diff options
author | Casey Deccio <casey@deccio.net> | 2021-09-28 19:24:54 +0300 |
---|---|---|
committer | Casey Deccio <casey@deccio.net> | 2021-09-28 19:27:38 +0300 |
commit | a03ff7dc0919dfc09a2f29900ce8c78c4afbd348 (patch) | |
tree | 2b4308fe9da1ae9a61c6eea2d2d6c171fdafaaa7 | |
parent | 9427a5c7d287664199315a2438b45521854a0c7d (diff) |
Check bitmap of wildcard names in the case of NODATAcheck_wildcard_delegation
Fixes #78
-rw-r--r-- | dnsviz/analysis/status.py | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py index e43a01e..9bbb2d4 100644 --- a/dnsviz/analysis/status.py +++ b/dnsviz/analysis/status.py @@ -840,8 +840,14 @@ class NSECStatusNODATA(NSECStatus): try: self.nsec_for_wildcard_name = nsec_set_info.rrsets[self.wildcard_name] self.wildcard_has_rdtype = nsec_set_info.rdtype_exists_in_bitmap(self.wildcard_name, self.rdtype) + self.wildcard_has_ns = nsec_set_info.rdtype_exists_in_bitmap(self.wildcard_name, dns.rdatatype.NS) + self.wildcard_has_ds = nsec_set_info.rdtype_exists_in_bitmap(self.wildcard_name, dns.rdatatype.DS) + self.wildcard_has_soa = nsec_set_info.rdtype_exists_in_bitmap(self.wildcard_name, dns.rdatatype.SOA) except KeyError: - pass + self.wildcard_has_rdtype = False + self.wildcard_has_ns = False + self.wildcard_has_ds = False + self.wildcard_has_soa = False # check for covering of the origin self.nsec_names_covering_origin = {} @@ -885,6 +891,20 @@ class NSECStatusNODATA(NSECStatus): self.errors.append(Errors.SnameCoveredNODATANSEC(sname=fmt.humanize_name(self.qname))) self.validation_status = NSEC_STATUS_INVALID elif self.nsec_for_wildcard_name: # implies wildcard_name, which implies nsec_names_covering_qname + if self.rdtype == dns.rdatatype.DS or self.referral: + if self.is_zone and not self.wildcard_has_ns: + self.errors.append(Errors.ReferralWithoutNSBitNSEC(sname=fmt.humanize_name(self.wildcard_name))) + self.validation_status = NSEC_STATUS_INVALID + if self.wildcard_has_ds: + self.errors.append(Errors.ReferralWithDSBitNSEC(sname=fmt.humanize_name(self.wildcard_name))) + self.validation_status = NSEC_STATUS_INVALID + if self.wildcard_has_soa: + self.errors.append(Errors.ReferralWithSOABitNSEC(sname=fmt.humanize_name(self.wildcard_name))) + self.validation_status = NSEC_STATUS_INVALID + else: + if self.has_rdtype: + self.errors.append(Errors.StypeInBitmapNODATANSEC(sname=fmt.humanize_name(self.qname), stype=dns.rdatatype.to_text(self.rdtype))) + self.validation_status = NSEC_STATUS_INVALID if self.wildcard_has_rdtype: self.validation_status = NSEC_STATUS_INVALID self.errors.append(Errors.StypeInBitmapNODATANSEC(sname=fmt.humanize_name(self.wildcard_name), stype=dns.rdatatype.to_text(self.rdtype))) |