From 5c6e1683d15da4325c600511b00c015d4defe276 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 30 Sep 2015 15:55:14 +1000 Subject: [PATCH] 4232. [test] Add tests for CDS and CDNSKEY with delegation-only. [RT #40597] (cherry picked from commit 65d59a4307d00f6b4e278b730c278502e5449da8) --- CHANGES | 3 + bin/tests/system/resolver/ns4/root.db | 2 + bin/tests/system/resolver/ns5/named.conf | 4 + .../system/resolver/ns6/delegation-only.db | 22 +++++ bin/tests/system/resolver/ns6/named.conf | 5 + bin/tests/system/resolver/tests.sh | 96 +++++++++++++++++++ 6 files changed, 132 insertions(+) create mode 100644 bin/tests/system/resolver/ns6/delegation-only.db diff --git a/CHANGES b/CHANGES index ba091da810..ba440c5e58 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4232. [test] Add tests for CDS and CDNSKEY with delegation-only. + [RT #40597] + 4231. [contrib] Address unchecked memory allocation calls in query-loc and zone2ldap. [RT #40789] diff --git a/bin/tests/system/resolver/ns4/root.db b/bin/tests/system/resolver/ns4/root.db index 093d2b3440..8b44b49240 100644 --- a/bin/tests/system/resolver/ns4/root.db +++ b/bin/tests/system/resolver/ns4/root.db @@ -25,3 +25,5 @@ $TTL 300 . NS a.root-servers.nil. a.root-servers.nil. A 10.53.0.4 all-cnames NS cname.tld +delegation-only. NS ns.delegation-only. +ns.delegation-only. A 10.53.0.6 diff --git a/bin/tests/system/resolver/ns5/named.conf b/bin/tests/system/resolver/ns5/named.conf index 1abedf67f1..c46cdf3e03 100644 --- a/bin/tests/system/resolver/ns5/named.conf +++ b/bin/tests/system/resolver/ns5/named.conf @@ -45,3 +45,7 @@ zone "child.server" { type master; file "child.server.db"; }; + +zone "delegation-only" { + type delegation-only; +}; diff --git a/bin/tests/system/resolver/ns6/delegation-only.db b/bin/tests/system/resolver/ns6/delegation-only.db new file mode 100644 index 0000000000..72564dc90c --- /dev/null +++ b/bin/tests/system/resolver/ns6/delegation-only.db @@ -0,0 +1,22 @@ +$TTL 120 +@ IN SOA ns marka.isc.org. 1 0 0 0 120 +@ IN NS ns +@ IN DNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF +; +; Delegation only test CDS and CDNSKEY records. These should be +; returned even if delegation-only is set for this zone. +; +@ IN A 1.2.3.4 +@ IN AAAA c::1.2.3.4 +@ IN CDS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +@ IN CDNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF +; +; Delegation only test CDS and CDNSKEY records. These should be rejected +; as they are not at the zone apex. +; +a IN A 1.2.3.4 +aaaa IN AAAA c::1.2.3.4 +cds IN CDS 21366 7 1 E6C1716CFB6BDC84E84CE1AB5510DAC69173B5B2 +cdnskey IN CDNSKEY 256 3 7 AwEAAY9437GPWJHzBeR4FP6eJAie7gh2QSM6LUnbDAHvHOx8MNqgSVRM PZka2rAgivb65/MkT1lXRUegj91iRFP3iggTpCgvdUbcBjsYrdODsrwF YUMIUl1pU0lH9x7KvfFUOfSmG+Rk5UHUWuRZbNyc65Sq69iFXg5c11+8 MAkRoeDF +; +ns IN A 10.53.0.6 diff --git a/bin/tests/system/resolver/ns6/named.conf b/bin/tests/system/resolver/ns6/named.conf index b53f2d43a8..cfb32b6959 100644 --- a/bin/tests/system/resolver/ns6/named.conf +++ b/bin/tests/system/resolver/ns6/named.conf @@ -59,3 +59,8 @@ zone "broken" { file "broken.db"; allow-update { any; }; }; + +zone "delegation-only" { + type master; + file "delegation-only.db"; +}; diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh index 19a5ed5b35..4c1571f85e 100755 --- a/bin/tests/system/resolver/tests.sh +++ b/bin/tests/system/resolver/tests.sh @@ -421,5 +421,101 @@ grep "skipping nameserver 'cname.tld' because it is a CNAME, while resolving 'al if [ $ret != 0 ]; then echo "I:failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo "I:check that SOA query returns data for delegation-only apex (${n})" +ret=0 +$DIG soa delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +n=`expr $n + 1` + +n=`expr $n + 1` +echo "I:check that NS query returns data for delegation-only apex (${n})" +ret=0 +$DIG ns delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that A query returns data for delegation-only A apex (${n})" +ret=0 +$DIG a delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that CDS query returns data for delegation-only apex (${n})" +ret=0 +$DIG cds delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that AAAA query returns data for delegation-only AAAA apex (${n})" +ret=0 +$DIG a delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +n=`expr $n + 1` + +echo "I:check that DNSKEY query returns data for delegation-only apex (${n})" +ret=0 +$DIG dnskey delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that CDNSKEY query returns data for delegation-only apex (${n})" +ret=0 +$DIG cdnskey delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NOERROR" dig.out.ns5.test${n} > /dev/null || ret=1 +grep "ANSWER: 1," dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that NXDOMAIN is returned for delegation-only non-apex A data (${n})" +ret=0 +$DIG a a.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that NXDOMAIN is returned for delegation-only non-apex CDS data (${n})" +ret=0 +$DIG cds cds.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo "I:check that NXDOMAIN is returned for delegation-only non-apex AAAA data (${n})" +ret=0 +$DIG aaaa aaaa.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` +n=`expr $n + 1` + +echo "I:check that NXDOMAIN is returned for delegation-only non-apex CDNSKEY data (${n})" +ret=0 +$DIG cdnskey cdnskey.delegation-only @10.53.0.5 -p 5300 > dig.out.ns5.test${n} || ret=1 +grep "status: NXDOMAIN" dig.out.ns5.test${n} > /dev/null || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + echo "I:exit status: $status" exit $status