mirror of
https://github.com/isc-projects/bind9.git
synced 2026-04-28 17:46:40 -04:00
4232. [test] Add tests for CDS and CDNSKEY with delegation-only.
[RT #40597]
(cherry picked from commit 65d59a4307)
This commit is contained in:
Mark Andrews
parent
fc9f0ac577
commit
2d60077e56
6 changed files with 132 additions and 0 deletions
3
CHANGES
3
CHANGES
|
|
@ -1,3 +1,6 @@
|
|||
4232. [test] Add tests for CDS and CDNSKEY with delegation-only.
|
||||
[RT #40597]
|
||||
|
||||
4231. [contrib] Address unchecked memory allocation calls in
|
||||
query-loc and zone2ldap. [RT #40789]
|
||||
|
||||
|
|
|
|||
|
|
@ -25,3 +25,5 @@ $TTL 300
|
|||
. NS a.root-servers.nil.
|
||||
a.root-servers.nil. A 10.53.0.4
|
||||
all-cnames NS cname.tld
|
||||
delegation-only. NS ns.delegation-only.
|
||||
ns.delegation-only. A 10.53.0.6
|
||||
|
|
|
|||
|
|
@ -46,3 +46,7 @@ zone "child.server" {
|
|||
type master;
|
||||
file "child.server.db";
|
||||
};
|
||||
|
||||
zone "delegation-only" {
|
||||
type delegation-only;
|
||||
};
|
||||
|
|
|
|||
22
bin/tests/system/resolver/ns6/delegation-only.db
Normal file
22
bin/tests/system/resolver/ns6/delegation-only.db
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
$TTL 120
|
||||
@ IN SOA ns marka.isc.org. 1 0 0 0 120
|
||||
@ IN NS ns
|
||||
@ IN DNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF
|
||||
;
|
||||
; Delegation only test CDS and CDNSKEY records. These should be
|
||||
; returned even if delegation-only is set for this zone.
|
||||
;
|
||||
@ IN A 1.2.3.4
|
||||
@ IN AAAA c::1.2.3.4
|
||||
@ IN CDS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
|
||||
@ IN CDNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF
|
||||
;
|
||||
; Delegation only test CDS and CDNSKEY records. These should be rejected
|
||||
; as they are not at the zone apex.
|
||||
;
|
||||
a IN A 1.2.3.4
|
||||
aaaa IN AAAA c::1.2.3.4
|
||||
cds IN CDS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2
|
||||
cdnskey IN CDNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF
|
||||
;
|
||||
ns IN A 10.53.0.6
|
||||
|
|
@ -59,3 +59,8 @@ zone "broken" {
|
|||
file "broken.db";
|
||||
allow-update { any; };
|
||||
};
|
||||
|
||||
zone "delegation-only" {
|
||||
type master;
|
||||
file "delegation-only.db";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -533,5 +533,101 @@ grep "CLIENT-SUBNET: 255.255.254.0/23/0" dig.out.ns5.test${n} > /dev/null || ret
|
|||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that SOA query returns data for delegation-only apex (${n})"
|
||||
ret=0
|
||||
$DIG soa delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that NS query returns data for delegation-only apex (${n})"
|
||||
ret=0
|
||||
$DIG ns delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that A query returns data for delegation-only A apex (${n})"
|
||||
ret=0
|
||||
$DIG a delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that CDS query returns data for delegation-only apex (${n})"
|
||||
ret=0
|
||||
$DIG cds delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that AAAA query returns data for delegation-only AAAA apex (${n})"
|
||||
ret=0
|
||||
$DIG a delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
|
||||
echo "I:check that DNSKEY query returns data for delegation-only apex (${n})"
|
||||
ret=0
|
||||
$DIG dnskey delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that CDNSKEY query returns data for delegation-only apex (${n})"
|
||||
ret=0
|
||||
$DIG cdnskey delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that NXDOMAIN is returned for delegation-only non-apex A data (${n})"
|
||||
ret=0
|
||||
$DIG a a.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that NXDOMAIN is returned for delegation-only non-apex CDS data (${n})"
|
||||
ret=0
|
||||
$DIG cds cds.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
n=`expr $n + 1`
|
||||
echo "I:check that NXDOMAIN is returned for delegation-only non-apex AAAA data (${n})"
|
||||
ret=0
|
||||
$DIG aaaa aaaa.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
|
||||
echo "I:check that NXDOMAIN is returned for delegation-only non-apex CDNSKEY data (${n})"
|
||||
ret=0
|
||||
$DIG cdnskey cdnskey.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1
|
||||
grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
|
|
|
|||
Loading…
Reference in a new issue