mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-22 09:20:51 -05:00
Add a none parameter to named configuration option `query-source` (respectively `query-source-v6`) which forbid usage of IPv4 (respectively IPv6) addresses when named is doing an upstream query. Closes #4981 Turning-off upstream IPv6 queries while still listening to downstream queries on IPv6. Merge branch 'colin/querysource-none' into 'main' See merge request isc-projects/bind9!9727 Backport of MR !9727 Some changes had to be done to the existing 9.20.x code in order to make this backport compatible: - first, the 9.20.x branches support the `port` parameter in query-source[-v6], where 9.21.x does not. The original changes depend on things that can't be backported because that would break `port` support. - second, the changes remove the optional `address` parameter from the canonical form. So `query-source address <ip>` is now printed as `query-source <ip>`. This means that `named-checkconf -p` will now generate different output if users have `query-source address <ip>` or `query-source address <ip> port <port>`; it will now generate `query-source <ip>` or `query-source <ip> port <port>`. This is a non-breaking change, because the parser has been updated to support this form as well.
58 lines
1.5 KiB
Python
58 lines
1.5 KiB
Python
#!/usr/bin/python3
|
|
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
import pytest
|
|
import isctest
|
|
|
|
pytest.importorskip("dns")
|
|
import dns.message
|
|
|
|
pytestmark = pytest.mark.extra_artifacts(
|
|
[
|
|
"ns*/named.pid",
|
|
"ns*/managed-keys.bind*",
|
|
]
|
|
)
|
|
|
|
|
|
def test_querysource_none():
|
|
msg = dns.message.make_query("example.", "A", want_dnssec=False)
|
|
|
|
res = isctest.query.udp(msg, "10.53.0.2")
|
|
isctest.check.noerror(res)
|
|
|
|
res = isctest.query.udp(msg, "10.53.0.3")
|
|
isctest.check.noerror(res)
|
|
|
|
res = isctest.query.udp(msg, "10.53.0.4")
|
|
isctest.check.servfail(res)
|
|
|
|
res = isctest.query.udp(msg, "10.53.0.5")
|
|
isctest.check.servfail(res)
|
|
|
|
# using a different name below to make sure we don't use the
|
|
# resolver cache
|
|
|
|
msg = dns.message.make_query("exampletwo.", "A", want_dnssec=False)
|
|
|
|
res = isctest.query.udp(msg, "fd92:7065:b8e:ffff::2")
|
|
isctest.check.noerror(res)
|
|
|
|
res = isctest.query.udp(msg, "fd92:7065:b8e:ffff::3")
|
|
isctest.check.noerror(res)
|
|
|
|
res = isctest.query.udp(msg, "fd92:7065:b8e:ffff::4")
|
|
isctest.check.servfail(res)
|
|
|
|
res = isctest.query.udp(msg, "fd92:7065:b8e:ffff::5")
|
|
isctest.check.servfail(res)
|