upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Merge branch '3224-catz-broken-catalog-zones-concept-support-v9_18' into 'v9_18'

Browse source 
[v9_18] [4/5] Introduce the concept of broken catalog zones

See merge request isc-projects/bind9!6214
This commit is contained in:
Arаm Sаrgsyаn 2022-04-28 13:22:44 +00:00
commit d04fb79f1f
13 changed files with 591 additions and 172 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
5877. [func] Introduce the concept of broken catalog zones described
in the DNS catalog zones draft version 5 document.
[GL #3224]
5876. [func] Add DNS Extended Errors when stale answers are returned
from cache. [GL #2267]

9
bin/named/server.c
View file

@ -4140,6 +4140,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
rpz_configured = true;
}
obj = NULL;
if (view->rdclass != dns_rdataclass_in && need_hints &&
named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS)
{
cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING,
"'catalog-zones' option is only supported "
"for views with class IN");
}
obj = NULL;
if (view->rdclass == dns_rdataclass_in && need_hints &&
named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS)

2
bin/tests/system/catz/clean.sh
View file

@ -12,6 +12,7 @@
rm -f dig.out.*
rm -f ns*/*.jnl
rm -f ns*/*.nzf
rm -f ns*/*.mkeys
rm -f ns*/named.lock
rm -f ns*/named.memstats
rm -f ns*/named.conf
@ -19,6 +20,7 @@ rm -f ns*/named.run
rm -f ns*/named.run.prev
rm -f ns1/*dom*example.db
rm -f ns2/__catz__*db
rm -f ns2/catalog-bad*.db
rm -f ns2/named.conf.tmp
rm -f ns3/dom2.example.db ns3/dom13.example.db ns3/dom14.example.db ns3/dom17.example.db ns3/dom18.example.db
rm -f nsupdate.out.*

13
bin/tests/system/catz/ns1/catalog-bad1.example.db Normal file
View file

@ -0,0 +1,13 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ 3600 SOA . . 1 86400 3600 86400 3600
@ 3600 IN NS invalid.

14
bin/tests/system/catz/ns1/catalog-bad2.example.db Normal file
View file

@ -0,0 +1,14 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ 3600 SOA . . 1 86400 3600 86400 3600
@ 3600 IN NS invalid.
version IN TXT "99"

15
bin/tests/system/catz/ns1/catalog-bad3.example.db Normal file
View file

@ -0,0 +1,15 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ 3600 SOA . . 1 86400 3600 86400 3600
@ 3600 IN NS invalid.
version IN TXT "1"
version IN TXT "2"

14
bin/tests/system/catz/ns1/catalog-bad4.example.db Normal file
View file

@ -0,0 +1,14 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ 3600 SOA . . 1 86400 3600 86400 3600
@ 3600 IN NS invalid.
version IN A 10.53.0.1

14
bin/tests/system/catz/ns1/catalog-bad5.example.db Normal file
View file

@ -0,0 +1,14 @@
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; SPDX-License-Identifier: MPL-2.0
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, you can obtain one at https://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
@ 3600 SOA . . 1 86400 3600 86400 3600
@ 3600 CH NS invalid.
version CH TXT "2"

107
bin/tests/system/catz/ns1/named.conf.in
View file

@ -32,34 +32,93 @@ options {
allow-transfer { any; };
};
zone "catalog1.example" {
type primary;
file "catalog1.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
view "default" {
zone "catalog1.example" {
type primary;
file "catalog1.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
/* catalog2 is provided by the ns3 primary */
zone "catalog3.example" {
type primary;
file "catalog3.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
zone "catalog4.example" {
type primary;
file "catalog4.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
/* catalog5 is missing on purpose */
# No "version" property
zone "catalog-bad1.example" {
type primary;
file "catalog-bad1.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
# Unsupported "version" property
zone "catalog-bad2.example" {
type primary;
file "catalog-bad2.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
# Two RRs in TXT RRset for the "version" property
zone "catalog-bad3.example" {
type primary;
file "catalog-bad3.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
# Type A "version" property
zone "catalog-bad4.example" {
type primary;
file "catalog-bad4.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
};
zone "catalog3.example" {
type primary;
file "catalog3.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
view "ch" ch {
zone "catalog4.example" {
type primary;
file "catalog4.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
# Non-IN class catalog zone
zone "catalog-bad5.example" ch {
type primary;
file "catalog-bad5.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
/* catalog5 is missing on purpose */
};
key tsig_key. {
secret "LSAnCU+Z";

132
bin/tests/system/catz/ns2/named1.conf.in
View file

@ -28,6 +28,16 @@ options {
notify no;
recursion no;
serial-query-rate 100;
};
/*
* The comment lines starting with "#Tn" markers below are designed to be
* uncommented by "tests.sh" when running the tests to perform some of required
* tests which need ns2 reconfgiuration.
*/
view "default" {
catalog-zones {
zone "catalog1.example"
default-masters { 10.53.0.1; }
@ -43,44 +53,102 @@ options {
#T1 default-masters { 10.53.0.1; };
#T2 zone "catalog5.example"
#T2 default-primaries { 10.53.0.1; };
zone "catalog-bad1.example"
default-masters { 10.53.0.1; }
in-memory yes;
zone "catalog-bad2.example"
default-masters { 10.53.0.1; }
in-memory yes;
zone "catalog-bad3.example"
default-masters { 10.53.0.1; }
in-memory yes;
zone "catalog-bad4.example"
default-masters { 10.53.0.1; }
in-memory yes;
};
# A faulty dlz configuration to check if named and catz survive a certain class
# of failed configuration attempts (see GL#3060).
# We use "dlz" because the dlz processing code is located in an ideal place in
# the view configuration function for the test to cover the view reverting code.
#T3 dlz "bad-dlz" {
#T3 database "dlopen bad-dlz.so example.org";
#T3 };
zone "dom-existing.example" {
type primary;
file "dom-existing.example.db";
};
zone "catalog1.example" {
type secondary;
file "catalog1.example.db";
primaries { 10.53.0.1; };
};
zone "catalog2.example" {
type secondary;
file "catalog2.example.db";
primaries { 10.53.0.3; };
};
zone "catalog3.example" {
type secondary;
file "catalog3.example.db";
primaries { 10.53.0.1; };
};
zone "catalog4.example" {
type secondary;
file "catalog4.example.db";
primaries { 10.53.0.1; };
};
# No "version" property
zone "catalog-bad1.example" {
type secondary;
file "catalog-bad1.example.db";
primaries { 10.53.0.1; };
};
# Unsupported "version" property
zone "catalog-bad2.example" {
type secondary;
file "catalog-bad2.example.db";
primaries { 10.53.0.1; };
};
# Two RRs in TXT RRset for the "version" property
zone "catalog-bad3.example" {
type secondary;
file "catalog-bad3.example.db";
primaries { 10.53.0.1; };
};
# Type A "version" property
zone "catalog-bad4.example" {
type secondary;
file "catalog-bad4.example.db";
primaries { 10.53.0.1; };
};
};
# A faulty dlz configuration to check if named and catz survive a certain class
# of failed configuration attempts (see GL#3060).
# We use "dlz" because the dlz processing code is located in an ideal place in
# the view configuration function for the test to cover the view reverting code.
#T3dlz "bad-dlz" {
#T3 database "dlopen bad-dlz.so example.org";
#T3};
view "ch" ch {
zone "dom-existing.example" {
type primary;
file "dom-existing.example.db";
};
catalog-zones {
zone "catalog-bad5.example"
default-masters { 10.53.0.1; }
in-memory yes;
};
zone "catalog1.example" {
type secondary;
file "catalog1.example.db";
primaries { 10.53.0.1; };
};
# Non-IN class catalog zone
zone "catalog-bad5.example" ch {
type secondary;
file "catalog-bad5.example.db";
primaries { 10.53.0.1; };
};
zone "catalog2.example" {
type secondary;
file "catalog2.example.db";
primaries { 10.53.0.3; };
};
zone "catalog3.example" {
type secondary;
file "catalog3.example.db";
primaries { 10.53.0.1; };
};
zone "catalog4.example" {
type secondary;
file "catalog4.example.db";
primaries { 10.53.0.1; };
};
key tsig_key. {

97
bin/tests/system/catz/ns2/named2.conf.in
View file

@ -28,37 +28,84 @@ options {
notify no;
recursion no;
serial-query-rate 100;
# removed catalog-zone option, otherwise this is
};
view "default" {
# Removed catalog-zone option, otherwise this is
# identical to named1.conf.in
zone "dom-existing.example" {
type primary;
file "dom-existing.example.db";
};
zone "catalog1.example" {
type secondary;
file "catalog1.example.db";
primaries { 10.53.0.1; };
};
zone "catalog2.example" {
type secondary;
file "catalog2.example.db";
primaries { 10.53.0.3; };
};
zone "catalog3.example" {
type secondary;
file "catalog3.example.db";
primaries { 10.53.0.1; };
};
zone "catalog4.example" {
type secondary;
file "catalog4.example.db";
primaries { 10.53.0.1; };
};
# No "version" property
zone "catalog-bad1.example" {
type secondary;
file "catalog-bad1.example.db";
primaries { 10.53.0.1; };
};
# Unsupported "version" property
zone "catalog-bad2.example" {
type secondary;
file "catalog-bad2.example.db";
primaries { 10.53.0.1; };
};
# Two RRs in TXT RRset for the "version" property
zone "catalog-bad3.example" {
type secondary;
file "catalog-bad3.example.db";
primaries { 10.53.0.1; };
};
# Type A "version" property
zone "catalog-bad4.example" {
type secondary;
file "catalog-bad4.example.db";
primaries { 10.53.0.1; };
};
};
zone "dom-existing.example" {
type primary;
file "dom-existing.example.db";
};
view "ch" ch {
zone "catalog1.example" {
type secondary;
file "catalog1.example.db";
primaries { 10.53.0.1; };
};
# Removed catalog-zone option, otherwise this is
# identical to named1.conf.in
zone "catalog2.example" {
type secondary;
file "catalog2.example.db";
primaries { 10.53.0.3; };
};
# Non-IN class catalog zone
zone "catalog-bad5.example" ch {
type secondary;
file "catalog-bad5.example.db";
primaries { 10.53.0.1; };
};
zone "catalog3.example" {
type secondary;
file "catalog3.example.db";
primaries { 10.53.0.1; };
};
zone "catalog4.example" {
type secondary;
file "catalog4.example.db";
primaries { 10.53.0.1; };
};
key tsig_key. {

223
bin/tests/system/catz/tests.sh
View file

@ -80,6 +80,54 @@ wait_for_no_zonefile() (
status=0
n=0
##########################################################################
n=$((n+1))
echo_i "checking that catalog-bad1.example (with no version) has failed to load ($n)"
ret=0
wait_for_message ns2/named.run "catz: zone 'catalog-bad1.example' has no 'version' record" &&
wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad1.example' is broken and will not be processed" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "checking that catalog-bad2.example (with unsupported version) has failed to load ($n)"
ret=0
wait_for_message ns2/named.run "catz: zone 'catalog-bad2.example' unsupported version '99'" &&
wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad2.example' is broken and will not be processed" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "checking that catalog-bad3.example (with two supported version records) has failed to load ($n)"
ret=0
wait_for_message ns2/named.run "catz: 'version' property TXT RRset contains more than one record, which is invalid" &&
wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.catalog-bad3.example IN TXT (failure) - ignoring" &&
wait_for_message ns2/named.run "catz: zone 'catalog-bad3.example' version is not set" &&
wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad3.example' is broken and will not be processed" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "checking that catalog-bad4.example (with only spurious type A version record) has failed to load ($n)"
ret=0
wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.catalog-bad4.example IN A (failure) - ignoring" &&
wait_for_message ns2/named.run "catz: zone 'catalog-bad4.example' version is not set" &&
wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad4.example' is broken and will not be processed" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "checking that catalog-bad5.example (non-IN class) has failed to load ($n)"
ret=0
wait_for_message ns2/named.run "'catalog-zones' option is only supported for views with class IN" &&
wait_for_message ns2/named.run "all zones loaded" || ret=1
grep -F "catz: dns_catz_add_zone catalog-bad5.example" ns2/named.run && ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
##########################################################################
echo_i "Testing adding/removing of domain in catalog zone"
n=$((n+1))
@ -99,7 +147,7 @@ echo "foo 3600 IN TXT some content here" >> ns1/dom1.example.db
echo "bar 3600 IN TXT some content here" >> ns1/dom1.example.db
echo "xxx 3600 IN TXT some content here" >> ns1/dom1.example.db
echo "yyy 3600 IN TXT some content here" >> ns1/dom1.example.db
rndccmd 10.53.0.1 addzone dom1.example. '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1
rndccmd 10.53.0.1 addzone dom1.example. in default '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -127,7 +175,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom1.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom1.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom1.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -141,10 +189,12 @@ status=$((status+ret))
n=$((n+1))
echo_i "checking that zone-directory is populated ($n)"
ret=0
wait_for_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1
wait_for_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
n=$((n+1))
echo_i "update dom1.example. ($n)"
ret=0
@ -172,10 +222,12 @@ status=$((status+ret))
n=$((n+1))
echo_i "check that journal was created for cleanup test ($n)"
ret=0
test -f ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl || ret=1
test -f ns2/zonedir/__catz__default_catalog1.example_dom1.example.db.jnl || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
n=$((n+1))
echo_i "update catalog zone serial ($n)"
ret=0
@ -202,6 +254,8 @@ retry_quiet 10 wait_for_soa_equal_20 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
n=$((n+1))
echo_i "update dom1.example. again ($n)"
ret=0
@ -240,7 +294,7 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -254,11 +308,13 @@ status=$((status+ret))
n=$((n+1))
echo_i "checking that zone-directory is emptied ($n)"
ret=0
wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1
wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl" || ret=1
wait_for_no_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db" || ret=1
wait_for_no_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db.jnl" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
##########################################################################
echo_i "Testing various simple operations on domains, including using multiple catalog zones and garbage in zone"
n=$((n+1))
@ -267,7 +323,7 @@ ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom2.example.db
echo "@ IN NS invalid." >> ns1/dom2.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom2.example.db
rndccmd 10.53.0.1 addzone dom2.example. '{type primary; file "dom2.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom2.example. in default '{type primary; file "dom2.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -286,7 +342,7 @@ echo_i "adding domain dom4.example. to primary via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom4.example.db
echo "@ IN NS invalid." >> ns1/dom4.example.db
rndccmd 10.53.0.1 addzone dom4.example. '{type primary; file "dom4.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom4.example. in default '{type primary; file "dom4.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -296,6 +352,7 @@ ret=0
$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update add 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example.
update add coo.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "catalog2.example."
update add b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example.
update add e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar.
update add trash.catalog1.example. 3600 IN A 1.2.3.4
@ -322,12 +379,13 @@ END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" &&
wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom4.example/IN/default' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -338,7 +396,6 @@ wait_for_soa @10.53.0.2 dom4.example. dig.out.test$n || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "checking that dom3.example. is not served by primary ($n)"
ret=0
@ -351,7 +408,7 @@ echo_i "adding a domain dom3.example. to primary via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom3.example.db
echo "@ IN NS invalid." >> ns1/dom3.example.db
rndccmd 10.53.0.1 addzone dom3.example. '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1
rndccmd 10.53.0.1 addzone dom3.example. in default '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -365,10 +422,8 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" &&
wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom2.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" &&
wait_for_message ns2/named.run "transfer of 'dom3.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -381,6 +436,43 @@ status=$((status+ret))
nextpart ns2/named.run >/dev/null
# The member zone's PTR RRset must have only one record in it.
# Check that adding a second record to the RRset is caught and such a
# catalog zone is not processed.
n=$((n+1))
echo_i "adding domain dom4-reused-label.example. to catalog2 zone, reusing a label ($n)"
ret=0
$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update add de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4-reused-label.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up, and checking that the reused label has been caught ($n)"
ret=0
wait_for_message ns2/named.run "de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example IN PTR (failure)" &&
wait_for_message ns2/named.run "catz: new catalog zone 'catalog2.example' is broken and will not be processed" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
n=$((n+1))
echo_i "deleting domain dom4-reused-label.example. from catalog2 zone ($n)"
ret=0
$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.3 ${PORT}
update delete de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4-reused-label.example.
send
END
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
nextpart ns2/named.run >/dev/null
n=$((n+1))
echo_i "adding domain dom2.example. to catalog2 zone to test change of ownership ($n)"
ret=0
@ -456,7 +548,7 @@ ret=0
wait_for_message ns2/named.run "catz: zone 'dom2.example' change of ownership from 'catalog1.example' to 'catalog2.example'" &&
wait_for_message ns2/named.run "catz: deleting zone 'dom2.example' from catalog 'catalog1.example' - success" &&
wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog2.example'" &&
wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom2.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -571,7 +663,7 @@ ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom-existing.example.db
echo "@ IN NS invalid." >> ns1/dom-existing.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom-existing.example.db
rndccmd 10.53.0.1 addzone dom-existing.example. '{type primary; file "dom-existing.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1
rndccmd 10.53.0.1 addzone dom-existing.example. in default '{type primary; file "dom-existing.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -615,6 +707,7 @@ ret=0
$NSUPDATE -d <<END >> nsupdate.out.test$n 2>&1 || ret=1
server 10.53.0.1 ${PORT}
update delete 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example.
update delete coo.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "catalog2.example."
update delete b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example.
update delete e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar.
update delete trash.catalog1.example. 3600 IN A 1.2.3.4
@ -663,7 +756,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom5.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom5.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom5.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -689,7 +782,7 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -720,7 +813,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom6.example/IN' from " > /dev/null || ret=1
wait_for_message ns2/named.run "transfer of 'dom6.example/IN/default' from " > /dev/null || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -747,7 +840,7 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -814,12 +907,12 @@ echo_i "adding domains dom7.example. and dom8.example. to primary via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom7.example.db
echo "@ IN NS invalid." >> ns1/dom7.example.db
rndccmd 10.53.0.1 addzone dom7.example. '{type primary; file "dom7.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom7.example. in default '{type primary; file "dom7.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom8.example.db
echo "@ IN NS invalid." >> ns1/dom8.example.db
rndccmd 10.53.0.1 addzone dom8.example. '{type primary; file "dom8.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom8.example. in default '{type primary; file "dom8.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -848,7 +941,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom7.example' from catalog 'catalog1.example'" > /dev/null &&
wait_for_message ns2/named.run "transfer of 'dom7.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom7.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -891,7 +984,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: update_from_db: new zone merged" &&
wait_for_message ns2/named.run "transfer of 'dom8.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom8.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -980,7 +1073,7 @@ echo_i "adding a domain dom9.example. to primary via RNDC, with transfers allowe
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom9.example.db
echo "@ IN NS invalid." >> ns1/dom9.example.db
rndccmd 10.53.0.1 addzone dom9.example. '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1
rndccmd 10.53.0.1 addzone dom9.example. in default '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1010,7 +1103,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom9.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom9.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1105,19 +1198,19 @@ do
case "$special" in
this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example)
hash=825f48b1ce1b4cf5a041d20255a0c8e98d114858
db=__catz__4d70696f2335687069467f11f5d5378c480383f97782e553fb2d04a7bb2a23ed.db
db=__catz__a35e0a044ff9f37436068e1e83e9b99fb9da51b0fe7b699bdb404f7755d68276.db
;;
this.zone/domain.has.a.slash.dom10.example)
hash=e64cc64c99bf52d0a77fb16dd7ed57cf925a36aa
db=__catz__46ba3e1b28d5955e5313d5fee61bedc78c71d08035aa7ea2f7bf0b8228ab3acc.db
db=__catz__765197c8050c794f4ec5bbf5dbdf64d0551459c08a91a4217768fcd16cd3b7ce.db
;;
this.zone\\\\domain.has.backslash.dom10.example)
hash=91e27e02153d38cf656a9b376d7747fbcd19f985
db=__catz__b667f7ff802c0895e0506699951cff9a1cab68c5ef8546aa0d07425f244ed870.db
db=__catz__0f2f3beaf2ef70e0086063ae28a69444cdf3847cb85e668bfe52c89f7f756b29.db
;;
this.zone:domain.has.a.colon.dom.10.example)
hash=8b7238bf4c34045834c573ba4116557ebb24d33c
db=__catz__5c721f7872913a4e7fa8ad42589cce5dd6e551a4c9e6ab3f86e77c0bbc7c2ca6.db
db=__catz__ba75ab860533508a62b0937c5c6b8537e4186e4d5e7685161287260d07418251.db
;;
esac
@ -1133,7 +1226,7 @@ do
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom10.example.db
echo "@ IN NS invalid." >> ns1/dom10.example.db
rndccmd 10.53.0.1 addzone '"'"${special}"'"' '{type primary; file "dom10.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone '"'"${special}"'"' in default '{type primary; file "dom10.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1161,7 +1254,7 @@ END
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone '$special' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of '$special/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of '$special/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1193,7 +1286,7 @@ END
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1227,7 +1320,7 @@ echo_i "Adding a domain dom11.example. to primary via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom11.example.db
echo "@ IN NS invalid." >> ns1/dom11.example.db
rndccmd 10.53.0.1 addzone dom11.example. '{type primary; file "dom11.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom11.example. in default '{type primary; file "dom11.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1255,7 +1348,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom11.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom11.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1278,7 +1371,7 @@ echo_i "Adding a domain subdomain.of.dom11.example. to primary via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/subdomain.of.dom11.example.db
echo "@ IN NS invalid." >> ns1/subdomain.of.dom11.example.db
rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. in default '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1306,7 +1399,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'subdomain.of.dom11.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1331,7 +1424,7 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1363,7 +1456,7 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1388,7 +1481,7 @@ echo_i "Adding a domain dom12.example. to primary via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom12.example.db
echo "@ IN NS invalid." >> ns1/dom12.example.db
rndccmd 10.53.0.1 addzone dom12.example. '{type primary; file "dom12.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom12.example. in default '{type primary; file "dom12.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1433,7 +1526,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom12.example' from catalog 'catalog4.example'" &&
wait_for_message ns2/named.run "transfer of 'dom12.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom12.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1501,7 +1594,7 @@ ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom13.example.db
echo "@ IN NS invalid." >> ns1/dom13.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom13.example.db
rndccmd 10.53.0.1 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom13.example. in default '{type primary; file "dom13.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1548,7 +1641,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom13.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom13.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom13.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1659,7 +1752,7 @@ ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom14.example.db
echo "@ IN NS invalid." >> ns1/dom14.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom14.example.db
rndccmd 10.53.0.1 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom14.example. in default '{type primary; file "dom14.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1692,14 +1785,14 @@ nextpart ns2/named.run >/dev/null
n=$((n+1))
echo_i "Adding domain dom14.example. with rndc with ns1 as primary ($n)"
ret=0
rndccmd 10.53.0.2 addzone dom14.example. '{type secondary; primaries {10.53.0.1;};};' || ret=1
rndccmd 10.53.0.2 addzone dom14.example. in default '{type secondary; primaries {10.53.0.1;};};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "transfer of 'dom14.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom14.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1783,7 +1876,7 @@ echo_i "Adding a domain dom15.example. to primary ns1 via RNDC ($n)"
ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom15.example.db
echo "@ IN NS invalid." >> ns1/dom15.example.db
rndccmd 10.53.0.1 addzone dom15.example. '{type primary; file "dom15.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom15.example. in default '{type primary; file "dom15.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1865,7 +1958,7 @@ ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom16.example.db
echo "@ IN NS invalid." >> ns1/dom16.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom16.example.db
rndccmd 10.53.0.1 addzone dom16.example. '{type primary; file "dom16.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom16.example. in default '{type primary; file "dom16.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1894,7 +1987,7 @@ n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom16.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1912,7 +2005,7 @@ nextpart ns2/named.run >/dev/null
echo_i "Deleting dom16.example. from secondary ns2 via RNDC ($n)"
ret=0
rndccmd 10.53.0.2 delzone dom16.example. >/dev/null 2>&1 || ret=1
rndccmd 10.53.0.2 delzone dom16.example. in default >/dev/null 2>&1 || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -1996,13 +2089,13 @@ ret=0
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom17.example.db
echo "@ IN NS invalid." >> ns1/dom17.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom17.example.db
rndccmd 10.53.0.1 addzone dom17.example. '{type primary; file "dom17.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom17.example. in default '{type primary; file "dom17.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom18.example.db
echo "@ IN NS invalid." >> ns1/dom18.example.db
echo "@ IN A 192.0.2.1" >> ns1/dom18.example.db
rndccmd 10.53.0.1 addzone dom18.example. '{type primary; file "dom18.example.db";};' || ret=1
rndccmd 10.53.0.1 addzone dom18.example. in default '{type primary; file "dom18.example.db";};' || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -2083,11 +2176,11 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: unknown record in catalog zone - primaries.dom17.zones.catalog1.example IN A(failure) - ignoring" &&
wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.dom17.zones.catalog1.example IN A (failure) - ignoring" &&
wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog1.example'" &&
wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" &&
wait_for_message ns2/named.run "transfer of 'dom18.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom17.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" &&
wait_for_message ns2/named.run "transfer of 'dom18.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -2136,8 +2229,8 @@ echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: deleting zone 'dom17.example' from catalog 'catalog1.example' - success" &&
wait_for_message ns2/named.run "catz: deleting zone 'dom18.example' from catalog 'catalog1.example' - success" &&
wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN: shutting down" &&
wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN/default: shutting down" &&
wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -2174,11 +2267,11 @@ status=$((status+ret))
n=$((n+1))
echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: unknown record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A(failure) - ignoring" &&
wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A (failure) - ignoring" &&
wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog2.example'" &&
wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog2.example'" &&
wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" &&
wait_for_message ns2/named.run "transfer of 'dom18.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1
wait_for_message ns2/named.run "transfer of 'dom17.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" &&
wait_for_message ns2/named.run "transfer of 'dom18.example/IN/default' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
@ -2227,8 +2320,8 @@ echo_i "waiting for secondary to sync up ($n)"
ret=0
wait_for_message ns2/named.run "catz: deleting zone 'dom17.example' from catalog 'catalog2.example' - success" &&
wait_for_message ns2/named.run "catz: deleting zone 'dom18.example' from catalog 'catalog2.example' - success" &&
wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN: shutting down" &&
wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN: shutting down" || ret=1
wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN/default: shutting down" &&
wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN/default: shutting down" || ret=1
if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))

119
lib/dns/catz.c
View file

@ -94,6 +94,7 @@ struct dns_catz_zone {
bool active;
bool db_registered;
bool broken;
isc_refcount_t refs;
};
@ -1033,10 +1034,6 @@ catz_process_zones(dns_catz_zone_t *zone, dns_rdataset_t *value,
REQUIRE(DNS_RDATASET_VALID(value));
REQUIRE(ISC_MAGIC_VALID(name, DNS_NAME_MAGIC));
if (value->rdclass != dns_rdataclass_in) {
return (ISC_R_FAILURE);
}
if (name->labels == 0) {
return (ISC_R_FAILURE);
}
@ -1072,8 +1069,16 @@ catz_process_coo(dns_catz_zone_t *zone, dns_label_t *mhash,
return (ISC_R_FAILURE);
}
if (value->rdclass != dns_rdataclass_in ||
value->type != dns_rdatatype_ptr) {
if (value->type != dns_rdatatype_ptr) {
return (ISC_R_FAILURE);
}
if (dns_rdataset_count(value) != 1) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
"catz: 'coo' property PTR RRset contains "
"more than one record, which is invalid");
zone->broken = true;
return (ISC_R_FAILURE);
}
@ -1135,24 +1140,31 @@ catz_process_zones_entry(dns_catz_zone_t *zone, dns_rdataset_t *value,
dns_rdata_ptr_t ptr;
dns_catz_entry_t *entry = NULL;
/*
* We only take -first- value, as mhash must be
* different.
*/
if (value->type != dns_rdatatype_ptr) {
return (ISC_R_FAILURE);
}
if (dns_rdataset_count(value) != 1) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
"catz: member zone PTR RRset contains "
"more than one record, which is invalid");
zone->broken = true;
return (ISC_R_FAILURE);
}
result = dns_rdataset_first(value);
if (result != ISC_R_SUCCESS) {
return (ISC_R_FAILURE);
return (result);
}
dns_rdata_init(&rdata);
dns_rdataset_current(value, &rdata);
result = dns_rdata_tostruct(&rdata, &ptr, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS) {
return (result);
}
result = isc_ht_find(zone->entries, mhash->base, mhash->length,
(void **)&entry);
@ -1193,8 +1205,16 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) {
REQUIRE(DNS_CATZ_ZONE_VALID(zone));
REQUIRE(DNS_RDATASET_VALID(value));
if (value->rdclass != dns_rdataclass_in ||
value->type != dns_rdatatype_txt) {
if (value->type != dns_rdatatype_txt) {
return (ISC_R_FAILURE);
}
if (dns_rdataset_count(value) != 1) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
"catz: 'version' property TXT RRset contains "
"more than one record, which is invalid");
zone->broken = true;
return (ISC_R_FAILURE);
}
@ -1207,7 +1227,9 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) {
dns_rdataset_current(value, &rdata);
result = dns_rdata_tostruct(&rdata, &rdatatxt, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS) {
return (result);
}
result = dns_rdata_txt_first(&rdatatxt);
if (result != ISC_R_SUCCESS) {
@ -1239,6 +1261,13 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) {
cleanup:
dns_rdata_freestruct(&rdatatxt);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
"catz: invalid record for the catalog "
"zone version property");
zone->broken = true;
}
return (result);
}
@ -1275,10 +1304,6 @@ catz_process_primaries(dns_catz_zone_t *zone, dns_ipkeylist_t *ipkl,
* - label and IN A/IN AAAA
* - label and IN TXT - TSIG key name
*/
if (value->rdclass != dns_rdataclass_in) {
return (ISC_R_FAILURE);
}
if (name->labels > 0) {
isc_sockaddr_t sockaddr;
size_t i;
@ -1442,8 +1467,7 @@ catz_process_apl(dns_catz_zone_t *zone, isc_buffer_t **aclbp,
REQUIRE(DNS_RDATASET_VALID(value));
REQUIRE(dns_rdataset_isassociated(value));
if (value->rdclass != dns_rdataclass_in ||
value->type != dns_rdatatype_apl) {
if (value->type != dns_rdatatype_apl) {
return (ISC_R_FAILURE);
}
@ -1682,6 +1706,14 @@ dns_catz_update_process(dns_catz_zones_t *catzs, dns_catz_zone_t *zone,
REQUIRE(DNS_CATZ_ZONE_VALID(zone));
REQUIRE(ISC_MAGIC_VALID(src_name, DNS_NAME_MAGIC));
if (rdataset->rdclass != dns_rdataclass_in) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_ERROR,
"catz: RR found which has a non-IN class");
zone->broken = true;
return (ISC_R_FAILURE);
}
nrres = dns_name_fullcompare(src_name, &zone->name, &order, &nlabels);
if (nrres == dns_namereln_equal) {
if (rdataset->type == dns_rdatatype_soa) {
@ -2059,8 +2091,10 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
dns_rdatasetiter_t *rdsiter = NULL;
dns_rdataset_t rdataset;
char bname[DNS_NAME_FORMATSIZE];
char cname[DNS_NAME_FORMATSIZE];
bool is_vers_processed = false;
uint32_t vers;
uint32_t catz_vers;
REQUIRE(DNS_DB_VALID(db));
REQUIRE(DNS_CATZ_ZONES_VALID(catzs));
@ -2137,13 +2171,13 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
result = dns_dbiterator_seek(it, name);
if (result != ISC_R_SUCCESS) {
dns_dbiterator_destroy(&it);
dns_catz_zone_detach(&newzone);
dns_db_closeversion(db, &oldzone->dbversion, false);
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_ERROR,
"catz: zone '%s' has no 'version' record (%s)",
bname, isc_result_totext(result));
return;
newzone->broken = true;
goto final;
}
name = dns_fixedname_initname(&fixname);
@ -2189,7 +2223,6 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
result = dns_catz_update_process(catzs, newzone, name,
&rdataset);
if (result != ISC_R_SUCCESS) {
char cname[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
@ -2203,8 +2236,8 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER,
ISC_LOG_WARNING,
"catz: unknown record in catalog "
"zone - %s %s %s(%s) - ignoring",
"catz: invalid record in catalog "
"zone - %s %s %s (%s) - ignoring",
cname, classbuf, typebuf,
isc_result_totext(result));
}
@ -2230,6 +2263,40 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) {
ISC_LOG_DEBUG(3),
"catz: update_from_db: iteration finished");
/*
* Check catalog zone version compatibilites.
*/
catz_vers = (newzone->version == DNS_CATZ_VERSION_UNDEFINED)
? oldzone->version
: newzone->version;
if (catz_vers == DNS_CATZ_VERSION_UNDEFINED) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
"catz: zone '%s' version is not set", bname);
newzone->broken = true;
} else if (catz_vers != 1 && catz_vers != 2) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_WARNING,
"catz: zone '%s' unsupported version "
"'%" PRIu32 "'",
bname, catz_vers);
newzone->broken = true;
} else {
oldzone->version = catz_vers;
}
final:
if (newzone->broken) {
dns_name_format(name, cname, DNS_NAME_FORMATSIZE);
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_MASTER, ISC_LOG_ERROR,
"catz: new catalog zone '%s' is broken and "
"will not be processed",
bname);
dns_catz_zone_detach(&newzone);
return;
}
/*
* Finally merge new zone into old zone.
*/