test: DS query against broken NODATA responses

This is a regresssion test for GL #4621 where the NODATA responses are SOA records that match the QNAME rather than the zone name. In particular for NS queries.
2026-02-24 18:30:38 -05:00 · 2024-03-05 15:51:05 +11:00 · 2024-03-05 15:51:05 +11:00 · 3fedbb1a66
commit 3fedbb1a66
parent 5ff55e13e8
4 changed files with 80 additions and 0 deletions
--- a/bin/tests/system/resolver/ans2/ans.pl
+++ b/bin/tests/system/resolver/ans2/ans.pl
@ -133,6 +133,38 @@ for (;;) {
 		$packet->push("additional", new Net::DNS::RR("ns.broken 300 A 10.53.0.4"));
 	} elsif ($qname =~ /\.partial-formerr/) {
 		$packet->header->rcode("FORMERR");
+	} elsif ($qname eq "gl6412") {
+		if ($qtype eq "SOA") {
+			$packet->push("answer",
+			      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+		} elsif ($qtype eq "NS") {
+			$packet->push("answer",
+			      new Net::DNS::RR($qname . " 300 NS ns2" . $qname));
+			$packet->push("answer",
+			      new Net::DNS::RR($qname . " 300 NS ns3" . $qname));
+		} else {
+			$packet->push("authority",
+			      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+		}
+	} elsif ($qname eq "a.gl6412" || $qname eq "a.a.gl6412") {
+		$packet->push("authority",
+			      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+	} elsif ($qname eq "ns2.gl6412") {
+		if ($qtype eq "A") {
+			$packet->push("answer",
+				      new Net::DNS::RR($qname . " 300 A 10.53.0.2"));
+		} else {
+			$packet->push("authority",
+				      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+		}
+	} elsif ($qname eq "ns3.gl6412") {
+		if ($qtype eq "A") {
+			$packet->push("answer",
+				      new Net::DNS::RR($qname . " 300 A 10.53.0.3"));
+		} else {
+			$packet->push("authority",
+				      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+		}
 	} else {
 		# Data for the "bogus referrals" test
 		$packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com"));
--- a/bin/tests/system/resolver/ans3/ans.pl
+++ b/bin/tests/system/resolver/ans3/ans.pl
@ -142,6 +142,38 @@ sub handleQuery {
 	} elsif ($qname =~ /\.partial-formerr/) {
 		$packet->push("answer",
 			      new Net::DNS::RR($qname .  " 1 A 10.53.0.3"));
+       } elsif ($qname eq "gl6412") {
+                if ($qtype eq "SOA") {
+                        $packet->push("answer",
+                              new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                } elsif ($qtype eq "NS") {
+                        $packet->push("answer",
+                              new Net::DNS::RR($qname . " 300 NS ns2" . $qname));
+                        $packet->push("answer",
+                              new Net::DNS::RR($qname . " 300 NS ns3" . $qname));
+                } else {
+                        $packet->push("authority",
+                              new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                }
+        } elsif ($qname eq "a.gl6412" || $qname eq "a.a.gl6412") {
+                $packet->push("authority",
+                              new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+        } elsif ($qname eq "ns2.gl6412") {
+                if ($qtype eq "A") {
+                        $packet->push("answer",
+                                      new Net::DNS::RR($qname . " 300 A 10.53.0.2"));
+                } else {
+                        $packet->push("authority",
+                                      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                }
+        } elsif ($qname eq "ns3.gl6412") {
+                if ($qtype eq "A") {
+                        $packet->push("answer",
+                                      new Net::DNS::RR($qname . " 300 A 10.53.0.3"));
+                } else {
+                        $packet->push("authority",
+                                      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                }
 	} else {
 		$packet->push("answer", new Net::DNS::RR("www.example.com 300 A 1.2.3.4"));
 	}
--- a/bin/tests/system/resolver/ns6/root.db
+++ b/bin/tests/system/resolver/ns6/root.db
@ -34,3 +34,11 @@ edns-version.tld.	NS	ns.edns-version.tld.
 ns.edns-version.tld.	A	10.53.0.7
 v4only.net.		NS	v4.nameserver.
 v4.nameserver.		A	10.53.0.4
+;
+; Servers for regression test for GL #6412
+; They return broken NODATA responses (incorrect SOA) for the test zone.
+;
+gl6412.			NS	ns2.gl6412.
+gl6412.			NS	ns3.gl6412.
+ns2.gl6412.		A	10.53.0.2
+ns3.gl6412.		A	10.53.0.3
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@ -829,6 +829,14 @@ grep "status: NOERROR" dig.out.${n} >/dev/null || ret=1
 nextpart ns5/named.run | grep "$msg" >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi

+n=$((n + 1))
+echo_i "GL#4612 regression test: DS query against broken NODATA responses (${n})"
+# servers ns2 and ns3 return authority SOA which matches QNAME rather than the zone
+ret=0
+dig_with_opts @10.53.0.7 a.a.gl6412 DS >dig.out.${n} || ret=1
+grep "status: SERVFAIL" dig.out.${n} >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+
 status=$((status + ret))

 echo_i "exit status: $status"