upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-25 19:02:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Check notify with bad notify source address and tsig

Browse source 
named was asserting when the notify source address was not available
and TSIG was being used.  Check this scenario by adding a nameserver
to the zone which is configured to uses a non-existent source address
and a blackholed destination address and a TSIG using a server clause
for that destination address.

(cherry picked from commit f99d7f4217)
This commit is contained in:
Mark Andrews 2025-10-01 14:49:33 +10:00 committed by Ondřej Surý
parent 9213c42bc0
commit a6ca8407ee
No known key found for this signature in database
GPG key ID: 2820F37E873DEA41
4 changed files with 32 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
bin/tests/system/notify/ns2/named.conf.j2
View file

@ -97,3 +97,19 @@ zone x18 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
zone x19 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
zone x20 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
zone x21 { type primary; file "x21.db"; allow-update { any; }; also-notify { x21; }; };
key 10.53.0.53 {
algorithm hmac-sha256;
secret "aaaabbbbccccddddeeeeffffgggghhhhiiii";
};
server 10.53.0.53 {
notify-source 198.51.100.0; // non existant / not configured
keys 10.53.0.53;
};
zone "change-ns" {
type primary;
file "change-ns.db";
allow-update { any; };
};

1
bin/tests/system/notify/setup.sh
View file

@ -15,3 +15,4 @@
cp -f ns2/example1.db ns2/example.db
cp -f ns2/generic.db ns2/x21.db
cp -f ns2/generic.db ns2/change-ns.db

13
bin/tests/system/notify/tests.sh
View file

@ -240,5 +240,18 @@ nextpartreset ns3/named.run
wait_for_log 30 'retries exceeded' ns3/named.run || ret=1
test_end
test_start "checking notify with bad notify source address and tsig"
$NSUPDATE <<EOF
server 10.53.0.2 ${PORT}
zone change-ns
update add change-ns 0 NS ns53.change-ns
update add ns53.change-ns 0 A 10.53.0.53
send
EOF
wait_for_log 10 "zone change-ns/IN: sending notify to 10.53.0.53#${PORT} : TSIG (10.53.0.53)" ns2/named.run
dig_plus_opts ns change-ns @10.53.0.2 >dig.out.test$n || ret=1
grep "ns2.change-ns." dig.out.test$n >/dev/null || ret=1
test_end
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

2
bin/tests/system/notify/tests_sh_notify.py
View file

@ -15,6 +15,8 @@ pytestmark = pytest.mark.extra_artifacts(
[
"awk.out.*",
"dig.out.*",
"ns2/change-ns.db",
"ns2/change-ns.db.jnl",
"ns2/example.db",
"ns2/named-tls.conf",
"ns2/x21.db*",