From 00db079f797ec319e55f5f59b6e4d8c2e55f5781 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 17 Jun 2022 14:40:39 +1000 Subject: [PATCH] Add system test for forward only grafted zone with synth-from-dnssec We are grafting on an unsigned zone "example.internal" where the higher zone (".") is signed and would otherwise cause named to synthesise a NXDOMAIN for example.internal. We prime the cache by performing a lookup for "internal" and then lookup "example.internal". (cherry picked from commit 8af5d0ad68ca939d98dd57706b534c58741e94a8) --- bin/tests/system/synthfromdnssec/ns1/root.db.in | 1 + .../synthfromdnssec/ns2/example.internal.db | 16 ++++++++++++++++ .../system/synthfromdnssec/ns2/named.conf.in | 5 +++++ .../system/synthfromdnssec/ns5/named.conf.in | 7 +++++++ bin/tests/system/synthfromdnssec/tests.sh | 13 +++++++++++++ 5 files changed, 42 insertions(+) create mode 100644 bin/tests/system/synthfromdnssec/ns2/example.internal.db diff --git a/bin/tests/system/synthfromdnssec/ns1/root.db.in b/bin/tests/system/synthfromdnssec/ns1/root.db.in index fa9a21b6c2..bade656f67 100644 --- a/bin/tests/system/synthfromdnssec/ns1/root.db.in +++ b/bin/tests/system/synthfromdnssec/ns1/root.db.in @@ -14,6 +14,7 @@ $TTL 3600 @ NS ns1 ns1 A 10.53.0.1 example NS ns1.example +fun NS ns1.example ns1.example A 10.53.0.1 dnamed NS ns1.dnamed ns1.dnamed A 10.53.0.1 diff --git a/bin/tests/system/synthfromdnssec/ns2/example.internal.db b/bin/tests/system/synthfromdnssec/ns2/example.internal.db new file mode 100644 index 0000000000..938159b899 --- /dev/null +++ b/bin/tests/system/synthfromdnssec/ns2/example.internal.db @@ -0,0 +1,16 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 3600 +@ SOA ns2 hostmaster 1 3600 1200 604800 3600 +@ NS ns2 +@ A 1.2.3.4 +ns2 A 10.53.0.2 diff --git a/bin/tests/system/synthfromdnssec/ns2/named.conf.in b/bin/tests/system/synthfromdnssec/ns2/named.conf.in index b226420e6f..736d428172 100644 --- a/bin/tests/system/synthfromdnssec/ns2/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns2/named.conf.in @@ -44,4 +44,9 @@ zone "." { file "root.hints"; }; +zone "example.internal" { + type primary; + file "example.internal.db"; +}; + include "../ns1/trusted.conf"; diff --git a/bin/tests/system/synthfromdnssec/ns5/named.conf.in b/bin/tests/system/synthfromdnssec/ns5/named.conf.in index 2f936f4fa7..a98ef39ddf 100644 --- a/bin/tests/system/synthfromdnssec/ns5/named.conf.in +++ b/bin/tests/system/synthfromdnssec/ns5/named.conf.in @@ -25,6 +25,7 @@ options { notify no; dnssec-validation yes; synth-from-dnssec yes; + validate-except { example.internal; }; }; key rndc_key { @@ -45,4 +46,10 @@ zone "." { file "root.hints"; }; +zone "example.internal" { + type forward; + forward only; + forwarders { 10.53.0.2; }; +}; + include "../ns1/trusted.conf"; diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh index d9cf0927ec..f5383c97e2 100644 --- a/bin/tests/system/synthfromdnssec/tests.sh +++ b/bin/tests/system/synthfromdnssec/tests.sh @@ -870,6 +870,19 @@ n=$((n+1)) if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) +echo_i "check synth-from-dnssec with grafted zone (forward only) ($n)" +ret=0 +#prime cache with NXDOMAIN NSEC covering 'fun' to 'minimal' +dig_with_opts internal @10.53.0.5 > dig.out.ns5-1.test$n || ret=1 +grep "status: NXDOMAIN" dig.out.ns5-1.test$n >/dev/null || ret=1 +grep '^fun\..*NSEC.minimal\. ' dig.out.ns5-1.test$n >/dev/null || ret=1 +#perform lookup in grafted zone +dig_with_opts example.internal @10.53.0.5 > dig.out.ns5-2.test$n || ret=1 +grep "status: NOERROR" dig.out.ns5-2.test$n >/dev/null || ret=1 +grep '^example\.internal\..*A.1.2.3.4$' dig.out.ns5-2.test$n >/dev/null || ret=1 +n=$((n+1)) +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) echo_i "exit status: $status" [ $status -eq 0 ] || exit 1