Checking invalid TSIG key name in a catalog zone

(cherry picked from commit 213e59ccf5)
2026-06-10 19:50:00 -04:00 · 2026-04-10 13:05:31 +10:00 · 2026-04-10 13:05:31 +10:00 · 5daf7102a5
commit 5daf7102a5
parent 35a5e29800
4 changed files with 33 additions and 0 deletions
--- a/bin/tests/system/catz/ns1/catalog-bad6.example.db
+++ b/bin/tests/system/catz/ns1/catalog-bad6.example.db
@ -0,0 +1,7 @@
+@ 3600 SOA . . 1 86400 3600 86400 3600
+@ 3600 IN NS invalid.
+version IN TXT "2"
+deadbeef.zones IN PTR member.example.
+mykey.primaries.ext.deadbeef.zones IN A 192.0.2.1
+; bad key name label too big
+mykey.primaries.ext.deadbeef.zones IN TXT "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.com"
--- a/bin/tests/system/catz/ns1/named.conf.j2
+++ b/bin/tests/system/catz/ns1/named.conf.j2
@ -128,6 +128,16 @@ view "default" {
 		notify explicit;
 	};

+	# Bad TSIG key name
+	zone "catalog-bad6.example" {
+		type primary;
+		file "catalog-bad6.example.db";
+		allow-transfer { any; };
+		allow-update { any; };
+		also-notify { 10.53.0.2; };
+		notify explicit;
+	};
+
 	# A catalog zone that requires TLS to be used
 	zone "catalog-tls.example" {
 		type primary;
--- a/bin/tests/system/catz/ns2/named.conf.j2
+++ b/bin/tests/system/catz/ns2/named.conf.j2
@ -101,6 +101,10 @@ view "default" {
 			default-masters { 10.53.0.1; }
 			min-update-interval 1s
 			in-memory yes;
+		zone "catalog-bad6.example"
+			default-masters { 10.53.0.1; }
+			min-update-interval 1s
+			in-memory yes;
 	};

 {% if bad_dlz %}
@ -206,6 +210,12 @@ view "default" {
 		primaries { 10.53.0.1; };
 	};

+	# Bad TSIG key name
+	zone "catalog-bad6.example" {
+		type secondary;
+		file "catalog-bad6.example.db";
+		primaries { 10.53.0.1; };
+	};
 };

 view "ch" ch {
--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@ -134,6 +134,12 @@ grep -F "catz: dns_catz_zone_add catalog-bad5.example" ns2/named.run && ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))

+echo_i "checking that catalog-bad6.example (invalid TSIG key name) is handled ($n)"
+ret=0
+wait_for_message ns2/named.run "catz: invalid record in catalog zone - mykey.primaries.ext.deadbeef.zones.catalog-bad6.example IN TXT (label too long) - ignoring" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 nextpart ns2/named.run >/dev/null

 ##########################################################################