ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Add dns_nsec_requiredtypespresent

Browse Source 
checks an NSEC rdataset to ensure that both NSEC and RRSIG are
present in the type map.  These types are required for the NSEC
to be valid
This commit is contained in:
Mark Andrews
2021-11-27 09:12:08 +11:00
committed by Petr Špaček
parent 571f3af6e8
commit 8ff2c133b5
5 changed files with 98 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
bin/tests/system/synthfromdnssec/ns1/minimal.db.in
View File

@@ -7,7 +7,11 @@ minimal. 3600 SOA ns1.minimal. hostmaster.minimal. (
3600 ; minimum (1 hour)
)
3600 NS ns1.minimal.
3600 NSEC black.minimal. NS SOA RRSIG NSEC DNSKEY
3600 NSEC badtypemap.minimal. NS SOA RRSIG NSEC DNSKEY
; bad NSEC type map without RRSIG or NSEC
badtypemap.minimal. 3600 NSEC black.minimal. A
badtypemap.minimal. 3600 A 1.2.3.4
badtypemap.minimal. 3600 AAAA 2002::1
; cloudflare black lie
black.minimal. 3600 NSEC \000.black.minimal. RRSIG NSEC
;