fix: populate ldns submodule and add autotools to LDNS build stage

- Re-cloned zonemaster-ldns with --recurse-submodules so the bundled ldns C library source (including Changelog and configure.ac) is present - Added autoconf, automake, libtool to Dockerfile.backend ldns-build stage so libtoolize + autoreconf can generate ldns/configure during make Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:33:38 +02:00
parent 8d4eaa1489
commit eaaa8f6a11
541 changed files with 138189 additions and 0 deletions
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/DNS-LDNS.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/DNS-LDNS.t
@@ -0,0 +1,136 @@
+# Before `make install' is performed this script should be runnable with
+# `make test'. After `make install' it should work as `perl DNS-LDNS.t'
+
+#########################
+
+# change 'tests => 2' to 'tests => last_test_to_print';
+
+use strict;
+use warnings;
+
+use Test::More tests => 2;
+BEGIN { use_ok('DNS::LDNS') };
+
+
+my $fail = 0;
+foreach my $constname (qw(
+	LDNS_AA LDNS_AD LDNS_CD LDNS_CERT_ACPKIX LDNS_CERT_IACPKIX
+	LDNS_CERT_IPGP LDNS_CERT_IPKIX LDNS_CERT_ISPKI LDNS_CERT_OID
+	LDNS_CERT_PGP LDNS_CERT_PKIX LDNS_CERT_SPKI LDNS_CERT_URI
+	LDNS_DEFAULT_TTL LDNS_DH LDNS_DSA LDNS_DSA_NSEC3 LDNS_ECC LDNS_ECC_GOST
+	LDNS_HASH_GOST LDNS_IP4ADDRLEN LDNS_IP6ADDRLEN
+	LDNS_KEY_REVOKE_KEY LDNS_KEY_SEP_KEY LDNS_KEY_ZONE_KEY
+	LDNS_MAX_DOMAINLEN LDNS_MAX_LABELLEN LDNS_MAX_PACKETLEN
+	LDNS_MAX_POINTERS LDNS_MAX_RDFLEN LDNS_NSEC3_VARS_OPTOUT_MASK
+	LDNS_PACKET_ANSWER LDNS_PACKET_IQUERY LDNS_PACKET_NODATA
+	LDNS_PACKET_NOTIFY LDNS_PACKET_NXDOMAIN LDNS_PACKET_QUERY
+	LDNS_PACKET_QUESTION LDNS_PACKET_REFERRAL LDNS_PACKET_STATUS
+	LDNS_PACKET_UNKNOWN LDNS_PACKET_UPDATE LDNS_PORT LDNS_PRIVATEDNS
+	LDNS_PRIVATEOID LDNS_QR LDNS_RA LDNS_RCODE_FORMERR LDNS_RCODE_NOERROR
+	LDNS_RCODE_NOTAUTH LDNS_RCODE_NOTIMPL LDNS_RCODE_NOTZONE
+	LDNS_RCODE_NXDOMAIN LDNS_RCODE_NXRRSET LDNS_RCODE_REFUSED
+	LDNS_RCODE_SERVFAIL LDNS_RCODE_YXDOMAIN LDNS_RCODE_YXRRSET LDNS_RD
+	LDNS_RDATA_FIELD_DESCRIPTORS_COMMON LDNS_RDF_SIZE_16BYTES
+	LDNS_RDF_SIZE_6BYTES LDNS_RDF_SIZE_BYTE LDNS_RDF_SIZE_DOUBLEWORD
+	LDNS_RDF_SIZE_WORD LDNS_RDF_TYPE_A LDNS_RDF_TYPE_AAAA LDNS_RDF_TYPE_ALG
+	LDNS_RDF_TYPE_APL LDNS_RDF_TYPE_ATMA LDNS_RDF_TYPE_B32_EXT
+	LDNS_RDF_TYPE_B64 LDNS_RDF_TYPE_CERT_ALG LDNS_RDF_TYPE_CLASS
+	LDNS_RDF_TYPE_DNAME LDNS_RDF_TYPE_HEX LDNS_RDF_TYPE_INT16
+	LDNS_RDF_TYPE_INT16_DATA LDNS_RDF_TYPE_INT32 LDNS_RDF_TYPE_INT8
+	LDNS_RDF_TYPE_IPSECKEY LDNS_RDF_TYPE_LOC LDNS_RDF_TYPE_NONE
+	LDNS_RDF_TYPE_NSAP LDNS_RDF_TYPE_NSEC LDNS_RDF_TYPE_NSEC3_NEXT_OWNER
+	LDNS_RDF_TYPE_NSEC3_SALT LDNS_RDF_TYPE_PERIOD LDNS_RDF_TYPE_SERVICE
+	LDNS_RDF_TYPE_STR LDNS_RDF_TYPE_TIME LDNS_RDF_TYPE_HIP
+	LDNS_RDF_TYPE_TSIGTIME LDNS_RDF_TYPE_TYPE LDNS_RDF_TYPE_UNKNOWN
+	LDNS_RDF_TYPE_WKS LDNS_RESOLV_ANCHOR LDNS_RESOLV_DEFDOMAIN
+	LDNS_RESOLV_INET LDNS_RESOLV_INET6 LDNS_RESOLV_INETANY
+	LDNS_RESOLV_KEYWORD LDNS_RESOLV_KEYWORDS LDNS_RESOLV_NAMESERVER
+	LDNS_RESOLV_OPTIONS LDNS_RESOLV_RTT_INF LDNS_RESOLV_RTT_MIN
+	LDNS_RESOLV_SEARCH LDNS_RESOLV_SORTLIST LDNS_RR_CLASS_ANY
+	LDNS_RR_CLASS_CH LDNS_RR_CLASS_COUNT LDNS_RR_CLASS_FIRST
+	LDNS_RR_CLASS_HS LDNS_RR_CLASS_IN LDNS_RR_CLASS_LAST LDNS_RR_CLASS_NONE
+	LDNS_RR_COMPRESS LDNS_RR_NO_COMPRESS LDNS_RR_OVERHEAD LDNS_RR_TYPE_A
+	LDNS_RR_TYPE_A6 LDNS_RR_TYPE_AAAA LDNS_RR_TYPE_AFSDB LDNS_RR_TYPE_ANY
+	LDNS_RR_TYPE_APL LDNS_RR_TYPE_ATMA LDNS_RR_TYPE_AXFR LDNS_RR_TYPE_CERT
+	LDNS_RR_TYPE_CNAME LDNS_RR_TYPE_COUNT LDNS_RR_TYPE_DHCID
+	LDNS_RR_TYPE_DLV LDNS_RR_TYPE_DNAME LDNS_RR_TYPE_DNSKEY LDNS_RR_TYPE_DS
+	LDNS_RR_TYPE_EID LDNS_RR_TYPE_FIRST LDNS_RR_TYPE_GID LDNS_RR_TYPE_GPOS
+	LDNS_RR_TYPE_HINFO LDNS_RR_TYPE_IPSECKEY LDNS_RR_TYPE_ISDN
+	LDNS_RR_TYPE_IXFR LDNS_RR_TYPE_KEY LDNS_RR_TYPE_KX LDNS_RR_TYPE_LAST
+	LDNS_RR_TYPE_LOC LDNS_RR_TYPE_MAILA LDNS_RR_TYPE_MAILB LDNS_RR_TYPE_MB
+	LDNS_RR_TYPE_MD LDNS_RR_TYPE_MF LDNS_RR_TYPE_MG LDNS_RR_TYPE_MINFO
+	LDNS_RR_TYPE_MR LDNS_RR_TYPE_MX LDNS_RR_TYPE_NAPTR LDNS_RR_TYPE_NIMLOC
+	LDNS_RR_TYPE_NS LDNS_RR_TYPE_NSAP LDNS_RR_TYPE_NSAP_PTR
+	LDNS_RR_TYPE_NSEC LDNS_RR_TYPE_NSEC3 LDNS_RR_TYPE_NSEC3PARAM
+	LDNS_RR_TYPE_NSEC3PARAMS LDNS_RR_TYPE_NULL LDNS_RR_TYPE_NXT
+	LDNS_RR_TYPE_OPT LDNS_RR_TYPE_PTR LDNS_RR_TYPE_PX LDNS_RR_TYPE_RP
+	LDNS_RR_TYPE_RRSIG LDNS_RR_TYPE_RT LDNS_RR_TYPE_SIG LDNS_RR_TYPE_SINK
+	LDNS_RR_TYPE_SOA LDNS_RR_TYPE_SPF LDNS_RR_TYPE_SRV LDNS_RR_TYPE_SSHFP
+	LDNS_RR_TYPE_TALINK LDNS_RR_TYPE_TSIG LDNS_RR_TYPE_TXT LDNS_RR_TYPE_UID
+	LDNS_RR_TYPE_UINFO LDNS_RR_TYPE_UNSPEC LDNS_RR_TYPE_WKS
+	LDNS_RR_TYPE_X25 LDNS_RSAMD5 LDNS_RSASHA1 LDNS_RSASHA1_NSEC3
+	LDNS_RSASHA256 LDNS_RSASHA512 LDNS_SECTION_ADDITIONAL
+	LDNS_SECTION_ANSWER LDNS_SECTION_ANY LDNS_SECTION_ANY_NOQUESTION
+	LDNS_SECTION_AUTHORITY LDNS_SECTION_QUESTION LDNS_SHA1 LDNS_SHA256
+	LDNS_SIGN_DSA LDNS_SIGN_DSA_NSEC3 LDNS_SIGN_ECC_GOST
+	LDNS_SIGN_HMACSHA1 LDNS_SIGN_HMACSHA256
+	LDNS_SIGN_RSAMD5 LDNS_SIGN_RSASHA1 LDNS_SIGN_RSASHA1_NSEC3
+	LDNS_SIGN_RSASHA256 LDNS_SIGN_RSASHA512 LDNS_STATUS_ADDRESS_ERR
+	LDNS_STATUS_CERT_BAD_ALGORITHM LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL
+	LDNS_STATUS_CRYPTO_BOGUS LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION
+	LDNS_STATUS_CRYPTO_NO_DNSKEY LDNS_STATUS_CRYPTO_NO_DS
+	LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY
+	LDNS_STATUS_CRYPTO_NO_RRSIG LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY
+	LDNS_STATUS_CRYPTO_NO_TRUSTED_DS LDNS_STATUS_CRYPTO_SIG_EXPIRED
+	LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED LDNS_STATUS_CRYPTO_TSIG_BOGUS
+	LDNS_STATUS_CRYPTO_TSIG_ERR LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR
+	LDNS_STATUS_CRYPTO_UNKNOWN_ALGO LDNS_STATUS_CRYPTO_VALIDATED
+	LDNS_STATUS_DDD_OVERFLOW LDNS_STATUS_DNSSEC_EXISTENCE_DENIED
+	LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND
+	LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED
+	LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED
+	LDNS_STATUS_DOMAINNAME_OVERFLOW LDNS_STATUS_DOMAINNAME_UNDERFLOW
+	LDNS_STATUS_EMPTY_LABEL LDNS_STATUS_ENGINE_KEY_NOT_LOADED
+	LDNS_STATUS_ERR LDNS_STATUS_FILE_ERR LDNS_STATUS_INTERNAL_ERR
+	LDNS_STATUS_INVALID_B32_EXT LDNS_STATUS_INVALID_B64
+	LDNS_STATUS_INVALID_HEX LDNS_STATUS_INVALID_INT LDNS_STATUS_INVALID_IP4
+	LDNS_STATUS_INVALID_IP6 LDNS_STATUS_INVALID_POINTER
+	LDNS_STATUS_INVALID_STR LDNS_STATUS_INVALID_TIME
+	LDNS_STATUS_LABEL_OVERFLOW LDNS_STATUS_MEM_ERR
+	LDNS_STATUS_MISSING_RDATA_FIELDS_KEY
+	LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG LDNS_STATUS_NETWORK_ERR
+	LDNS_STATUS_NOT_IMPL LDNS_STATUS_NO_DATA LDNS_STATUS_NSEC3_ERR
+	LDNS_STATUS_NULL LDNS_STATUS_OK LDNS_STATUS_PACKET_OVERFLOW
+	LDNS_STATUS_RES_NO_NS LDNS_STATUS_RES_QUERY LDNS_STATUS_SOCKET_ERROR
+	LDNS_STATUS_SSL_ERR LDNS_STATUS_SYNTAX_ALG_ERR
+	LDNS_STATUS_SYNTAX_BAD_ESCAPE LDNS_STATUS_SYNTAX_CLASS_ERR
+	LDNS_STATUS_SYNTAX_DNAME_ERR LDNS_STATUS_SYNTAX_EMPTY
+	LDNS_STATUS_SYNTAX_ERR LDNS_STATUS_SYNTAX_INCLUDE
+	LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL
+	LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW
+	LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW LDNS_STATUS_SYNTAX_KEYWORD_ERR
+	LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR LDNS_STATUS_SYNTAX_ORIGIN
+	LDNS_STATUS_SYNTAX_RDATA_ERR LDNS_STATUS_SYNTAX_TTL
+	LDNS_STATUS_SYNTAX_TTL_ERR LDNS_STATUS_SYNTAX_TYPE_ERR
+	LDNS_STATUS_SYNTAX_VERSION_ERR LDNS_STATUS_UNKNOWN_INET
+	LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL
+	LDNS_STATUS_WIRE_INCOMPLETE_ANSWER
+	LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY
+	LDNS_STATUS_WIRE_INCOMPLETE_HEADER LDNS_STATUS_WIRE_INCOMPLETE_QUESTION
+	LDNS_TC)) {
+  next if (eval "my \$a = $constname; 1");
+  if ($@ =~ /^Your vendor has not defined LDNS macro $constname/) {
+    print "# pass: $@";
+  } else {
+    print "# fail: $@";
+    $fail = 1;
+  }
+
+}
+
+ok( $fail == 0 , 'Constants' );
+#########################
+
+# Insert your test code below, the Test::More module is use()ed here so read
+# its man page ( perldoc Test::More ) for help writing this test script.
+
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_datachain.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_datachain.t
@@ -0,0 +1,60 @@
+use Test::More tests => 10;
+use Test::Exception;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+# Note: This test makes queries on real internet dns data, and assumes
+# that the iis.se domain is signed.
+
+my $r = new DNS::LDNS::Resolver(filename => "/etc/resolv.conf");
+$r->set_dnssec(1);
+$r->set_random(0);
+
+my $p = $r->query(
+    new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'iis.se.'),
+    LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD);
+
+SKIP: {
+    skip "Resolver is not dnssec able. Skip this test.", 9 unless ($p->ad);
+
+    isa_ok($p, 'DNS::LDNS::Packet');
+
+    my $rrset = $p->rr_list_by_type(LDNS_RR_TYPE_SOA, LDNS_SECTION_ANSWER);
+
+    ok($rrset->rr_count > 0, 'Got an answer with some content');
+
+    my $chain = $r->build_data_chain(LDNS_RD, $rrset, $p, undef);
+
+    isa_ok($chain, 'DNS::LDNS::DNSSecDataChain');
+
+    isa_ok($chain->parent, 'DNS::LDNS::DNSSecDataChain');
+
+    dies_ok { 
+        my $new_rr = new DNS::LDNS::RR(str => 'test.test. 1234 IN A 10.0.0.1');
+        my $t = $chain->derive_trust_tree($new_rr); 
+    } 'Making a trust tree with foreign rr fails.';
+
+    my $rr = $chain->rrset->rr(0);
+
+    my $tree = $chain->derive_trust_tree($rr);
+
+    isa_ok($tree, 'DNS::LDNS::DNSSecTrustTree');
+
+    # Get root keys.
+    my $root_keys_pk = $r->query(
+        new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '.'),
+        LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
+    my $root_keys = $root_keys_pk->rr_list_by_type(
+        LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANSWER);
+
+    is($tree->contains_keys($root_keys), LDNS_STATUS_OK, 
+        'Root key found in trust chain');
+
+    ok($tree->depth > 1, 'The trust tree is more than one node.');
+
+    isa_ok($tree->parent(0), 'DNS::LDNS::DNSSecTrustTree');
+}
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_zone.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_zone.t
@@ -0,0 +1,35 @@
+use Test::More tests => 7;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+# Create a new dnssec zone
+my $z = new DNS::LDNS::DNSSecZone;
+isa_ok($z, 'DNS::LDNS::DNSSecZone', 'Create an empty zone');
+
+# Read a zone from file and create a dnssec zone from it
+my $z2 = new DNS::LDNS::Zone(
+    filename => "$Bin/testdata/myzone.org");
+
+$z->create_from_zone($z2);
+
+my $rrset = $z->find_rrset(
+    new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'ns1.myzone.org.'), 
+        LDNS_RR_TYPE_A);
+
+is($rrset->rrs->rr->type, LDNS_RR_TYPE_A, 'Found an A record');
+is($rrset->rrs->rr->dname, 'ns1.myzone.org.', 'Dname is ns1.myzone.org.');
+
+is($z->add_empty_nonterminals, LDNS_STATUS_OK, 'Add empty non-terminals');
+
+my $klist = new DNS::LDNS::KeyList;
+$klist->push(new DNS::LDNS::Key(filename => "$Bin/testdata/key.private"));
+$klist->key(0)->set_pubkey_owner(
+    new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org'));
+
+is($z->sign($klist, LDNS_SIGNATURE_REMOVE_ADD_NEW, 0), LDNS_STATUS_OK, 'Sign');
+is($z->sign_nsec3($klist, LDNS_SIGNATURE_REMOVE_ADD_NEW, 1, 0, 10, 'ABBA', 0),
+   LDNS_STATUS_OK, 'Sign nsec3');
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/key.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/key.t
@@ -0,0 +1,25 @@
+use Test::More tests => 8;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+my $key = new DNS::LDNS::Key(filename => "$Bin/testdata/key.private");
+ok($key, 'Created new key object from file');
+is($key->algorithm, 7, 'Algorithm is NSEC3RSASHA1');
+my $now = time;
+$key->set_inception($now);
+$key->set_expiration($now + 10000);
+is($key->inception, $now, 'Inception time');
+is($key->expiration, $now + 10000, 'Expiration time');
+like($key->to_rr->to_string, qr|3600\s+IN\s+DNSKEY\s+256\s+3\s+7\s+AwEAAfg/ghOkk|, 'Got rr representation of key');
+
+my $klist = new DNS::LDNS::KeyList;
+$klist->push($key);
+is($klist->count, 1, 'Keylist has one key');
+is($$key, ${$klist->key(0)}, 'Key in keylist is the one we pushed');
+# FIXME: pop is buggy in ldns 1.6.12, uncomment when this starts working
+# is($klist->pop(), $$key, 'Pop key from list');
+# is($klist->count, 0, 'No keys left in list');
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rdata.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rdata.t
@@ -0,0 +1,47 @@
+use Test::More tests => 18;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+# Integer data
+my $i = new DNS::LDNS::RData(LDNS_RDF_TYPE_INT32, '1237654');
+is($i->to_string, '1237654', 'Integer value rdata');
+
+my $ii = new DNS::LDNS::RData(LDNS_RDF_TYPE_INT32, '1237654X');
+is($ii, undef, '1237654X is invalid');
+
+# Period data
+my $p1 = new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '3h3m3s');
+is($p1->to_string, sprintf("%d", 3600*3 + 60*3 + 3), 'Normalizing period');
+
+my $pi = new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '3h3X3s');
+is($pi, undef, 'Invalid period value 3h3X3s');
+
+# DNames
+my $dn1 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'azone.org');
+my $dn2 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'other.org');
+my $dn3 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'sub.other.org');
+my $dn4 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'adder.org');
+
+$dn1->cat($dn2);
+is($dn1->to_string, 'azone.org.other.org.', 'Concatenating two domain names');
+my $chopped = $dn1->left_chop;
+is($chopped->to_string, 'org.other.org.', 'Chop off left domain name label');
+ok($dn3->is_subdomain($dn2), 'sub.other.org is subdomain of other.org');
+ok(!$dn2->is_subdomain($dn3), 'other.org is not subdomain of sub.other.org');
+is($dn3->label_count, 3, 'sub.other.org has 3 labels');
+is($dn3->label(1)->to_string, 'other.', 'label 1 of sub.other.org is other.');
+
+my $dni = new DNS::LDNS::RData(
+    LDNS_RDF_TYPE_DNAME, 'not..valid.org');
+is($dni, undef, 'Invalid dname not_valid.org');
+
+my $wc = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '*.other.org');
+ok($wc->is_wildcard, '*.other.org is a wildcard');
+ok(!$dn3->is_wildcard, 'sub.other.org is not a wildcard');
+ok($dn3->matches_wildcard($wc), 'sub.other.org matches *.other.org');
+ok(!$dn4->matches_wildcard($wc), 'adder.org does not match *.other.org');
+
+is($dn3->compare($dn4), 1, 'sub.other.org > adder.org');
+is($dn4->compare($dn3), -1, 'adder.org < sub.other.org');
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/resolver.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/resolver.t
@@ -0,0 +1,23 @@
+use Test::More tests => 3;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+my $r = new DNS::LDNS::Resolver(filename => "/etc/resolv.conf");
+
+$r->set_random(0);
+
+my $p = $r->query(
+   new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'org'),
+   LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD);
+
+isa_ok($p, 'DNS::LDNS::Packet', 'Make a simple query');
+
+my $r2 = new DNS::LDNS::Resolver(filename => "$Bin/testdata/resolv.conf");
+
+$r2->set_rtt(2, 3);
+my @rtt = $r2->rtt;
+is_deeply(\@rtt, [2, 3], "set_rtt and rtt");
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rr.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rr.t
@@ -0,0 +1,74 @@
+use Test::More tests => 19;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+my $rr1 = new DNS::LDNS::RR;
+isa_ok($rr1, 'DNS::LDNS::RR', 'Create empty rr');
+
+$rr1 = new DNS::LDNS::RR(
+    type => LDNS_RR_TYPE_SOA,
+    class => LDNS_RR_CLASS_CH,
+    ttl => 1234,
+    owner => 'myzone.org',
+    rdata => [
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'hostmaster.myzone.org'),
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'master.myzone.org'),
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_INT32, '2012113030'),
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '12345'),
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '1827'),
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '2345678'),
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '87654')
+    ],
+);
+
+isa_ok($rr1, 'DNS::LDNS::RR', 'Create SOA rr with rdata');
+
+like($rr1->to_string, qr/^myzone\.org\.\s+1234\s+CH\s+SOA\s+hostmaster\.myzone\.org\.\s+master\.myzone\.org\.\s+2012113030\s+12345\s+1827\s+2345678\s+87654$/,
+     'Format SOA rr as string');
+
+is($rr1->pop_rdata->to_string, '87654', 'pop rdata');
+$rr1->push_rdata(new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '55667'));
+is($rr1->rdata(6)->to_string, '55667', 'push_rdata and access rdata by index');
+
+my $rr2 = new DNS::LDNS::RR(str => 'myzone.org. 1234 IN SOA hostmaster.myzone.org. master.myzone.org. 2012 12345 1827 2345678 87654');
+isa_ok($rr2, 'DNS::LDNS::RR', 'Create SOA rr from string');
+like($rr2->to_string, qr/^myzone\.org\.\s+1234\s+IN\s+SOA\s+hostmaster\.myzone\.org\.\s+master\.myzone\.org\.\s+2012\s+12345\s+1827\s+2345678\s+87654$/,
+     'Format it back to string');
+
+ok($rr1->compare($rr2) > 0, 'Compare rr, greater than');
+ok($rr2->compare($rr1) < 0, 'Compare rr, less than');
+is($rr1->compare($rr1), 0, 'Compare rr, equal');
+
+my $rr3 = new DNS::LDNS::RR(str => 'ozone.org. 1234 IN SOA hostmaster.ozone.org. master.ozone.org. 2012 12345 1827 2345678 87654');
+
+ok($rr3->compare_dname($rr1) > 0, 'Compare dname, greater than');
+ok($rr1->compare_dname($rr3) < 0, 'Compare dname, less than');
+is($rr1->compare_dname($rr2), 0, 'Compare dname, equal');
+
+# Read records from a zonefile
+my $origin = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '.');
+my $prev = $origin->clone;
+my $ttl = 0;
+my $count = 0;
+open(ZONE, "$Bin/testdata/myzone.org");
+my $rr4 = new DNS::LDNS::RR(file => \*ZONE, default_ttl => \$ttl,
+    origin => \$origin, prev => \$prev);
+is($DNS::LDNS::last_status, LDNS_STATUS_SYNTAX_TTL, "Read ttl statement.");
+is($ttl, 4500, "TTL is 4500");
+
+$rr4 = new DNS::LDNS::RR(file => \*ZONE, default_ttl => \$ttl,
+    origin => \$origin, prev => \$prev);
+is($DNS::LDNS::last_status, LDNS_STATUS_SYNTAX_ORIGIN, "Read origin statement.");
+is($origin->to_string, "myzone.org.", "Origin is myzone.org.");
+
+while (!eof(\*ZONE)) {
+    $rr4 = new DNS::LDNS::RR(file => \*ZONE, default_ttl => \$ttl,
+        origin => \$origin, prev => \$prev);
+    last unless ($rr4);
+    $count++;
+}
+is($count, 6);
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rrlist.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rrlist.t
@@ -0,0 +1,84 @@
+use Test::More tests => 24;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+# Create list
+my $list = new DNS::LDNS::RRList;
+isa_ok($list, 'DNS::LDNS::RRList', 'Create an empty rr list');
+
+# Push/pop/count rr
+$list->push(new DNS::LDNS::RR(str => 'ns.myzone.org 3600 IN AAAA ::1'));
+is($list->rr_count, 1, 'Added one rr');
+like($list->rr(0)->to_string, qr/^ns\.myzone\.org\.\s+3600\s+IN\s+AAAA\s+::1$/, 'Added rr is at position 0');
+$list->push(new DNS::LDNS::RR(str => 'ns.myzone.org 7200 IN A 192.168.100.2'));
+is($list->rr_count, 2, 'Added another rr');
+like($list->rr(1)->to_string, qr/^ns\.myzone\.org\.\s+7200\s+IN\s+A\s+192\.168\.100\.2$/, 'Last added rr is at position 1');
+like($list->pop->to_string, qr/^ns\.myzone\.org\.\s+7200\s+IN\s+A\s+192\.168\.100\.2$/, 'pop the last element');
+is($list->rr_count, 1, '1 element left in the list');
+
+# Push/pop list
+my $l2 = new DNS::LDNS::RRList;
+$l2->push(new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.0'));
+$l2->push(new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.1'));
+$list->push_list($l2);
+is($list->rr_count, 3, 'Pushed two elements. List count is now 3.');
+$list->push_list($l2);
+$list->push_list($l2);
+my $l3 = $list->pop_list(1);
+is($list->rr_count, 6, 'Pushed 4 elements, popped 1, count is now 6');
+is($l3->rr_count, 1, 'Popped list contains 1 elements');
+$l3 = $list->pop_list(3);
+is($list->rr_count, 3, 'Popped 3 elements, count is now 3');
+is($l3->rr_count, 3, 'Popped list contains 3 elements');
+
+# RRSets
+ok($l2->is_rrset, 'List is rrset');
+ok(!$list->is_rrset, 'List is no longer an rrset');
+my $rrset = $list->pop_rrset;
+ok($rrset->is_rrset, 'Popped list is rrset');
+is($rrset->rr_count, 2, 'Popped rrset has two elements.');
+
+# Compare, contains, subtype
+my $rr = new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.0');
+ok($rrset->contains_rr($rr), 'RRSet contains rr '.$rr->to_string);
+is($list->compare($l2), -1, '$list < $l2');
+is($l2->compare($list), 1, '$l2 > $list');
+
+$list->push(new DNS::LDNS::RR(str => 'ns3.myzone.org 3600 IN A 192.168.100.0'),
+	    new DNS::LDNS::RR(str => 'ns3.myzone.org 3600 IN A 192.168.100.1'),
+	    new DNS::LDNS::RR(str => 'ns4.myzone.org 3600 IN A 192.168.100.1'));
+my $subtype = $list->subtype_by_rdata(
+    new DNS::LDNS::RData(LDNS_RDF_TYPE_A, '192.168.100.1'), 0);
+is($subtype->to_string, "ns3.myzone.org.\t3600\tIN\tA\t192.168.100.1\nns4.myzone.org.\t3600\tIN\tA\t192.168.100.1\n", 'Filter rrs by rdata');
+
+# DNSSec signature verification
+my $keylist = new DNS::LDNS::RRList;
+$keylist->push(
+    new DNS::LDNS::RR(str => 'trondheim.no.           3600    IN      DNSKEY  256 3 8 AwEAAZIDdRI8I+F/J6OT8xX7CbGQYRr8rWH9dvloUlRJXcEVE2pRAez6 pJC5Odg+i2WvDUeE4tUO1gwwjU83TIinZxxsDnqr7FzvqpHeJbVd2N3d S4zaJcbjSnwMqdebmTEXSrflp8DeIAH0GQGNQjhOPubbb/nADYP2RS1i CoOADa8P'),
+    new DNS::LDNS::RR(str => 'trondheim.no.           3600    IN      DNSKEY  257 3 8 AwEAAax9EgKyRsMpU2B0E2dZ+nkWnmZHjlBO3uXBI+2x33dG8bk+XSqr kyWTelhhsqLqIxsaYSwYgzLtn+/qzlFjKwcaU95p+Tp95MOVXYqUtRyC VyLGkzA7ZDbx7TFCi3PyLDM/Arx+DvOx6nNvA/erqIU5gYEo9Nm1KXEy rhfSn3xc96p1AOhmTuSo6EfYlPY4gxHDgJdHFv7Fi9zV6VFmJ29h0rsG 5g3pV1lvCcGcxfRLJ1u7JRw2BWMo9lgHzGuypEVV7iLnvbfDlXhF+jAS owR2JxlESC3dOgNiNWvc4pbyVXBXpP6h/5JpcxkzF7BNJMZiLN14qvam G1+LuZM8qfc=')
+);
+
+my $soalist = new DNS::LDNS::RRList;
+$soalist->push(
+    new DNS::LDNS::RR(str => 'trondheim.no.           3600    IN      SOA     charm.norid.no. hostmaster.norid.no. 2013021137 14400 1800 2419200 3600')
+);
+
+my $siglist = new DNS::LDNS::RRList;
+$siglist->push(
+    new DNS::LDNS::RR(str => 'trondheim.no.           3600    IN      RRSIG   SOA 8 2 3600 20130227105101 20130213090318 36381 trondheim.no. NbeN8E4pvQSDk3Dn0i8B4e2A3KAY8JrX+zcJazPTgHbT6wjzCncn3ANn 6rs+HdcCLtptyX1QbzlZD/lOY8kjJw5TEUoFX2Q/2sBYdt1aT6qgt/+H o71iUz3bk1V73zjSG/OpqG0oXmjCWSBZgzK6UI+zGlgG0Kvrc7H1pw5S ZBA=')
+);
+
+my ($status, $goodkeys) = $soalist->verify_notime($siglist, $keylist);
+is ($status, LDNS_STATUS_OK, 'Verification returned status ok.');
+is ($goodkeys->rr_count, 1, 'One key matched the signature.');
+
+my $klist = new DNS::LDNS::KeyList;
+$klist->push(new DNS::LDNS::Key(filename => "$Bin/testdata/key.private"));
+$klist->key(0)->set_pubkey_owner(
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org'));
+my $sigs = $l2->sign_public($klist);
+is($sigs->rr_count, 1, 'Sign public, got 1 rrsig');
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/key.private
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/key.private
@@ -0,0 +1,13 @@
+Private-key-format: v1.2
+Algorithm: 7 (NSEC3RSASHA1)
+Modulus: +D+CE6ST+vFtbnXLdNESSprWSpbpRqEyri20vOx/JIViYdflGQyT0SDWSAE0JqtRlq73qSTDNuR3KWG/57oQQQ5P/wdQaF4TXA/nGjQJPEnhwKVUPVl5WRvqJLpW3C5xSSkhUkwjCp8y6z4NkbX0x7kum9ZTyTai6hkAhjyXu56yXAHX80DWadGK7RmX4JNlJalp2O33hJmakw8BVpgM9yaN4TixVsmZyHLi4hLjMAsjkEEJnfV8WoMEyyjs4kdKDHQAIa854loRcOluT1FiBKgecVAjDu/mkxnqYedN68Yx/wi7D+eClGf/gZjsmuoKKxCxnvDkRCKxrdMJtrsduw==
+PublicExponent: AQAB
+PrivateExponent: A8m0SmhweZvFd7IEcLvf85N5QZob5SAAjffUki1poz0Fy0hoDoHKn55IpsCd8xkaHZp93O7aq7PAvbjoHLkSFmwJfHK4H1+QHA+CDzxMB8d40l+zcVw0Jc/vOrA9Mw7iW6NtBrxyrG7RcBV6T4bfPUzuESKsFJ3oznmjMGksR4iUrnYAoUgi1pCQlxhSkPM74YhNWbUxYr4gRlL2xGGcJ2qMM8KG06or/Ok+d4bxnxiDBo41THik8ptfu/DL3HrJLOJ1CrvZGy9Q3uFiCvfD9Sk+eOZz1XPkJrUDKGYGoUvZc8enStXSM+TKd3EQy5owjJt+j2h0JdYJM8pxF2EWwQ==
+Prime1: /5r4e+6kJS/+UJ0DMenJGm0vxfgFHvk5yLfz+1sKd6C9qQJN5da1m6kWuPdtBG7XGhZb8cJPOfK//g9hVS9GYEDyYmhYZsPTL+1vkiecDpeEQkrf4RCtU7NXLNT/AVNe01iEnIGuKbva6z19P1hjNO23d7LXHil1oULM1W8O1Z8=
+Prime2: +KGhJOe+dB5Ud9cFlspMIIpZKHvoDc8VUb2avnhicDX5YC8dVS3nBoyc1cBNgxi4nSvBSl8/fwNT1cHJsPj7Xp2FOAsIBITRnmQt2P5JDpTEuMkEjMT8h/gJ8WnJ0+/VQhLG6rfsSAXdXvVhP4VYttPdiQ0fAe8b5v2MH1VzamU=
+Exponent1: UWCEVeifR9ukywOCHeUBirFScWPKNZdBR18RhWfxyC5b07ARHuihvyIxQsg7ZBrpzrtpoGmtkZRwfbFl2poHfOOQh7YS1vzngq3ERLLpo1en2vc9mckWdbx2N6bEXSau3Pikl7NNwKm3RAe6lW1NgG9iZvCAPnESqzm6PwVxop8=
+Exponent2: FMsnt/dttTZoKBGilQbcMQiBBmK+eJEuHkT2MSHOUcYh0gp+sIYDQUf3QeUwVlt17ScgpkCrBctYcpMfdB6On04bOyGpDP+yrEWClBhIMeD9RtsA92juGc0Dv93yFDiFpF3/pte0+h0Lc4qgFHjpf3jemTywsC+4LKxd0K0L1wU=
+Coefficient: klnXksRr0Z8HPLASytPt4EeBK3Md7MM+Ihm6DIM5PA/KO9k0s8231hspcxBDj37HYwJ7eD77svUJFzdUOqIT8gChc6uq9VI9NFggs8rn4EndoEe+zU477NpL4U09LMfbAN+NATkhDWabVIQBeGqpIAR0fxFIqGhDtkiLyNqhq3c=
+Created: 20120614100023
+Publish: 20120614100023
+Activate: 20120614100023
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/myzone.org
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/myzone.org
@@ -0,0 +1,17 @@
+$TTL 4500
+$ORIGIN myzone.org.
+
+myzone.org. 1000 IN SOA (
+	    ldns.myzone.org. 
+	    ns.ldns.myzone.org. 
+	    2012113030 		   
+	    12345 
+	    1827 
+	    2345678 
+	    87654 )
+
+ns.ldns     A 192.168.100.2
+ns2 5600 IN AAAA 2001:dead:dead::2
+ns2 6600 IN A 192.168.100.7
+ns1 3600 IN A 192.168.100.2
+ns1 4600 IN AAAA 2001:dead:dead::1
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/resolv.conf
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/resolv.conf
@@ -0,0 +1,3 @@
+nameserver 127.0.0.1
+nameserver 192.168.100.1
+search foo.bar.org
--- a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/zone.t
+++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/zone.t
@@ -0,0 +1,75 @@
+use Test::More tests => 16;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+# Create a new zone
+my $z = new DNS::LDNS::Zone;
+isa_ok($z, 'DNS::LDNS::Zone', 'Create an empty zone');
+
+# Fill inn a soa and some rrs
+$z->set_soa(new DNS::LDNS::RR(str => join(' ', qw/myzone.org 1000 IN SOA 
+    hostmaster.myzone.org. master.myzone.org. 2012113030 12345 1827 2345678 
+    87654/)));
+
+is($z->soa->dname, 'myzone.org.', 'Found soa record');
+
+my $rrs = new DNS::LDNS::RRList;
+$rrs->push(new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.2'),
+	   new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.9'),
+	   new DNS::LDNS::RR(str => 'ns3.myzone.org 3600 IN A 192.168.100.2'),
+	   new DNS::LDNS::RR(str => 'ns1.myzone.org 3600 IN A 192.168.100.7'));
+
+$z->set_rrs($rrs);
+is($z->rrs->rr(0)->to_string, "ns2.myzone.org.\t3600\tIN\tA\t192.168.100.2\n",
+    'Check first rr');
+is($z->rrs->rr(3)->to_string, "ns1.myzone.org.\t3600\tIN\tA\t192.168.100.7\n",
+    'Check last rr');
+
+$z->sort;
+is($z->rrs->rr(0)->to_string, "ns1.myzone.org.\t3600\tIN\tA\t192.168.100.7\n",
+    'Check first rr after sorting');
+is($z->rrs->rr(3)->to_string, "ns3.myzone.org.\t3600\tIN\tA\t192.168.100.2\n",
+    'Check last rr after sorting');
+
+# Read a zone from file
+my $z2 = new DNS::LDNS::Zone(
+    filename => "$Bin/testdata/myzone.org", ttl => 100);
+
+$z2->canonicalize;
+
+like($z2->to_string, qr/\nns.ldns.myzone.org.\s+/, 'Canonicalize');
+
+like($z2->to_string, qr/^myzone.org.\s+1000\s+IN\s+SOA\s+ldns.myzone.org.\s+ns.ldns.myzone.org.\s+2012113030\s+12345\s+1827\s+2345678\s+87654\s+/, 'Found soa rec');
+
+like($z2->to_string, qr/ns.ldns.myzone.org.\s+4500\s+IN\s+A\s+192.168.100.2/, 'Found ns rec');
+
+like($z2->to_string, qr/ns2.myzone.org.\s+5600\s+IN\s+AAAA\s+2001:dead:dead::2/, 'Found yet another ns rec');
+
+is($z2->rrs->rr_count, 5, 'Zone has 5 rrs');
+
+my $klist = new DNS::LDNS::KeyList;
+$klist->push(new DNS::LDNS::Key(filename => "$Bin/testdata/key.private"));
+$klist->key(0)->set_pubkey_owner(
+	new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org'));
+
+my $z3 = $z2->sign($klist);
+
+my $sigc = grep { $z3->rrs->rr($_)->type == LDNS_RR_TYPE_RRSIG }
+   (0 .. $z3->rrs->rr_count - 1);
+is($sigc, 10, 'Signed zone has 10 signatures');
+my $nsecc = grep { $z3->rrs->rr($_)->type == LDNS_RR_TYPE_NSEC }
+   (0 .. $z3->rrs->rr_count - 1);
+is($nsecc, 4, 'Signed zone has 3 nsec recs');
+
+my $z4 = $z2->sign_nsec3($klist, 1, 0, 2, 'ABC');
+
+my $sigc3 = grep { $z4->rrs->rr($_)->type == LDNS_RR_TYPE_RRSIG }
+   (0 .. $z4->rrs->rr_count - 1);
+is($sigc3, 12, 'NSEC3-signed zone has 12 signatures');
+my $nsecc3 = grep { $z4->rrs->rr($_)->type == LDNS_RR_TYPE_NSEC3 }
+   (0 .. $z4->rrs->rr_count - 1);
+is($nsecc3, 5, 'NSEC3-signed zone has 5 nsec recs');