From 2eee1e176182657d6a8e147386b2fd187af823a8 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Thu, 12 Oct 2023 15:25:57 +1100
Subject: [PATCH] Check dns64 + server-stale short timeout

Check that named correctly returns a synthesized DNS64 answer when the
server stale timer triggers for the A lookup.  Use a small value for
stale-answer-client-timeout (2ms) and delay the A response by 1 second.
---
 bin/tests/system/serve-stale/ans2/ans.pl      | 10 ++++
 .../system/serve-stale/ns3/named9.conf.in     | 46 +++++++++++++++++++
 bin/tests/system/serve-stale/tests.sh         | 17 +++++++
 3 files changed, 73 insertions(+)
 create mode 100644 bin/tests/system/serve-stale/ns3/named9.conf.in

diff --git a/bin/tests/system/serve-stale/ans2/ans.pl b/bin/tests/system/serve-stale/ans2/ans.pl
index 3fdc1fc9aa..a223876b7a 100644
--- a/bin/tests/system/serve-stale/ans2/ans.pl
+++ b/bin/tests/system/serve-stale/ans2/ans.pl
@@ -162,6 +162,16 @@ sub reply_handler {
 	    push @auth, $rr;
 	}
 	$rcode = "NOERROR";
+    } elsif ($qname eq "a-only-slow.example") {
+	if ($qtype eq "A") {
+	    sleep(1);
+	    my $rr = new Net::DNS::RR("a-only-slow.example 2 IN A $localaddr");
+	    push @ans, $rr;
+	} else {
+	    my $rr = new Net::DNS::RR($negSOA);
+	    push @auth, $rr;
+	}
+	$rcode = "NOERROR";
     } elsif ($qname eq "cname.example") {
 	if ($qtype eq "A") {
 	    my $rr = new Net::DNS::RR($CNAME);
diff --git a/bin/tests/system/serve-stale/ns3/named9.conf.in b/bin/tests/system/serve-stale/ns3/named9.conf.in
new file mode 100644
index 0000000000..f875da46cd
--- /dev/null
+++ b/bin/tests/system/serve-stale/ns3/named9.conf.in
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+	inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+options {
+	query-source address 10.53.0.3;
+	notify-source 10.53.0.3;
+	transfer-source 10.53.0.3;
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.3; };
+	listen-on-v6 { none; };
+	recursion yes;
+	dnssec-validation no;
+	stale-answer-enable yes;
+	stale-cache-enable yes;
+	stale-answer-client-timeout 2;
+	dns64 2001:aaaa::/96 {
+		clients { any; };
+		mapped { any; };
+	};
+};
+
+zone "." {
+	type secondary;
+	primaries { 10.53.0.1; };
+	file "root.bk";
+};
diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh
index b9e5888f10..a5e24018e7 100755
--- a/bin/tests/system/serve-stale/tests.sh
+++ b/bin/tests/system/serve-stale/tests.sh
@@ -2666,6 +2666,23 @@ grep "2001:aaaa" dig.out.2.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+n=$((n + 1))
+echo_i "check DNS64 processing of a stale negative answer (short serve-stale-client-timeout) ($n)"
+ret=0
+# configure ns3 with dns64
+copy_setports ns3/named9.conf.in ns3/named.conf
+$RNDCCMD 10.53.0.3 reload >rndc.out.test$n.1 2>&1 || ret=1
+# flush cache, enable ans2 responses, make sure serve-stale is on
+$RNDCCMD 10.53.0.3 flush >rndc.out.test$n.1 2>&1 || ret=1
+$DIG -p ${PORT} @10.53.0.2 txt enable >/dev/null
+$RNDCCMD 10.53.0.3 serve-stale on >rndc.out.test$n.2 2>&1 || ret=1
+#
+$DIG -p ${PORT} @10.53.0.3 a-only-slow.example AAAA >dig.out.test$n || ret=1
+grep "status: NOERROR" dig.out.test$n >/dev/null || ret=1
+grep "2001:aaaa" dig.out.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 ###########################################################
 # Test serve-stale's interaction with prefetch processing #
 ###########################################################