wipwip

qdm12 · Jul 12, 2023 · fbbb988 · fbbb988
1 parent 12156a4
commit fbbb988
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 21 deletions.
diff --git a/pkg/dnssec/integration_test.go b/pkg/dnssec/integration_test.go
@@ -1,6 +1,3 @@
-//go:build integration
-// +build integration
-
 package dnssec
 
 import (
@@ -63,27 +60,32 @@ func Test_validator_fetchAndValidateZone(t *testing.T) {
 		errWrapped error
 		errMessage string
 	}{
-		"valid DNSSEC": {
-			zone:     "qqq.ninja.",
+		// "valid DNSSEC": {
+		// 	zone:     "qqq.ninja.",
+		// 	dnsType:  dns.TypeA,
+		// 	rrset:    getRRSetWithoutValidation(t, "qqq.ninja.", dns.TypeA, dns.ClassINET),
+		// 	exchange: testExchange(),
+		// },
+		"www.iana.org.": {
+			zone:     "vip.icann.org.",
 			dnsType:  dns.TypeA,
-			rrset:    getRRSetWithoutValidation(t, "qqq.ninja.", dns.TypeA, dns.ClassINET),
 			exchange: testExchange(),
 		},
-		"no DNSSEC": {
-			zone:     "github.com.",
-			dnsType:  dns.TypeA,
-			rrset:    getRRSetWithoutValidation(t, "github.com.", dns.TypeA, dns.ClassINET),
-			exchange: testExchange(),
-		},
-		"bad DNSSEC already failed by upstream": {
-			zone:       "dnssec-failed.org.",
-			dnsType:    dns.TypeA,
-			exchange:   testExchange(),
-			errWrapped: ErrValidationFailedUpstream,
-			errMessage: "cannot fetch desired RRSet and RRSig: " +
-				"for dnssec-failed.org. IN A: " +
-				"DNSSEC validation might had failed upstream",
-		},
+		// "no DNSSEC": {
+		// 	zone:     "github.com.",
+		// 	dnsType:  dns.TypeA,
+		// 	rrset:    getRRSetWithoutValidation(t, "github.com.", dns.TypeA, dns.ClassINET),
+		// 	exchange: testExchange(),
+		// },
+		// "bad DNSSEC already failed by upstream": {
+		// 	zone:       "dnssec-failed.org.",
+		// 	dnsType:    dns.TypeA,
+		// 	exchange:   testExchange(),
+		// 	errWrapped: ErrValidationFailedUpstream,
+		// 	errMessage: "cannot fetch desired RRSet and RRSig: " +
+		// 		"for dnssec-failed.org. IN A: " +
+		// 		"DNSSEC validation might had failed upstream",
+		// },
 	}
 	for name, testCase := range testCases {
 		testCase := testCase

diff --git a/pkg/dnssec/signedzone.go b/pkg/dnssec/signedzone.go
@@ -19,6 +19,9 @@ type signedZone struct {
 func dnsKeyRRSetToMap(rrset []dns.RR) (keyTagToDNSKey map[uint16]*dns.DNSKEY) {
 	keyTagToDNSKey = make(map[uint16]*dns.DNSKEY, len(rrset))
 	for _, rr := range rrset {
+		if rr.Header().Rrtype != dns.TypeDNSKEY {
+			continue
+		}
 		dnsKey := rr.(*dns.DNSKEY)
 		keyTagToDNSKey[dnsKey.KeyTag()] = dnsKey
 	}