctly match it against the
+ * static table of known algorithms.
+ */
+static void
+test_name(const char *name_string, const dns_name_t *expected) {
+ dns_name_t name;
+ dns_name_init(&name, NULL);
+ assert_int_equal(dns_name_fromstring(&name, name_string, 0, dt_mctx),
+ ISC_R_SUCCESS);
+ assert_ptr_equal(dns__tsig_algnamefromname(&name), expected);
+ dns_name_free(&name, dt_mctx);
+}
+
+static void
+algnamefromname_test(void **state) {
+ UNUSED(state);
+
+ /* test the standard algorithms */
+ test_name("hmac-md5.sig-alg.reg.int", DNS_TSIG_HMACMD5_NAME);
+ test_name("hmac-sha1", DNS_TSIG_HMACSHA1_NAME);
+ test_name("hmac-sha224", DNS_TSIG_HMACSHA224_NAME);
+ test_name("hmac-sha256", DNS_TSIG_HMACSHA256_NAME);
+ test_name("hmac-sha384", DNS_TSIG_HMACSHA384_NAME);
+ test_name("hmac-sha512", DNS_TSIG_HMACSHA512_NAME);
+
+ test_name("gss-tsig", DNS_TSIG_GSSAPI_NAME);
+ test_name("gss.microsoft.com", DNS_TSIG_GSSAPIMS_NAME);
+
+ /* try another name that isn't a standard algorithm name */
+ assert_null(dns__tsig_algnamefromname(dns_rootname));
+}
+
+/* Tests the dns__tsig_algallocated function */
+static void
+algallocated_test(void **state) {
+ UNUSED(state);
+
+ /* test the standard algorithms */
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACMD5_NAME));
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA1_NAME));
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA224_NAME));
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA256_NAME));
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA384_NAME));
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA512_NAME));
+
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA512_NAME));
+ assert_false(dns__tsig_algallocated(DNS_TSIG_HMACSHA512_NAME));
+
+ /* try another name that isn't a standard algorithm name */
+ assert_true(dns__tsig_algallocated(dns_rootname));
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(tsig_tcp_test, _setup,
+ _teardown),
+ cmocka_unit_test(algvalid_test),
+ cmocka_unit_test(algfromname_test),
+ cmocka_unit_test_setup_teardown(algnamefromname_test, _setup,
+ _teardown),
+ cmocka_unit_test(algallocated_test),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/update_test.c b/lib/dns/tests/update_test.c
new file mode 100644
index 0000000..bc792a1
--- /dev/null
+++ b/lib/dns/tests/update_test.c
@@ -0,0 +1,381 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <inttypes.h>
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/serial.h>
+#include <isc/stdtime.h>
+#include <isc/util.h>
+
+#include <dns/update.h>
+
+#include "dnstest.h"
+
+/*
+ * Fix the linking order problem for overridden isc_stdtime_get() by making
+ * everything local. This also allows static functions from update.c to be
+ * tested.
+ */
+#include "../update.c"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ setenv("TZ", "", 1);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static uint32_t mystdtime;
+
+static void
+set_mystdtime(int year, int month, int day) {
+ struct tm tm;
+
+ memset(&tm, 0, sizeof(tm));
+ tm.tm_year = year - 1900;
+ tm.tm_mon = month - 1;
+ tm.tm_mday = day;
+ mystdtime = timegm(&tm);
+}
+
+/*
+ * Override isc_stdtime_get() from lib/isc/[unix/win32]/stdtime.c
+ * with our own for testing purposes.
+ */
+void
+isc_stdtime_get(isc_stdtime_t *now) {
+ *now = mystdtime;
+}
+
+/*
+ * Because update_test.o requires dns_update_*() symbols, the linker is able
+ * to resolve them using libdns.a(update.o). That object has other symbol
+ * dependencies (dst_key_*()), so it pulls libdns.a(dst_api.o).
+ * That object file requires the isc_stdtime_tostring() symbol.
+ *
+ * Define a local version here so that we don't have to depend on
+ * libisc.a(stdtime.o). If isc_stdtime_tostring() would be left undefined,
+ * the linker has to get the required object file, and that will result in a
+ * multiple definition error because the isc_stdtime_get() symbol exported
+ * there is already in the exported list.
+ */
+void
+isc_stdtime_tostring(isc_stdtime_t t, char *out, size_t outlen) {
+ UNUSED(t);
+ UNUSED(out);
+ UNUSED(outlen);
+}
+
+/* simple increment by 1 */
+static void
+increment_test(void **state) {
+ uint32_t old = 50;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ serial = dns_update_soaserial(old, dns_updatemethod_increment, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 51);
+}
+
+/* increment past zero, 0xfffffffff -> 1 */
+static void
+increment_past_zero_test(void **state) {
+ uint32_t old = 0xffffffffu;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ serial = dns_update_soaserial(old, dns_updatemethod_increment, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 1u);
+}
+
+/* past to unixtime */
+static void
+past_to_unix_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ set_mystdtime(2011, 6, 22);
+ old = mystdtime - 1;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, mystdtime);
+}
+
+/* now to unixtime */
+static void
+now_to_unix_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ set_mystdtime(2011, 6, 22);
+ old = mystdtime;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, old + 1);
+}
+
+/* future to unixtime */
+static void
+future_to_unix_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ set_mystdtime(2011, 6, 22);
+ old = mystdtime + 1;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, old + 1);
+}
+
+/* undefined plus 1 to unixtime */
+static void
+undefined_plus1_to_unix_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ set_mystdtime(2011, 6, 22);
+ old = mystdtime ^ 0x80000000u;
+ old += 1;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, mystdtime);
+}
+
+/* undefined minus 1 to unixtime */
+static void
+undefined_minus1_to_unix_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ set_mystdtime(2011, 6, 22);
+ old = mystdtime ^ 0x80000000u;
+ old -= 1;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, old + 1);
+}
+
+/* undefined to unixtime */
+static void
+undefined_to_unix_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ set_mystdtime(2011, 6, 22);
+ old = mystdtime ^ 0x80000000u;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, old + 1);
+}
+
+/* handle unixtime being zero */
+static void
+unixtime_zero_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+
+ UNUSED(state);
+
+ mystdtime = 0;
+ old = 0xfffffff0;
+
+ serial = dns_update_soaserial(old, dns_updatemethod_unixtime, NULL);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, old + 1);
+}
+
+/* past to date */
+static void
+past_to_date_test(void **state) {
+ uint32_t old, serial;
+ dns_updatemethod_t used = dns_updatemethod_none;
+
+ UNUSED(state);
+
+ set_mystdtime(2014, 3, 31);
+ old = dns_update_soaserial(0, dns_updatemethod_date, NULL);
+ set_mystdtime(2014, 4, 1);
+
+ serial = dns_update_soaserial(old, dns_updatemethod_date, &used);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 2014040100);
+ assert_int_equal(dns_updatemethod_date, used);
+}
+
+/* now to date */
+static void
+now_to_date_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+ dns_updatemethod_t used = dns_updatemethod_none;
+
+ UNUSED(state);
+
+ set_mystdtime(2014, 4, 1);
+ old = dns_update_soaserial(0, dns_updatemethod_date, NULL);
+
+ serial = dns_update_soaserial(old, dns_updatemethod_date, &used);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 2014040101);
+ assert_int_equal(dns_updatemethod_date, used);
+
+ old = 2014040198;
+ serial = dns_update_soaserial(old, dns_updatemethod_date, &used);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 2014040199);
+ assert_int_equal(dns_updatemethod_date, used);
+
+ /*
+ * Stealing from "tomorrow".
+ */
+ old = 2014040199;
+ serial = dns_update_soaserial(old, dns_updatemethod_date, &used);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 2014040200);
+ assert_int_equal(dns_updatemethod_increment, used);
+}
+
+/* future to date */
+static void
+future_to_date_test(void **state) {
+ uint32_t old;
+ uint32_t serial;
+ dns_updatemethod_t used = dns_updatemethod_none;
+
+ UNUSED(state);
+
+ set_mystdtime(2014, 4, 1);
+ old = dns_update_soaserial(0, dns_updatemethod_date, NULL);
+ set_mystdtime(2014, 3, 31);
+
+ serial = dns_update_soaserial(old, dns_updatemethod_date, &used);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 2014040101);
+ assert_int_equal(dns_updatemethod_increment, used);
+
+ old = serial;
+ serial = dns_update_soaserial(old, dns_updatemethod_date, &used);
+ assert_true(isc_serial_lt(old, serial));
+ assert_int_not_equal(serial, 0);
+ assert_int_equal(serial, 2014040102);
+ assert_int_equal(dns_updatemethod_increment, used);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(increment_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(increment_past_zero_test,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(past_to_unix_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(now_to_unix_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(future_to_unix_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(undefined_to_unix_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(undefined_plus1_to_unix_test,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(undefined_minus1_to_unix_test,
+ _setup, _teardown),
+ cmocka_unit_test_setup_teardown(unixtime_zero_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(past_to_date_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(now_to_date_test, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(future_to_date_test, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/zonemgr_test.c b/lib/dns/tests/zonemgr_test.c
new file mode 100644
index 0000000..3424342
--- /dev/null
+++ b/lib/dns/tests/zonemgr_test.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/buffer.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/name.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+
+#include "dnstest.h"
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+/* create zone manager */
+static void
+zonemgr_create(void **state) {
+ dns_zonemgr_t *myzonemgr = NULL;
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr,
+ &myzonemgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ dns_zonemgr_shutdown(myzonemgr);
+ dns_zonemgr_detach(&myzonemgr);
+ assert_null(myzonemgr);
+}
+
+/* manage and release a zone */
+static void
+zonemgr_managezone(void **state) {
+ dns_zonemgr_t *myzonemgr = NULL;
+ dns_zone_t *zone = NULL;
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr,
+ &myzonemgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_test_makezone("foo", &zone, NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* This should not succeed until the dns_zonemgr_setsize() is run */
+ result = dns_zonemgr_managezone(myzonemgr, zone);
+ assert_int_equal(result, ISC_R_FAILURE);
+
+ assert_int_equal(dns_zonemgr_getcount(myzonemgr, DNS_ZONESTATE_ANY), 0);
+
+ result = dns_zonemgr_setsize(myzonemgr, 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Now it should succeed */
+ result = dns_zonemgr_managezone(myzonemgr, zone);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_int_equal(dns_zonemgr_getcount(myzonemgr, DNS_ZONESTATE_ANY), 1);
+
+ dns_zonemgr_releasezone(myzonemgr, zone);
+ dns_zone_detach(&zone);
+
+ assert_int_equal(dns_zonemgr_getcount(myzonemgr, DNS_ZONESTATE_ANY), 0);
+
+ dns_zonemgr_shutdown(myzonemgr);
+ dns_zonemgr_detach(&myzonemgr);
+ assert_null(myzonemgr);
+}
+
+/* create and release a zone */
+static void
+zonemgr_createzone(void **state) {
+ dns_zonemgr_t *myzonemgr = NULL;
+ dns_zone_t *zone = NULL;
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr,
+ &myzonemgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* This should not succeed until the dns_zonemgr_setsize() is run */
+ result = dns_zonemgr_createzone(myzonemgr, &zone);
+ assert_int_equal(result, ISC_R_FAILURE);
+
+ result = dns_zonemgr_setsize(myzonemgr, 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ /* Now it should succeed */
+ result = dns_zonemgr_createzone(myzonemgr, &zone);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(zone);
+
+ if (zone != NULL) {
+ dns_zone_detach(&zone);
+ }
+
+ dns_zonemgr_shutdown(myzonemgr);
+ dns_zonemgr_detach(&myzonemgr);
+ assert_null(myzonemgr);
+}
+
+/* manage and release a zone */
+static void
+zonemgr_unreachable(void **state) {
+ dns_zonemgr_t *myzonemgr = NULL;
+ dns_zone_t *zone = NULL;
+ isc_sockaddr_t addr1, addr2;
+ struct in_addr in;
+ isc_result_t result;
+ isc_time_t now;
+
+ UNUSED(state);
+
+ TIME_NOW(&now);
+
+ result = dns_zonemgr_create(dt_mctx, taskmgr, timermgr, socketmgr,
+ &myzonemgr);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_test_makezone("foo", &zone, NULL, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_zonemgr_setsize(myzonemgr, 1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_zonemgr_managezone(myzonemgr, zone);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ in.s_addr = inet_addr("10.53.0.1");
+ isc_sockaddr_fromin(&addr1, &in, 2112);
+ in.s_addr = inet_addr("10.53.0.2");
+ isc_sockaddr_fromin(&addr2, &in, 5150);
+ assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+ /*
+ * We require multiple unreachableadd calls to mark a server as
+ * unreachable.
+ */
+ dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now);
+ assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+ dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now);
+ assert_true(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+
+ in.s_addr = inet_addr("10.53.0.3");
+ isc_sockaddr_fromin(&addr2, &in, 5150);
+ assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+ /*
+ * We require multiple unreachableadd calls to mark a server as
+ * unreachable.
+ */
+ dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now);
+ dns_zonemgr_unreachableadd(myzonemgr, &addr1, &addr2, &now);
+ assert_true(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+
+ dns_zonemgr_unreachabledel(myzonemgr, &addr1, &addr2);
+ assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+
+ in.s_addr = inet_addr("10.53.0.2");
+ isc_sockaddr_fromin(&addr2, &in, 5150);
+ assert_true(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+ dns_zonemgr_unreachabledel(myzonemgr, &addr1, &addr2);
+ assert_false(dns_zonemgr_unreachable(myzonemgr, &addr1, &addr2, &now));
+
+ dns_zonemgr_releasezone(myzonemgr, zone);
+ dns_zone_detach(&zone);
+ dns_zonemgr_shutdown(myzonemgr);
+ dns_zonemgr_detach(&myzonemgr);
+ assert_null(myzonemgr);
+}
+
+/*
+ * XXX:
+ * dns_zonemgr API calls that are not yet part of this unit test:
+ *
+ * - dns_zonemgr_attach
+ * - dns_zonemgr_forcemaint
+ * - dns_zonemgr_resumexfrs
+ * - dns_zonemgr_shutdown
+ * - dns_zonemgr_setsize
+ * - dns_zonemgr_settransfersin
+ * - dns_zonemgr_getttransfersin
+ * - dns_zonemgr_settransfersperns
+ * - dns_zonemgr_getttransfersperns
+ * - dns_zonemgr_setiolimit
+ * - dns_zonemgr_getiolimit
+ * - dns_zonemgr_dbdestroyed
+ * - dns_zonemgr_setserialqueryrate
+ * - dns_zonemgr_getserialqueryrate
+ */
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(zonemgr_create, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(zonemgr_managezone, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(zonemgr_createzone, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(zonemgr_unreachable, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */
diff --git a/lib/dns/tests/zt_test.c b/lib/dns/tests/zt_test.c
new file mode 100644
index 0000000..e79adb2
--- /dev/null
+++ b/lib/dns/tests/zt_test.c
@@ -0,0 +1,376 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#if HAVE_CMOCKA
+
+#include <sched.h> /* IWYU pragma: keep */
+#include <setjmp.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#define UNIT_TESTING
+#include <cmocka.h>
+
+#include <isc/app.h>
+#include <isc/atomic.h>
+#include <isc/buffer.h>
+#include <isc/print.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/name.h>
+#include <dns/view.h>
+#include <dns/zone.h>
+#include <dns/zt.h>
+
+#include "dnstest.h"
+
+struct args {
+ void *arg1;
+ void *arg2;
+ bool arg3;
+};
+
+static int
+_setup(void **state) {
+ isc_result_t result;
+
+ UNUSED(state);
+
+ result = dns_test_begin(NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ return (0);
+}
+
+static int
+_teardown(void **state) {
+ UNUSED(state);
+
+ dns_test_end();
+
+ return (0);
+}
+
+static isc_result_t
+count_zone(dns_zone_t *zone, void *uap) {
+ int *nzones = (int *)uap;
+
+ UNUSED(zone);
+
+ *nzones += 1;
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+load_done(dns_zt_t *zt, dns_zone_t *zone, isc_task_t *task) {
+ /* We treat zt as a pointer to a boolean for testing purposes */
+ atomic_bool *done = (atomic_bool *)zt;
+
+ UNUSED(zone);
+ UNUSED(task);
+
+ atomic_store(done, true);
+ isc_app_shutdown();
+ return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+all_done(void *arg) {
+ atomic_bool *done = (atomic_bool *)arg;
+
+ atomic_store(done, true);
+ isc_app_shutdown();
+ return (ISC_R_SUCCESS);
+}
+
+static void
+start_zt_asyncload(isc_task_t *task, isc_event_t *event) {
+ struct args *args = (struct args *)(event->ev_arg);
+
+ UNUSED(task);
+
+ dns_zt_asyncload(args->arg1, false, all_done, args->arg2);
+
+ isc_event_free(&event);
+}
+
+static void
+start_zone_asyncload(isc_task_t *task, isc_event_t *event) {
+ struct args *args = (struct args *)(event->ev_arg);
+
+ UNUSED(task);
+
+ dns_zone_asyncload(args->arg1, args->arg3, load_done, args->arg2);
+ isc_event_free(&event);
+}
+
+/* apply a function to a zone table */
+static void
+apply(void **state) {
+ isc_result_t result;
+ dns_zone_t *zone = NULL;
+ dns_view_t *view = NULL;
+ int nzones = 0;
+
+ UNUSED(state);
+
+ result = dns_test_makezone("foo", &zone, NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ view = dns_zone_getview(zone);
+ assert_non_null(view->zonetable);
+
+ assert_int_equal(nzones, 0);
+ result = dns_zt_apply(view->zonetable, isc_rwlocktype_read, false, NULL,
+ count_zone, &nzones);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_int_equal(nzones, 1);
+
+ /* These steps are necessary so the zone can be detached properly */
+ result = dns_test_setupzonemgr();
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_test_managezone(zone);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_test_releasezone(zone);
+ dns_test_closezonemgr();
+
+ /* The view was left attached in dns_test_makezone() */
+ dns_view_detach(&view);
+ dns_zone_detach(&zone);
+}
+
+/* asynchronous zone load */
+static void
+asyncload_zone(void **state) {
+ isc_result_t result;
+ int n;
+ dns_zone_t *zone = NULL;
+ dns_view_t *view = NULL;
+ dns_db_t *db = NULL;
+ FILE *zonefile, *origfile;
+ char buf[4096];
+ atomic_bool done;
+ int i = 0;
+ struct args args;
+
+ UNUSED(state);
+
+ atomic_init(&done, false);
+
+ result = dns_test_makezone("foo", &zone, NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ result = dns_test_setupzonemgr();
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_test_managezone(zone);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ view = dns_zone_getview(zone);
+ assert_non_null(view->zonetable);
+
+ assert_false(dns__zone_loadpending(zone));
+ assert_false(atomic_load(&done));
+ zonefile = fopen("./zone.data", "wb");
+ assert_non_null(zonefile);
+ origfile = fopen("./testdata/zt/zone1.db", "r+b");
+ assert_non_null(origfile);
+ n = fread(buf, 1, 4096, origfile);
+ fclose(origfile);
+ fwrite(buf, 1, n, zonefile);
+ fflush(zonefile);
+
+ dns_zone_setfile(zone, "./zone.data", dns_masterformat_text,
+ &dns_master_style_default);
+
+ args.arg1 = zone;
+ args.arg2 = &done;
+ args.arg3 = false;
+ isc_app_onrun(dt_mctx, maintask, start_zone_asyncload, &args);
+
+ isc_app_run();
+ while (dns__zone_loadpending(zone) && i++ < 5000) {
+ dns_test_nap(1000);
+ }
+ assert_true(atomic_load(&done));
+ /* The zone should now be loaded; test it */
+ result = dns_zone_getdb(zone, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detach(&db);
+ /*
+ * Add something to zone file, reload zone with newonly - it should
+ * not be reloaded.
+ */
+ fprintf(zonefile, "\nb in b 1.2.3.4\n");
+ fflush(zonefile);
+ fclose(zonefile);
+
+ args.arg1 = zone;
+ args.arg2 = &done;
+ args.arg3 = true;
+ isc_app_onrun(dt_mctx, maintask, start_zone_asyncload, &args);
+
+ isc_app_run();
+
+ while (dns__zone_loadpending(zone) && i++ < 5000) {
+ dns_test_nap(1000);
+ }
+ assert_true(atomic_load(&done));
+ /* The zone should now be loaded; test it */
+ result = dns_zone_getdb(zone, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_db_detach(&db);
+
+ /* Now reload it without newonly - it should be reloaded */
+ args.arg1 = zone;
+ args.arg2 = &done;
+ args.arg3 = false;
+ isc_app_onrun(dt_mctx, maintask, start_zone_asyncload, &args);
+
+ isc_app_run();
+
+ while (dns__zone_loadpending(zone) && i++ < 5000) {
+ dns_test_nap(1000);
+ }
+ assert_true(atomic_load(&done));
+ /* The zone should now be loaded; test it */
+ result = dns_zone_getdb(zone, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_non_null(db);
+ if (db != NULL) {
+ dns_db_detach(&db);
+ }
+
+ dns_test_releasezone(zone);
+ dns_test_closezonemgr();
+
+ dns_zone_detach(&zone);
+ dns_view_detach(&view);
+}
+
+/* asynchronous zone table load */
+static void
+asyncload_zt(void **state) {
+ isc_result_t result;
+ dns_zone_t *zone1 = NULL, *zone2 = NULL, *zone3 = NULL;
+ dns_view_t *view;
+ dns_zt_t *zt = NULL;
+ dns_db_t *db = NULL;
+ atomic_bool done;
+ int i = 0;
+ struct args args;
+
+ UNUSED(state);
+
+ atomic_init(&done, false);
+
+ result = dns_test_makezone("foo", &zone1, NULL, true);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_zone_setfile(zone1, "testdata/zt/zone1.db", dns_masterformat_text,
+ &dns_master_style_default);
+ view = dns_zone_getview(zone1);
+
+ result = dns_test_makezone("bar", &zone2, view, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_zone_setfile(zone2, "testdata/zt/zone1.db", dns_masterformat_text,
+ &dns_master_style_default);
+
+ /* This one will fail to load */
+ result = dns_test_makezone("fake", &zone3, view, false);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ dns_zone_setfile(zone3, "testdata/zt/nonexistent.db",
+ dns_masterformat_text, &dns_master_style_default);
+
+ zt = view->zonetable;
+ assert_non_null(zt);
+
+ result = dns_test_setupzonemgr();
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_test_managezone(zone1);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_test_managezone(zone2);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ result = dns_test_managezone(zone3);
+ assert_int_equal(result, ISC_R_SUCCESS);
+
+ assert_false(dns__zone_loadpending(zone1));
+ assert_false(dns__zone_loadpending(zone2));
+ assert_false(atomic_load(&done));
+
+ args.arg1 = zt;
+ args.arg2 = &done;
+ isc_app_onrun(dt_mctx, maintask, start_zt_asyncload, &args);
+
+ isc_app_run();
+ while (!atomic_load(&done) && i++ < 5000) {
+ dns_test_nap(1000);
+ }
+ assert_true(atomic_load(&done));
+
+ /* Both zones should now be loaded; test them */
+ result = dns_zone_getdb(zone1, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(db);
+ if (db != NULL) {
+ dns_db_detach(&db);
+ }
+
+ result = dns_zone_getdb(zone2, &db);
+ assert_int_equal(result, ISC_R_SUCCESS);
+ assert_non_null(db);
+ if (db != NULL) {
+ dns_db_detach(&db);
+ }
+
+ dns_test_releasezone(zone3);
+ dns_test_releasezone(zone2);
+ dns_test_releasezone(zone1);
+ dns_test_closezonemgr();
+
+ dns_zone_detach(&zone1);
+ dns_zone_detach(&zone2);
+ dns_zone_detach(&zone3);
+ dns_view_detach(&view);
+}
+
+int
+main(void) {
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test_setup_teardown(apply, _setup, _teardown),
+ cmocka_unit_test_setup_teardown(asyncload_zone, _setup,
+ _teardown),
+ cmocka_unit_test_setup_teardown(asyncload_zt, _setup,
+ _teardown),
+ };
+
+ return (cmocka_run_group_tests(tests, NULL, NULL));
+}
+
+#else /* HAVE_CMOCKA */
+
+#include <stdio.h>
+
+int
+main(void) {
+ printf("1..0 # Skipped: cmocka not available\n");
+ return (SKIPPED_TEST_EXIT_CODE);
+}
+
+#endif /* if HAVE_CMOCKA */