diff --git a/CHANGES b/CHANGES index 4441960393..defd7b957f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5877. [func] Introduce the concept of broken catalog zones described + in the DNS catalog zones draft version 5 document. + [GL #3224] + 5876. [func] Add DNS Extended Errors when stale answers are returned from cache. [GL #2267] diff --git a/bin/named/server.c b/bin/named/server.c index 2cb60e46c0..db8f1d29fb 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4132,6 +4132,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, rpz_configured = true; } + obj = NULL; + if (view->rdclass != dns_rdataclass_in && need_hints && + named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS) + { + cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING, + "'catalog-zones' option is only supported " + "for views with class IN"); + } + obj = NULL; if (view->rdclass == dns_rdataclass_in && need_hints && named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS) diff --git a/bin/tests/system/catz/clean.sh b/bin/tests/system/catz/clean.sh index 783ed4e763..fc4765c8b1 100644 --- a/bin/tests/system/catz/clean.sh +++ b/bin/tests/system/catz/clean.sh @@ -12,6 +12,7 @@ rm -f dig.out.* rm -f ns*/*.jnl rm -f ns*/*.nzf +rm -f ns*/*.mkeys rm -f ns*/named.lock rm -f ns*/named.memstats rm -f ns*/named.conf @@ -19,6 +20,7 @@ rm -f ns*/named.run rm -f ns*/named.run.prev rm -f ns1/*dom*example.db rm -f ns2/__catz__*db +rm -f ns2/catalog-bad*.db rm -f ns2/named.conf.tmp rm -f ns3/dom2.example.db ns3/dom13.example.db ns3/dom14.example.db ns3/dom17.example.db ns3/dom18.example.db rm -f nsupdate.out.* diff --git a/bin/tests/system/catz/ns1/catalog-bad1.example.db b/bin/tests/system/catz/ns1/catalog-bad1.example.db new file mode 100644 index 0000000000..b8402de301 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad1.example.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. diff --git a/bin/tests/system/catz/ns1/catalog-bad2.example.db b/bin/tests/system/catz/ns1/catalog-bad2.example.db new file mode 100644 index 0000000000..06b9121f13 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad2.example.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN TXT "99" diff --git a/bin/tests/system/catz/ns1/catalog-bad3.example.db b/bin/tests/system/catz/ns1/catalog-bad3.example.db new file mode 100644 index 0000000000..0116697de3 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad3.example.db @@ -0,0 +1,15 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN TXT "1" +version IN TXT "2" diff --git a/bin/tests/system/catz/ns1/catalog-bad4.example.db b/bin/tests/system/catz/ns1/catalog-bad4.example.db new file mode 100644 index 0000000000..d04bab321c --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad4.example.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN A 10.53.0.1 diff --git a/bin/tests/system/catz/ns1/catalog-bad5.example.db b/bin/tests/system/catz/ns1/catalog-bad5.example.db new file mode 100644 index 0000000000..b014d0a2d2 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad5.example.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 CH NS invalid. +version CH TXT "2" diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in index 5a46d3984f..142128131c 100644 --- a/bin/tests/system/catz/ns1/named.conf.in +++ b/bin/tests/system/catz/ns1/named.conf.in @@ -32,34 +32,93 @@ options { allow-transfer { any; }; }; -zone "catalog1.example" { - type primary; - file "catalog1.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; +view "default" { + + zone "catalog1.example" { + type primary; + file "catalog1.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + /* catalog2 is provided by the ns3 primary */ + + zone "catalog3.example" { + type primary; + file "catalog3.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + zone "catalog4.example" { + type primary; + file "catalog4.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + /* catalog5 is missing on purpose */ + + # No "version" property + zone "catalog-bad1.example" { + type primary; + file "catalog-bad1.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + # Unsupported "version" property + zone "catalog-bad2.example" { + type primary; + file "catalog-bad2.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + # Two RRs in TXT RRset for the "version" property + zone "catalog-bad3.example" { + type primary; + file "catalog-bad3.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + # Type A "version" property + zone "catalog-bad4.example" { + type primary; + file "catalog-bad4.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; }; -zone "catalog3.example" { - type primary; - file "catalog3.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; -}; +view "ch" ch { -zone "catalog4.example" { - type primary; - file "catalog4.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; -}; + # Non-IN class catalog zone + zone "catalog-bad5.example" ch { + type primary; + file "catalog-bad5.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; -/* catalog5 is missing on purpose */ +}; key tsig_key. { secret "LSAnCU+Z"; diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in index ed7f87943b..c52205aab3 100644 --- a/bin/tests/system/catz/ns2/named1.conf.in +++ b/bin/tests/system/catz/ns2/named1.conf.in @@ -28,6 +28,16 @@ options { notify no; recursion no; serial-query-rate 100; +}; + +/* + * The comment lines starting with "#Tn" markers below are designed to be + * uncommented by "tests.sh" when running the tests to perform some of required + * tests which need ns2 reconfgiuration. + */ + +view "default" { + catalog-zones { zone "catalog1.example" default-masters { 10.53.0.1; } @@ -43,44 +53,102 @@ options { #T1 default-masters { 10.53.0.1; }; #T2 zone "catalog5.example" #T2 default-primaries { 10.53.0.1; }; + zone "catalog-bad1.example" + default-masters { 10.53.0.1; } + in-memory yes; + zone "catalog-bad2.example" + default-masters { 10.53.0.1; } + in-memory yes; + zone "catalog-bad3.example" + default-masters { 10.53.0.1; } + in-memory yes; + zone "catalog-bad4.example" + default-masters { 10.53.0.1; } + in-memory yes; }; + + # A faulty dlz configuration to check if named and catz survive a certain class + # of failed configuration attempts (see GL#3060). + # We use "dlz" because the dlz processing code is located in an ideal place in + # the view configuration function for the test to cover the view reverting code. +#T3 dlz "bad-dlz" { +#T3 database "dlopen bad-dlz.so example.org"; +#T3 }; + + zone "dom-existing.example" { + type primary; + file "dom-existing.example.db"; + }; + + zone "catalog1.example" { + type secondary; + file "catalog1.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog2.example" { + type secondary; + file "catalog2.example.db"; + primaries { 10.53.0.3; }; + }; + + zone "catalog3.example" { + type secondary; + file "catalog3.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog4.example" { + type secondary; + file "catalog4.example.db"; + primaries { 10.53.0.1; }; + }; + + # No "version" property + zone "catalog-bad1.example" { + type secondary; + file "catalog-bad1.example.db"; + primaries { 10.53.0.1; }; + }; + + # Unsupported "version" property + zone "catalog-bad2.example" { + type secondary; + file "catalog-bad2.example.db"; + primaries { 10.53.0.1; }; + }; + + # Two RRs in TXT RRset for the "version" property + zone "catalog-bad3.example" { + type secondary; + file "catalog-bad3.example.db"; + primaries { 10.53.0.1; }; + }; + + # Type A "version" property + zone "catalog-bad4.example" { + type secondary; + file "catalog-bad4.example.db"; + primaries { 10.53.0.1; }; + }; + }; -# A faulty dlz configuration to check if named and catz survive a certain class -# of failed configuration attempts (see GL#3060). -# We use "dlz" because the dlz processing code is located in an ideal place in -# the view configuration function for the test to cover the view reverting code. -#T3dlz "bad-dlz" { -#T3 database "dlopen bad-dlz.so example.org"; -#T3}; +view "ch" ch { -zone "dom-existing.example" { - type primary; - file "dom-existing.example.db"; -}; + catalog-zones { + zone "catalog-bad5.example" + default-masters { 10.53.0.1; } + in-memory yes; + }; -zone "catalog1.example" { - type secondary; - file "catalog1.example.db"; - primaries { 10.53.0.1; }; -}; + # Non-IN class catalog zone + zone "catalog-bad5.example" ch { + type secondary; + file "catalog-bad5.example.db"; + primaries { 10.53.0.1; }; + }; -zone "catalog2.example" { - type secondary; - file "catalog2.example.db"; - primaries { 10.53.0.3; }; -}; - -zone "catalog3.example" { - type secondary; - file "catalog3.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog4.example" { - type secondary; - file "catalog4.example.db"; - primaries { 10.53.0.1; }; }; key tsig_key. { diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in index 12884c6797..89c15c71af 100644 --- a/bin/tests/system/catz/ns2/named2.conf.in +++ b/bin/tests/system/catz/ns2/named2.conf.in @@ -28,37 +28,84 @@ options { notify no; recursion no; serial-query-rate 100; - # removed catalog-zone option, otherwise this is +}; + +view "default" { + + # Removed catalog-zone option, otherwise this is # identical to named1.conf.in + + zone "dom-existing.example" { + type primary; + file "dom-existing.example.db"; + }; + + zone "catalog1.example" { + type secondary; + file "catalog1.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog2.example" { + type secondary; + file "catalog2.example.db"; + primaries { 10.53.0.3; }; + }; + + zone "catalog3.example" { + type secondary; + file "catalog3.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog4.example" { + type secondary; + file "catalog4.example.db"; + primaries { 10.53.0.1; }; + }; + + # No "version" property + zone "catalog-bad1.example" { + type secondary; + file "catalog-bad1.example.db"; + primaries { 10.53.0.1; }; + }; + + # Unsupported "version" property + zone "catalog-bad2.example" { + type secondary; + file "catalog-bad2.example.db"; + primaries { 10.53.0.1; }; + }; + + # Two RRs in TXT RRset for the "version" property + zone "catalog-bad3.example" { + type secondary; + file "catalog-bad3.example.db"; + primaries { 10.53.0.1; }; + }; + + # Type A "version" property + zone "catalog-bad4.example" { + type secondary; + file "catalog-bad4.example.db"; + primaries { 10.53.0.1; }; + }; + }; -zone "dom-existing.example" { - type primary; - file "dom-existing.example.db"; -}; +view "ch" ch { -zone "catalog1.example" { - type secondary; - file "catalog1.example.db"; - primaries { 10.53.0.1; }; -}; + # Removed catalog-zone option, otherwise this is + # identical to named1.conf.in -zone "catalog2.example" { - type secondary; - file "catalog2.example.db"; - primaries { 10.53.0.3; }; -}; + # Non-IN class catalog zone + zone "catalog-bad5.example" ch { + type secondary; + file "catalog-bad5.example.db"; + primaries { 10.53.0.1; }; + }; -zone "catalog3.example" { - type secondary; - file "catalog3.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog4.example" { - type secondary; - file "catalog4.example.db"; - primaries { 10.53.0.1; }; }; key tsig_key. { diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 6785dd84e9..c973dc020c 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -80,6 +80,54 @@ wait_for_no_zonefile() ( status=0 n=0 + +########################################################################## +n=$((n+1)) +echo_i "checking that catalog-bad1.example (with no version) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: zone 'catalog-bad1.example' has no 'version' record" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad1.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that catalog-bad2.example (with unsupported version) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: zone 'catalog-bad2.example' unsupported version '99'" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad2.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that catalog-bad3.example (with two supported version records) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: 'version' property TXT RRset contains more than one record, which is invalid" && +wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.catalog-bad3.example IN TXT (failure) - ignoring" && +wait_for_message ns2/named.run "catz: zone 'catalog-bad3.example' version is not set" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad3.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that catalog-bad4.example (with only spurious type A version record) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.catalog-bad4.example IN A (failure) - ignoring" && +wait_for_message ns2/named.run "catz: zone 'catalog-bad4.example' version is not set" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad4.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that catalog-bad5.example (non-IN class) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "'catalog-zones' option is only supported for views with class IN" && +wait_for_message ns2/named.run "all zones loaded" || ret=1 +grep -F "catz: dns_catz_add_zone catalog-bad5.example" ns2/named.run && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns2/named.run >/dev/null + ########################################################################## echo_i "Testing adding/removing of domain in catalog zone" n=$((n+1)) @@ -99,7 +147,7 @@ echo "foo 3600 IN TXT some content here" >> ns1/dom1.example.db echo "bar 3600 IN TXT some content here" >> ns1/dom1.example.db echo "xxx 3600 IN TXT some content here" >> ns1/dom1.example.db echo "yyy 3600 IN TXT some content here" >> ns1/dom1.example.db -rndccmd 10.53.0.1 addzone dom1.example. '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1 +rndccmd 10.53.0.1 addzone dom1.example. in default '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -127,7 +175,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom1.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom1.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom1.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -141,10 +189,12 @@ status=$((status+ret)) n=$((n+1)) echo_i "checking that zone-directory is populated ($n)" ret=0 -wait_for_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1 +wait_for_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "update dom1.example. ($n)" ret=0 @@ -172,10 +222,12 @@ status=$((status+ret)) n=$((n+1)) echo_i "check that journal was created for cleanup test ($n)" ret=0 -test -f ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl || ret=1 +test -f ns2/zonedir/__catz__default_catalog1.example_dom1.example.db.jnl || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "update catalog zone serial ($n)" ret=0 @@ -202,6 +254,8 @@ retry_quiet 10 wait_for_soa_equal_20 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "update dom1.example. again ($n)" ret=0 @@ -240,7 +294,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -254,11 +308,13 @@ status=$((status+ret)) n=$((n+1)) echo_i "checking that zone-directory is emptied ($n)" ret=0 -wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1 -wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl" || ret=1 +wait_for_no_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db" || ret=1 +wait_for_no_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db.jnl" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + ########################################################################## echo_i "Testing various simple operations on domains, including using multiple catalog zones and garbage in zone" n=$((n+1)) @@ -267,7 +323,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom2.example.db echo "@ IN NS invalid." >> ns1/dom2.example.db echo "@ IN A 192.0.2.1" >> ns1/dom2.example.db -rndccmd 10.53.0.1 addzone dom2.example. '{type primary; file "dom2.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom2.example. in default '{type primary; file "dom2.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -286,7 +342,7 @@ echo_i "adding domain dom4.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom4.example.db echo "@ IN NS invalid." >> ns1/dom4.example.db -rndccmd 10.53.0.1 addzone dom4.example. '{type primary; file "dom4.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom4.example. in default '{type primary; file "dom4.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -296,6 +352,7 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update add 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. + update add coo.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "catalog2.example." update add b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. update add e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar. update add trash.catalog1.example. 3600 IN A 1.2.3.4 @@ -322,12 +379,13 @@ END if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) - n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 +wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" && +wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" && -wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom4.example/IN/default' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -338,7 +396,6 @@ wait_for_soa @10.53.0.2 dom4.example. dig.out.test$n || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) - n=$((n+1)) echo_i "checking that dom3.example. is not served by primary ($n)" ret=0 @@ -351,7 +408,7 @@ echo_i "adding a domain dom3.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom3.example.db echo "@ IN NS invalid." >> ns1/dom3.example.db -rndccmd 10.53.0.1 addzone dom3.example. '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 +rndccmd 10.53.0.1 addzone dom3.example. in default '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -365,10 +422,8 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && -wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom2.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" && +wait_for_message ns2/named.run "transfer of 'dom3.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -381,6 +436,43 @@ status=$((status+ret)) nextpart ns2/named.run >/dev/null +# The member zone's PTR RRset must have only one record in it. +# Check that adding a second record to the RRset is caught and such a +# catalog zone is not processed. +n=$((n+1)) +echo_i "adding domain dom4-reused-label.example. to catalog2 zone, reusing a label ($n)" +ret=0 +$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 + server 10.53.0.3 ${PORT} + update add de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4-reused-label.example. + send +END +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "waiting for secondary to sync up, and checking that the reused label has been caught ($n)" +ret=0 +wait_for_message ns2/named.run "de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example IN PTR (failure)" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog2.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns2/named.run >/dev/null + +n=$((n+1)) +echo_i "deleting domain dom4-reused-label.example. from catalog2 zone ($n)" +ret=0 +$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 + server 10.53.0.3 ${PORT} + update delete de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4-reused-label.example. + send +END +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "adding domain dom2.example. to catalog2 zone to test change of ownership ($n)" ret=0 @@ -456,7 +548,7 @@ ret=0 wait_for_message ns2/named.run "catz: zone 'dom2.example' change of ownership from 'catalog1.example' to 'catalog2.example'" && wait_for_message ns2/named.run "catz: deleting zone 'dom2.example' from catalog 'catalog1.example' - success" && wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog2.example'" && -wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom2.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -571,7 +663,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom-existing.example.db echo "@ IN NS invalid." >> ns1/dom-existing.example.db echo "@ IN A 192.0.2.1" >> ns1/dom-existing.example.db -rndccmd 10.53.0.1 addzone dom-existing.example. '{type primary; file "dom-existing.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 +rndccmd 10.53.0.1 addzone dom-existing.example. in default '{type primary; file "dom-existing.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -615,6 +707,7 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update delete 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. + update delete coo.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "catalog2.example." update delete b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. update delete e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar. update delete trash.catalog1.example. 3600 IN A 1.2.3.4 @@ -663,7 +756,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom5.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom5.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom5.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -689,7 +782,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -720,7 +813,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom6.example/IN' from " > /dev/null || ret=1 +wait_for_message ns2/named.run "transfer of 'dom6.example/IN/default' from " > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -747,7 +840,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -814,12 +907,12 @@ echo_i "adding domains dom7.example. and dom8.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom7.example.db echo "@ IN NS invalid." >> ns1/dom7.example.db -rndccmd 10.53.0.1 addzone dom7.example. '{type primary; file "dom7.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom7.example. in default '{type primary; file "dom7.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom8.example.db echo "@ IN NS invalid." >> ns1/dom8.example.db -rndccmd 10.53.0.1 addzone dom8.example. '{type primary; file "dom8.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom8.example. in default '{type primary; file "dom8.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -848,7 +941,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom7.example' from catalog 'catalog1.example'" > /dev/null && -wait_for_message ns2/named.run "transfer of 'dom7.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom7.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -891,7 +984,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: update_from_db: new zone merged" && -wait_for_message ns2/named.run "transfer of 'dom8.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom8.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -980,7 +1073,7 @@ echo_i "adding a domain dom9.example. to primary via RNDC, with transfers allowe ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom9.example.db echo "@ IN NS invalid." >> ns1/dom9.example.db -rndccmd 10.53.0.1 addzone dom9.example. '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1 +rndccmd 10.53.0.1 addzone dom9.example. in default '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1010,7 +1103,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom9.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom9.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1105,19 +1198,19 @@ do case "$special" in this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example) hash=825f48b1ce1b4cf5a041d20255a0c8e98d114858 - db=__catz__4d70696f2335687069467f11f5d5378c480383f97782e553fb2d04a7bb2a23ed.db + db=__catz__a35e0a044ff9f37436068e1e83e9b99fb9da51b0fe7b699bdb404f7755d68276.db ;; this.zone/domain.has.a.slash.dom10.example) hash=e64cc64c99bf52d0a77fb16dd7ed57cf925a36aa - db=__catz__46ba3e1b28d5955e5313d5fee61bedc78c71d08035aa7ea2f7bf0b8228ab3acc.db + db=__catz__765197c8050c794f4ec5bbf5dbdf64d0551459c08a91a4217768fcd16cd3b7ce.db ;; this.zone\\\\domain.has.backslash.dom10.example) hash=91e27e02153d38cf656a9b376d7747fbcd19f985 - db=__catz__b667f7ff802c0895e0506699951cff9a1cab68c5ef8546aa0d07425f244ed870.db + db=__catz__0f2f3beaf2ef70e0086063ae28a69444cdf3847cb85e668bfe52c89f7f756b29.db ;; this.zone:domain.has.a.colon.dom.10.example) hash=8b7238bf4c34045834c573ba4116557ebb24d33c - db=__catz__5c721f7872913a4e7fa8ad42589cce5dd6e551a4c9e6ab3f86e77c0bbc7c2ca6.db + db=__catz__ba75ab860533508a62b0937c5c6b8537e4186e4d5e7685161287260d07418251.db ;; esac @@ -1133,7 +1226,7 @@ do ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom10.example.db echo "@ IN NS invalid." >> ns1/dom10.example.db - rndccmd 10.53.0.1 addzone '"'"${special}"'"' '{type primary; file "dom10.example.db";};' || ret=1 + rndccmd 10.53.0.1 addzone '"'"${special}"'"' in default '{type primary; file "dom10.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1161,7 +1254,7 @@ END echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone '$special' from catalog 'catalog1.example'" && - wait_for_message ns2/named.run "transfer of '$special/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 + wait_for_message ns2/named.run "transfer of '$special/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1193,7 +1286,7 @@ END n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 - wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN: shutting down" || ret=1 + wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1227,7 +1320,7 @@ echo_i "Adding a domain dom11.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom11.example.db echo "@ IN NS invalid." >> ns1/dom11.example.db -rndccmd 10.53.0.1 addzone dom11.example. '{type primary; file "dom11.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom11.example. in default '{type primary; file "dom11.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1255,7 +1348,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom11.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom11.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1278,7 +1371,7 @@ echo_i "Adding a domain subdomain.of.dom11.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/subdomain.of.dom11.example.db echo "@ IN NS invalid." >> ns1/subdomain.of.dom11.example.db -rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. in default '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1306,7 +1399,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'subdomain.of.dom11.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1331,7 +1424,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1363,7 +1456,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1388,7 +1481,7 @@ echo_i "Adding a domain dom12.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom12.example.db echo "@ IN NS invalid." >> ns1/dom12.example.db -rndccmd 10.53.0.1 addzone dom12.example. '{type primary; file "dom12.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom12.example. in default '{type primary; file "dom12.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1433,7 +1526,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom12.example' from catalog 'catalog4.example'" && -wait_for_message ns2/named.run "transfer of 'dom12.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom12.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1501,7 +1594,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom13.example.db echo "@ IN NS invalid." >> ns1/dom13.example.db echo "@ IN A 192.0.2.1" >> ns1/dom13.example.db -rndccmd 10.53.0.1 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom13.example. in default '{type primary; file "dom13.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1548,7 +1641,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom13.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom13.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom13.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1659,7 +1752,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom14.example.db echo "@ IN NS invalid." >> ns1/dom14.example.db echo "@ IN A 192.0.2.1" >> ns1/dom14.example.db -rndccmd 10.53.0.1 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom14.example. in default '{type primary; file "dom14.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1692,14 +1785,14 @@ nextpart ns2/named.run >/dev/null n=$((n+1)) echo_i "Adding domain dom14.example. with rndc with ns1 as primary ($n)" ret=0 -rndccmd 10.53.0.2 addzone dom14.example. '{type secondary; primaries {10.53.0.1;};};' || ret=1 +rndccmd 10.53.0.2 addzone dom14.example. in default '{type secondary; primaries {10.53.0.1;};};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "transfer of 'dom14.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom14.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1783,7 +1876,7 @@ echo_i "Adding a domain dom15.example. to primary ns1 via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom15.example.db echo "@ IN NS invalid." >> ns1/dom15.example.db -rndccmd 10.53.0.1 addzone dom15.example. '{type primary; file "dom15.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom15.example. in default '{type primary; file "dom15.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1865,7 +1958,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom16.example.db echo "@ IN NS invalid." >> ns1/dom16.example.db echo "@ IN A 192.0.2.1" >> ns1/dom16.example.db -rndccmd 10.53.0.1 addzone dom16.example. '{type primary; file "dom16.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom16.example. in default '{type primary; file "dom16.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1894,7 +1987,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom16.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1912,7 +2005,7 @@ nextpart ns2/named.run >/dev/null echo_i "Deleting dom16.example. from secondary ns2 via RNDC ($n)" ret=0 -rndccmd 10.53.0.2 delzone dom16.example. >/dev/null 2>&1 || ret=1 +rndccmd 10.53.0.2 delzone dom16.example. in default >/dev/null 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1996,13 +2089,13 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom17.example.db echo "@ IN NS invalid." >> ns1/dom17.example.db echo "@ IN A 192.0.2.1" >> ns1/dom17.example.db -rndccmd 10.53.0.1 addzone dom17.example. '{type primary; file "dom17.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom17.example. in default '{type primary; file "dom17.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom18.example.db echo "@ IN NS invalid." >> ns1/dom18.example.db echo "@ IN A 192.0.2.1" >> ns1/dom18.example.db -rndccmd 10.53.0.1 addzone dom18.example. '{type primary; file "dom18.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom18.example. in default '{type primary; file "dom18.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2083,11 +2176,11 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "catz: unknown record in catalog zone - primaries.dom17.zones.catalog1.example IN A(failure) - ignoring" && +wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.dom17.zones.catalog1.example IN A (failure) - ignoring" && wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && -wait_for_message ns2/named.run "transfer of 'dom18.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom17.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" && +wait_for_message ns2/named.run "transfer of 'dom18.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2136,8 +2229,8 @@ echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: deleting zone 'dom17.example' from catalog 'catalog1.example' - success" && wait_for_message ns2/named.run "catz: deleting zone 'dom18.example' from catalog 'catalog1.example' - success" && -wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN: shutting down" && -wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN/default: shutting down" && +wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2174,11 +2267,11 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "catz: unknown record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A(failure) - ignoring" && +wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A (failure) - ignoring" && wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog2.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog2.example'" && -wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" && -wait_for_message ns2/named.run "transfer of 'dom18.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom17.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" && +wait_for_message ns2/named.run "transfer of 'dom18.example/IN/default' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2227,8 +2320,8 @@ echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: deleting zone 'dom17.example' from catalog 'catalog2.example' - success" && wait_for_message ns2/named.run "catz: deleting zone 'dom18.example' from catalog 'catalog2.example' - success" && -wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN: shutting down" && -wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN/default: shutting down" && +wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) diff --git a/lib/dns/catz.c b/lib/dns/catz.c index f3dbbc3989..9d231906d8 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -94,6 +94,7 @@ struct dns_catz_zone { bool active; bool db_registered; + bool broken; isc_refcount_t refs; }; @@ -1021,10 +1022,6 @@ catz_process_zones(dns_catz_zone_t *zone, dns_rdataset_t *value, REQUIRE(DNS_RDATASET_VALID(value)); REQUIRE(ISC_MAGIC_VALID(name, DNS_NAME_MAGIC)); - if (value->rdclass != dns_rdataclass_in) { - return (ISC_R_FAILURE); - } - if (name->labels == 0) { return (ISC_R_FAILURE); } @@ -1060,8 +1057,16 @@ catz_process_coo(dns_catz_zone_t *zone, dns_label_t *mhash, return (ISC_R_FAILURE); } - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_ptr) { + if (value->type != dns_rdatatype_ptr) { + return (ISC_R_FAILURE); + } + + if (dns_rdataset_count(value) != 1) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: 'coo' property PTR RRset contains " + "more than one record, which is invalid"); + zone->broken = true; return (ISC_R_FAILURE); } @@ -1123,24 +1128,31 @@ catz_process_zones_entry(dns_catz_zone_t *zone, dns_rdataset_t *value, dns_rdata_ptr_t ptr; dns_catz_entry_t *entry = NULL; - /* - * We only take -first- value, as mhash must be - * different. - */ if (value->type != dns_rdatatype_ptr) { return (ISC_R_FAILURE); } + if (dns_rdataset_count(value) != 1) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: member zone PTR RRset contains " + "more than one record, which is invalid"); + zone->broken = true; + return (ISC_R_FAILURE); + } + result = dns_rdataset_first(value); if (result != ISC_R_SUCCESS) { - return (ISC_R_FAILURE); + return (result); } dns_rdata_init(&rdata); dns_rdataset_current(value, &rdata); result = dns_rdata_tostruct(&rdata, &ptr, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) { + return (result); + } result = isc_ht_find(zone->entries, mhash->base, mhash->length, (void **)&entry); @@ -1181,8 +1193,16 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { REQUIRE(DNS_CATZ_ZONE_VALID(zone)); REQUIRE(DNS_RDATASET_VALID(value)); - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_txt) { + if (value->type != dns_rdatatype_txt) { + return (ISC_R_FAILURE); + } + + if (dns_rdataset_count(value) != 1) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: 'version' property TXT RRset contains " + "more than one record, which is invalid"); + zone->broken = true; return (ISC_R_FAILURE); } @@ -1195,7 +1215,9 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { dns_rdataset_current(value, &rdata); result = dns_rdata_tostruct(&rdata, &rdatatxt, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) { + return (result); + } result = dns_rdata_txt_first(&rdatatxt); if (result != ISC_R_SUCCESS) { @@ -1227,6 +1249,13 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { cleanup: dns_rdata_freestruct(&rdatatxt); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: invalid record for the catalog " + "zone version property"); + zone->broken = true; + } return (result); } @@ -1263,10 +1292,6 @@ catz_process_primaries(dns_catz_zone_t *zone, dns_ipkeylist_t *ipkl, * - label and IN A/IN AAAA * - label and IN TXT - TSIG key name */ - if (value->rdclass != dns_rdataclass_in) { - return (ISC_R_FAILURE); - } - if (name->labels > 0) { isc_sockaddr_t sockaddr; size_t i; @@ -1430,8 +1455,7 @@ catz_process_apl(dns_catz_zone_t *zone, isc_buffer_t **aclbp, REQUIRE(DNS_RDATASET_VALID(value)); REQUIRE(dns_rdataset_isassociated(value)); - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_apl) { + if (value->type != dns_rdatatype_apl) { return (ISC_R_FAILURE); } @@ -1670,6 +1694,14 @@ dns_catz_update_process(dns_catz_zones_t *catzs, dns_catz_zone_t *zone, REQUIRE(DNS_CATZ_ZONE_VALID(zone)); REQUIRE(ISC_MAGIC_VALID(src_name, DNS_NAME_MAGIC)); + if (rdataset->rdclass != dns_rdataclass_in) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, + "catz: RR found which has a non-IN class"); + zone->broken = true; + return (ISC_R_FAILURE); + } + nrres = dns_name_fullcompare(src_name, &zone->name, &order, &nlabels); if (nrres == dns_namereln_equal) { if (rdataset->type == dns_rdatatype_soa) { @@ -2047,8 +2079,10 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { dns_rdatasetiter_t *rdsiter = NULL; dns_rdataset_t rdataset; char bname[DNS_NAME_FORMATSIZE]; + char cname[DNS_NAME_FORMATSIZE]; bool is_vers_processed = false; uint32_t vers; + uint32_t catz_vers; REQUIRE(DNS_DB_VALID(db)); REQUIRE(DNS_CATZ_ZONES_VALID(catzs)); @@ -2125,13 +2159,13 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { result = dns_dbiterator_seek(it, name); if (result != ISC_R_SUCCESS) { dns_dbiterator_destroy(&it); - dns_catz_zone_detach(&newzone); dns_db_closeversion(db, &oldzone->dbversion, false); isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, "catz: zone '%s' has no 'version' record (%s)", bname, isc_result_totext(result)); - return; + newzone->broken = true; + goto final; } name = dns_fixedname_initname(&fixname); @@ -2177,7 +2211,6 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { result = dns_catz_update_process(catzs, newzone, name, &rdataset); if (result != ISC_R_SUCCESS) { - char cname[DNS_NAME_FORMATSIZE]; char typebuf[DNS_RDATATYPE_FORMATSIZE]; char classbuf[DNS_RDATACLASS_FORMATSIZE]; @@ -2191,8 +2224,8 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, - "catz: unknown record in catalog " - "zone - %s %s %s(%s) - ignoring", + "catz: invalid record in catalog " + "zone - %s %s %s (%s) - ignoring", cname, classbuf, typebuf, isc_result_totext(result)); } @@ -2218,6 +2251,40 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { ISC_LOG_DEBUG(3), "catz: update_from_db: iteration finished"); + /* + * Check catalog zone version compatibilites. + */ + catz_vers = (newzone->version == DNS_CATZ_VERSION_UNDEFINED) + ? oldzone->version + : newzone->version; + if (catz_vers == DNS_CATZ_VERSION_UNDEFINED) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: zone '%s' version is not set", bname); + newzone->broken = true; + } else if (catz_vers != 1 && catz_vers != 2) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: zone '%s' unsupported version " + "'%" PRIu32 "'", + bname, catz_vers); + newzone->broken = true; + } else { + oldzone->version = catz_vers; + } + +final: + if (newzone->broken) { + dns_name_format(name, cname, DNS_NAME_FORMATSIZE); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, + "catz: new catalog zone '%s' is broken and " + "will not be processed", + bname); + dns_catz_zone_detach(&newzone); + return; + } + /* * Finally merge new zone into old zone. */