Checking invalid TSIG key name in a catalog zone

(cherry picked from commit 213e59ccf5)
2026-06-10 20:10:04 -04:00 · 2026-04-10 13:05:31 +10:00 · 2026-04-10 13:05:31 +10:00 · 298e60f877
commit 298e60f877
parent 7c45caf6fe
4 changed files with 33 additions and 0 deletions
--- a/bin/tests/system/catz/ns1/catalog-bad6.example.db
+++ b/bin/tests/system/catz/ns1/catalog-bad6.example.db
@ -0,0 +1,7 @@
+@ 3600 SOA . . 1 86400 3600 86400 3600
+@ 3600 IN NS invalid.
+version IN TXT "2"
+deadbeef.zones IN PTR member.example.
+mykey.primaries.ext.deadbeef.zones IN A 192.0.2.1
+; bad key name label too big
+mykey.primaries.ext.deadbeef.zones IN TXT "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.com"
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@ -108,6 +108,16 @@ view "default" {
 		notify explicit;
 	};

+	# Bad TSIG key name
+	zone "catalog-bad6.example" {
+		type primary;
+		file "catalog-bad6.example.db";
+		allow-transfer { any; };
+		allow-update { any; };
+		also-notify { 10.53.0.2; };
+		notify explicit;
+	};
+
 	# A catalog zone that requires TLS to be used
 	zone "catalog-tls.example" {
 		type primary;
--- a/bin/tests/system/catz/ns2/named1.conf.in
+++ b/bin/tests/system/catz/ns2/named1.conf.in
@ -67,6 +67,10 @@ view "default" {
 		zone "catalog-bad4.example"
 			default-masters { 10.53.0.1; }
 			in-memory yes;
+		zone "catalog-bad6.example"
+			default-masters { 10.53.0.1; }
+			min-update-interval 1s
+			in-memory yes;
 	};

 	# A faulty dlz configuration to check if named and catz survive a certain class
@ -155,6 +159,12 @@ view "default" {
 		primaries { 10.53.0.1; };
 	};

+	# Bad TSIG key name
+	zone "catalog-bad6.example" {
+		type secondary;
+		file "catalog-bad6.example.db";
+		primaries { 10.53.0.1; };
+	};
 };

 view "ch" ch {
--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@ -126,6 +126,12 @@ grep -F "catz: dns_catz_add_zone catalog-bad5.example" ns2/named.run && ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))

+echo_i "checking that catalog-bad6.example (invalid TSIG key name) is handled ($n)"
+ret=0
+wait_for_message ns2/named.run "catz: invalid record in catalog zone - mykey.primaries.ext.deadbeef.zones.catalog-bad6.example IN TXT (label too long) - ignoring" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 nextpart ns2/named.run >/dev/null

 ##########################################################################