From 6539f73e3a3b484c19c34ff3543be370bccd64c1 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Thu, 17 Mar 2022 14:43:18 +0000 Subject: [PATCH 1/6] Introduce the concept of broken catalog zones The DNS catalog zones draft version 5 document describes various situations when a catalog zones must be considered as "broken" and not be processed. Implement those checks in catz.c and add corresponding system tests. (cherry picked from commit a8228d5f190d556ba6a3e25cc523ba936fbfe957) --- bin/tests/system/catz/clean.sh | 1 + .../system/catz/ns1/catalog-bad1.example.db | 13 +++ .../system/catz/ns1/catalog-bad2.example.db | 14 +++ .../system/catz/ns1/catalog-bad3.example.db | 15 +++ bin/tests/system/catz/ns1/named.conf.in | 30 +++++ bin/tests/system/catz/ns2/named1.conf.in | 27 +++++ bin/tests/system/catz/ns2/named2.conf.in | 18 +++ bin/tests/system/catz/tests.sh | 87 ++++++++++++++- lib/dns/catz.c | 105 +++++++++++++++--- 9 files changed, 291 insertions(+), 19 deletions(-) create mode 100644 bin/tests/system/catz/ns1/catalog-bad1.example.db create mode 100644 bin/tests/system/catz/ns1/catalog-bad2.example.db create mode 100644 bin/tests/system/catz/ns1/catalog-bad3.example.db diff --git a/bin/tests/system/catz/clean.sh b/bin/tests/system/catz/clean.sh index 783ed4e763..e293e7dc0c 100644 --- a/bin/tests/system/catz/clean.sh +++ b/bin/tests/system/catz/clean.sh @@ -19,6 +19,7 @@ rm -f ns*/named.run rm -f ns*/named.run.prev rm -f ns1/*dom*example.db rm -f ns2/__catz__*db +rm -f ns2/catalog-bad*.db rm -f ns2/named.conf.tmp rm -f ns3/dom2.example.db ns3/dom13.example.db ns3/dom14.example.db ns3/dom17.example.db ns3/dom18.example.db rm -f nsupdate.out.* diff --git a/bin/tests/system/catz/ns1/catalog-bad1.example.db b/bin/tests/system/catz/ns1/catalog-bad1.example.db new file mode 100644 index 0000000000..b8402de301 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad1.example.db @@ -0,0 +1,13 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. diff --git a/bin/tests/system/catz/ns1/catalog-bad2.example.db b/bin/tests/system/catz/ns1/catalog-bad2.example.db new file mode 100644 index 0000000000..06b9121f13 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad2.example.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN TXT "99" diff --git a/bin/tests/system/catz/ns1/catalog-bad3.example.db b/bin/tests/system/catz/ns1/catalog-bad3.example.db new file mode 100644 index 0000000000..0116697de3 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad3.example.db @@ -0,0 +1,15 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN TXT "1" +version IN TXT "2" diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in index 5a46d3984f..5cf799f1c6 100644 --- a/bin/tests/system/catz/ns1/named.conf.in +++ b/bin/tests/system/catz/ns1/named.conf.in @@ -61,6 +61,36 @@ zone "catalog4.example" { /* catalog5 is missing on purpose */ +# No "version" property +zone "catalog-bad1.example" { + type primary; + file "catalog-bad1.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; +}; + +# Unsupported "version" property +zone "catalog-bad2.example" { + type primary; + file "catalog-bad2.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; +}; + +# Two RRs in TXT RRset for the "version" property +zone "catalog-bad3.example" { + type primary; + file "catalog-bad3.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; +}; + key tsig_key. { secret "LSAnCU+Z"; algorithm hmac-md5; diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in index ed7f87943b..8ff6f687a0 100644 --- a/bin/tests/system/catz/ns2/named1.conf.in +++ b/bin/tests/system/catz/ns2/named1.conf.in @@ -43,6 +43,15 @@ options { #T1 default-masters { 10.53.0.1; }; #T2 zone "catalog5.example" #T2 default-primaries { 10.53.0.1; }; + zone "catalog-bad1.example" + default-masters { 10.53.0.1; } + in-memory yes; + zone "catalog-bad2.example" + default-masters { 10.53.0.1; } + in-memory yes; + zone "catalog-bad3.example" + default-masters { 10.53.0.1; } + in-memory yes; }; }; @@ -83,6 +92,24 @@ zone "catalog4.example" { primaries { 10.53.0.1; }; }; +zone "catalog-bad1.example" { + type secondary; + file "catalog-bad1.example.db"; + primaries { 10.53.0.1; }; +}; + +zone "catalog-bad2.example" { + type secondary; + file "catalog-bad2.example.db"; + primaries { 10.53.0.1; }; +}; + +zone "catalog-bad3.example" { + type secondary; + file "catalog-bad3.example.db"; + primaries { 10.53.0.1; }; +}; + key tsig_key. { secret "LSAnCU+Z"; algorithm hmac-md5; diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in index 12884c6797..787d62b510 100644 --- a/bin/tests/system/catz/ns2/named2.conf.in +++ b/bin/tests/system/catz/ns2/named2.conf.in @@ -61,6 +61,24 @@ zone "catalog4.example" { primaries { 10.53.0.1; }; }; +zone "catalog-bad1.example" { + type secondary; + file "catalog-bad1.example.db"; + primaries { 10.53.0.1; }; +}; + +zone "catalog-bad2.example" { + type secondary; + file "catalog-bad2.example.db"; + primaries { 10.53.0.1; }; +}; + +zone "catalog-bad3.example" { + type secondary; + file "catalog-bad3.example.db"; + primaries { 10.53.0.1; }; +}; + key tsig_key. { secret "LSAnCU+Z"; algorithm hmac-md5; diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 6785dd84e9..807fb14bc0 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -80,6 +80,36 @@ wait_for_no_zonefile() ( status=0 n=0 + +########################################################################## +n=$((n+1)) +echo_i "checking that catalog-bad1.example (with no version) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: zone 'catalog-bad1.example' has no 'version' record" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad1.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that catalog-bad2.example (with unsupported version) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: zone 'catalog-bad2.example' unsupported version '99'" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad2.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "checking that catalog-bad3.example (with two supported version records) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: 'version' property TXT RRset contains more than one record, which is invalid" && +wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.catalog-bad3.example IN TXT (failure) - ignoring" && +wait_for_message ns2/named.run "catz: zone 'catalog-bad3.example' version is not set" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad3.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns2/named.run >/dev/null + ########################################################################## echo_i "Testing adding/removing of domain in catalog zone" n=$((n+1)) @@ -145,6 +175,8 @@ wait_for_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "update dom1.example. ($n)" ret=0 @@ -176,6 +208,8 @@ test -f ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl || ret if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "update catalog zone serial ($n)" ret=0 @@ -202,6 +236,8 @@ retry_quiet 10 wait_for_soa_equal_20 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "update dom1.example. again ($n)" ret=0 @@ -259,6 +295,8 @@ wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +nextpart ns2/named.run >/dev/null + ########################################################################## echo_i "Testing various simple operations on domains, including using multiple catalog zones and garbage in zone" n=$((n+1)) @@ -296,6 +334,7 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update add 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. + update add coo.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "catalog2.example." update add b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. update add e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar. update add trash.catalog1.example. 3600 IN A 1.2.3.4 @@ -322,10 +361,11 @@ END if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) - n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 +wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" && +wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" && wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -338,7 +378,6 @@ wait_for_soa @10.53.0.2 dom4.example. dig.out.test$n || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) - n=$((n+1)) echo_i "checking that dom3.example. is not served by primary ($n)" ret=0 @@ -365,8 +404,6 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi @@ -381,6 +418,43 @@ status=$((status+ret)) nextpart ns2/named.run >/dev/null +# The member zone's PTR RRset must have only one record in it. +# Check that adding a second record to the RRset is caught and such a +# catalog zone is not processed. +n=$((n+1)) +echo_i "adding domain dom4-reused-label.example. to catalog2 zone, reusing a label ($n)" +ret=0 +$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 + server 10.53.0.3 ${PORT} + update add de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4-reused-label.example. + send +END +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +n=$((n+1)) +echo_i "waiting for secondary to sync up, and checking that the reused label has been caught ($n)" +ret=0 +wait_for_message ns2/named.run "de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example IN PTR (failure)" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog2.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns2/named.run >/dev/null + +n=$((n+1)) +echo_i "deleting domain dom4-reused-label.example. from catalog2 zone ($n)" +ret=0 +$NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 + server 10.53.0.3 ${PORT} + update delete de26b88d855397a03f77ff1162fd055d8b419584.zones.catalog2.example. 3600 IN PTR dom4-reused-label.example. + send +END +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +nextpart ns2/named.run >/dev/null + n=$((n+1)) echo_i "adding domain dom2.example. to catalog2 zone to test change of ownership ($n)" ret=0 @@ -615,6 +689,7 @@ ret=0 $NSUPDATE -d <> nsupdate.out.test$n 2>&1 || ret=1 server 10.53.0.1 ${PORT} update delete 636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN PTR dom2.example. + update delete coo.636722929740e507aaf27c502812fc395d30fb17.zones.catalog1.example. 3600 IN TXT "catalog2.example." update delete b901f492f3ebf6c1e5b597e51766f02f0479eb03.zones.catalog1.example. 3600 IN PTR dom3.example. update delete e721433b6160b450260d4f54b3ec8bab30cb3b83.zones.catalog1.example. 3600 IN NS foo.bar. update delete trash.catalog1.example. 3600 IN A 1.2.3.4 @@ -2083,7 +2158,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "catz: unknown record in catalog zone - primaries.dom17.zones.catalog1.example IN A(failure) - ignoring" && +wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.dom17.zones.catalog1.example IN A (failure) - ignoring" && wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && @@ -2174,7 +2249,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "catz: unknown record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A(failure) - ignoring" && +wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A (failure) - ignoring" && wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog2.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog2.example'" && wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" && diff --git a/lib/dns/catz.c b/lib/dns/catz.c index b8b28efb76..3b55a552ce 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -94,6 +94,7 @@ struct dns_catz_zone { bool active; bool db_registered; + bool broken; isc_refcount_t refs; }; @@ -1077,6 +1078,15 @@ catz_process_coo(dns_catz_zone_t *zone, dns_label_t *mhash, return (ISC_R_FAILURE); } + if (dns_rdataset_count(value) != 1) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: 'coo' property PTR RRset contains " + "more than one record, which is invalid"); + zone->broken = true; + return (ISC_R_FAILURE); + } + result = dns_rdataset_first(value); if (result != ISC_R_SUCCESS) { return (result); @@ -1135,24 +1145,32 @@ catz_process_zones_entry(dns_catz_zone_t *zone, dns_rdataset_t *value, dns_rdata_ptr_t ptr; dns_catz_entry_t *entry = NULL; - /* - * We only take -first- value, as mhash must be - * different. - */ - if (value->type != dns_rdatatype_ptr) { + if (value->rdclass != dns_rdataclass_in || + value->type != dns_rdatatype_ptr) { + return (ISC_R_FAILURE); + } + + if (dns_rdataset_count(value) != 1) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: member zone PTR RRset contains " + "more than one record, which is invalid"); + zone->broken = true; return (ISC_R_FAILURE); } result = dns_rdataset_first(value); if (result != ISC_R_SUCCESS) { - return (ISC_R_FAILURE); + return (result); } dns_rdata_init(&rdata); dns_rdataset_current(value, &rdata); result = dns_rdata_tostruct(&rdata, &ptr, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) { + return (result); + } result = isc_ht_find(zone->entries, mhash->base, mhash->length, (void **)&entry); @@ -1198,6 +1216,15 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { return (ISC_R_FAILURE); } + if (dns_rdataset_count(value) != 1) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: 'version' property TXT RRset contains " + "more than one record, which is invalid"); + zone->broken = true; + return (ISC_R_FAILURE); + } + result = dns_rdataset_first(value); if (result != ISC_R_SUCCESS) { return (result); @@ -1207,7 +1234,9 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { dns_rdataset_current(value, &rdata); result = dns_rdata_tostruct(&rdata, &rdatatxt, NULL); - RUNTIME_CHECK(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) { + return (result); + } result = dns_rdata_txt_first(&rdatatxt); if (result != ISC_R_SUCCESS) { @@ -1239,6 +1268,13 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { cleanup: dns_rdata_freestruct(&rdatatxt); + if (result != ISC_R_SUCCESS) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: invalid record for the catalog " + "zone version property"); + zone->broken = true; + } return (result); } @@ -1682,6 +1718,14 @@ dns_catz_update_process(dns_catz_zones_t *catzs, dns_catz_zone_t *zone, REQUIRE(DNS_CATZ_ZONE_VALID(zone)); REQUIRE(ISC_MAGIC_VALID(src_name, DNS_NAME_MAGIC)); + if (rdataset->rdclass != dns_rdataclass_in) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, + "catz: RR found which has a non-IN class"); + zone->broken = true; + return (ISC_R_FAILURE); + } + nrres = dns_name_fullcompare(src_name, &zone->name, &order, &nlabels); if (nrres == dns_namereln_equal) { if (rdataset->type == dns_rdatatype_soa) { @@ -2059,8 +2103,10 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { dns_rdatasetiter_t *rdsiter = NULL; dns_rdataset_t rdataset; char bname[DNS_NAME_FORMATSIZE]; + char cname[DNS_NAME_FORMATSIZE]; bool is_vers_processed = false; uint32_t vers; + uint32_t catz_vers; REQUIRE(DNS_DB_VALID(db)); REQUIRE(DNS_CATZ_ZONES_VALID(catzs)); @@ -2137,13 +2183,13 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { result = dns_dbiterator_seek(it, name); if (result != ISC_R_SUCCESS) { dns_dbiterator_destroy(&it); - dns_catz_zone_detach(&newzone); dns_db_closeversion(db, &oldzone->dbversion, false); isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, "catz: zone '%s' has no 'version' record (%s)", bname, isc_result_totext(result)); - return; + newzone->broken = true; + goto final; } name = dns_fixedname_initname(&fixname); @@ -2189,7 +2235,6 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { result = dns_catz_update_process(catzs, newzone, name, &rdataset); if (result != ISC_R_SUCCESS) { - char cname[DNS_NAME_FORMATSIZE]; char typebuf[DNS_RDATATYPE_FORMATSIZE]; char classbuf[DNS_RDATACLASS_FORMATSIZE]; @@ -2203,8 +2248,8 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, - "catz: unknown record in catalog " - "zone - %s %s %s(%s) - ignoring", + "catz: invalid record in catalog " + "zone - %s %s %s (%s) - ignoring", cname, classbuf, typebuf, isc_result_totext(result)); } @@ -2230,6 +2275,40 @@ dns_catz_update_from_db(dns_db_t *db, dns_catz_zones_t *catzs) { ISC_LOG_DEBUG(3), "catz: update_from_db: iteration finished"); + /* + * Check catalog zone version compatibilites. + */ + catz_vers = (newzone->version == DNS_CATZ_VERSION_UNDEFINED) + ? oldzone->version + : newzone->version; + if (catz_vers == DNS_CATZ_VERSION_UNDEFINED) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: zone '%s' version is not set", bname); + newzone->broken = true; + } else if (catz_vers != 1 && catz_vers != 2) { + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_WARNING, + "catz: zone '%s' unsupported version " + "'%" PRIu32 "'", + bname, catz_vers); + newzone->broken = true; + } else { + oldzone->version = catz_vers; + } + +final: + if (newzone->broken) { + dns_name_format(name, cname, DNS_NAME_FORMATSIZE); + isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, + DNS_LOGMODULE_MASTER, ISC_LOG_ERROR, + "catz: new catalog zone '%s' is broken and " + "will not be processed", + bname); + dns_catz_zone_detach(&newzone); + return; + } + /* * Finally merge new zone into old zone. */ From f0bb090afe47cc3fdffd2c33adfc9ef778d60c51 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 23 Mar 2022 11:01:34 +0000 Subject: [PATCH 2/6] Add CHANGES note for [GL #3224] (cherry picked from commit 92d1e1e3471e633f2c25542d92df8dd4c14e62f5) --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 14dd41efe8..7f2da683a2 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5877. [func] Introduce the concept of broken catalog zones described + in the DNS catalog zones draft version 5 document. + [GL #3224] + 5876. [func] Add DNS Extended Errors when stale answers are returned from cache. [GL #2267] From 951d5825934697cb0a5e296dd9618b3a5c616c96 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 13 Apr 2022 13:56:37 +0000 Subject: [PATCH 3/6] Add a new warning message when processing view configuration When parsing the configuration file, log a warning message in configure_view() function when encountering a `catalog-zones` option in a view with non-IN rdata class. (cherry picked from commit dfd5a01eba909d57eef5e3478812c6f9255280e1) --- bin/named/server.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/bin/named/server.c b/bin/named/server.c index bcc34730e8..69c730f529 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4140,6 +4140,15 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, rpz_configured = true; } + obj = NULL; + if (view->rdclass != dns_rdataclass_in && need_hints && + named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS) + { + cfg_obj_log(obj, named_g_lctx, ISC_LOG_WARNING, + "'catalog-zones' option is only supported " + "for views with class IN"); + } + obj = NULL; if (view->rdclass == dns_rdataclass_in && need_hints && named_config_get(maps, "catalog-zones", &obj) == ISC_R_SUCCESS) From 7dc8b2f79bb5099db9f8c49d9b2176dcc92e777b Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Wed, 13 Apr 2022 14:06:00 +0000 Subject: [PATCH 4/6] Add a system test to check catalog zones with non-IN rdata class fail According to DNS catalog zones draft version 5 document, the CLASS field of every RR in a catalog zone MUST be IN. Add a new check in the catz system test to verify that a non-IN class catalog zone (in this case CH) fails to load. BIND does not support having a non-IN class RR in an IN class zone, or non-IN class zone in an IN class view, so to verify that BIND respects the mentioned restriction we must try to add a non-IN class catalog zone and check that it didn't succeed. The `named` configuration files had to be restructured to put all the zones inside views, which also resulted in some corresponding changes in the tests.sh script. (cherry picked from commit 247ae534a0868fcadb1b241407ba91b54191891f) --- bin/tests/system/catz/clean.sh | 1 + .../system/catz/ns1/catalog-bad5.example.db | 14 ++ bin/tests/system/catz/ns1/named.conf.in | 126 +++++++++-------- bin/tests/system/catz/ns2/named1.conf.in | 127 +++++++++++------- bin/tests/system/catz/ns2/named2.conf.in | 108 ++++++++------- bin/tests/system/catz/tests.sh | 127 ++++++++++-------- 6 files changed, 296 insertions(+), 207 deletions(-) create mode 100644 bin/tests/system/catz/ns1/catalog-bad5.example.db diff --git a/bin/tests/system/catz/clean.sh b/bin/tests/system/catz/clean.sh index e293e7dc0c..fc4765c8b1 100644 --- a/bin/tests/system/catz/clean.sh +++ b/bin/tests/system/catz/clean.sh @@ -12,6 +12,7 @@ rm -f dig.out.* rm -f ns*/*.jnl rm -f ns*/*.nzf +rm -f ns*/*.mkeys rm -f ns*/named.lock rm -f ns*/named.memstats rm -f ns*/named.conf diff --git a/bin/tests/system/catz/ns1/catalog-bad5.example.db b/bin/tests/system/catz/ns1/catalog-bad5.example.db new file mode 100644 index 0000000000..b014d0a2d2 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad5.example.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 CH NS invalid. +version CH TXT "2" diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in index 5cf799f1c6..5bfac4694f 100644 --- a/bin/tests/system/catz/ns1/named.conf.in +++ b/bin/tests/system/catz/ns1/named.conf.in @@ -32,63 +32,83 @@ options { allow-transfer { any; }; }; -zone "catalog1.example" { - type primary; - file "catalog1.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; +view "default" { + + zone "catalog1.example" { + type primary; + file "catalog1.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + /* catalog2 is provided by the ns3 primary */ + + zone "catalog3.example" { + type primary; + file "catalog3.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + zone "catalog4.example" { + type primary; + file "catalog4.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + /* catalog5 is missing on purpose */ + + # No "version" property + zone "catalog-bad1.example" { + type primary; + file "catalog-bad1.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + # Unsupported "version" property + zone "catalog-bad2.example" { + type primary; + file "catalog-bad2.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + + # Two RRs in TXT RRset for the "version" property + zone "catalog-bad3.example" { + type primary; + file "catalog-bad3.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + }; -zone "catalog3.example" { - type primary; - file "catalog3.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; -}; +view "ch" ch { -zone "catalog4.example" { - type primary; - file "catalog4.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; -}; + # Non-IN class catalog zone + zone "catalog-bad5.example" ch { + type primary; + file "catalog-bad5.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; -/* catalog5 is missing on purpose */ - -# No "version" property -zone "catalog-bad1.example" { - type primary; - file "catalog-bad1.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; -}; - -# Unsupported "version" property -zone "catalog-bad2.example" { - type primary; - file "catalog-bad2.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; -}; - -# Two RRs in TXT RRset for the "version" property -zone "catalog-bad3.example" { - type primary; - file "catalog-bad3.example.db"; - allow-transfer { any; }; - allow-update { any; }; - also-notify { 10.53.0.2; }; - notify explicit; }; key tsig_key. { diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in index 8ff6f687a0..961b4c5712 100644 --- a/bin/tests/system/catz/ns2/named1.conf.in +++ b/bin/tests/system/catz/ns2/named1.conf.in @@ -28,6 +28,16 @@ options { notify no; recursion no; serial-query-rate 100; +}; + +/* + * The comment lines starting with "#Tn" markers below are designed to be + * uncommented by "tests.sh" when running the tests to perform some of required + * tests which need ns2 reconfgiuration. + */ + +view "default" { + catalog-zones { zone "catalog1.example" default-masters { 10.53.0.1; } @@ -53,61 +63,78 @@ options { default-masters { 10.53.0.1; } in-memory yes; }; + + # A faulty dlz configuration to check if named and catz survive a certain class + # of failed configuration attempts (see GL#3060). + # We use "dlz" because the dlz processing code is located in an ideal place in + # the view configuration function for the test to cover the view reverting code. +#T3 dlz "bad-dlz" { +#T3 database "dlopen bad-dlz.so example.org"; +#T3 }; + + zone "dom-existing.example" { + type primary; + file "dom-existing.example.db"; + }; + + zone "catalog1.example" { + type secondary; + file "catalog1.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog2.example" { + type secondary; + file "catalog2.example.db"; + primaries { 10.53.0.3; }; + }; + + zone "catalog3.example" { + type secondary; + file "catalog3.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog4.example" { + type secondary; + file "catalog4.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog-bad1.example" { + type secondary; + file "catalog-bad1.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog-bad2.example" { + type secondary; + file "catalog-bad2.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog-bad3.example" { + type secondary; + file "catalog-bad3.example.db"; + primaries { 10.53.0.1; }; + }; + }; -# A faulty dlz configuration to check if named and catz survive a certain class -# of failed configuration attempts (see GL#3060). -# We use "dlz" because the dlz processing code is located in an ideal place in -# the view configuration function for the test to cover the view reverting code. -#T3dlz "bad-dlz" { -#T3 database "dlopen bad-dlz.so example.org"; -#T3}; +view "ch" ch { -zone "dom-existing.example" { - type primary; - file "dom-existing.example.db"; -}; + catalog-zones { + zone "catalog-bad5.example" + default-masters { 10.53.0.1; } + in-memory yes; + }; -zone "catalog1.example" { - type secondary; - file "catalog1.example.db"; - primaries { 10.53.0.1; }; -}; + zone "catalog-bad5.example" ch { + type secondary; + file "catalog-bad5.example.db"; + primaries { 10.53.0.1; }; + }; -zone "catalog2.example" { - type secondary; - file "catalog2.example.db"; - primaries { 10.53.0.3; }; -}; - -zone "catalog3.example" { - type secondary; - file "catalog3.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog4.example" { - type secondary; - file "catalog4.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog-bad1.example" { - type secondary; - file "catalog-bad1.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog-bad2.example" { - type secondary; - file "catalog-bad2.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog-bad3.example" { - type secondary; - file "catalog-bad3.example.db"; - primaries { 10.53.0.1; }; }; key tsig_key. { diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in index 787d62b510..927aa04810 100644 --- a/bin/tests/system/catz/ns2/named2.conf.in +++ b/bin/tests/system/catz/ns2/named2.conf.in @@ -28,55 +28,73 @@ options { notify no; recursion no; serial-query-rate 100; +}; + +view "default" { + + # Removed catalog-zone option, otherwise this is + # identical to named1.conf.in + + zone "dom-existing.example" { + type primary; + file "dom-existing.example.db"; + }; + + zone "catalog1.example" { + type secondary; + file "catalog1.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog2.example" { + type secondary; + file "catalog2.example.db"; + primaries { 10.53.0.3; }; + }; + + zone "catalog3.example" { + type secondary; + file "catalog3.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog4.example" { + type secondary; + file "catalog4.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog-bad1.example" { + type secondary; + file "catalog-bad1.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog-bad2.example" { + type secondary; + file "catalog-bad2.example.db"; + primaries { 10.53.0.1; }; + }; + + zone "catalog-bad3.example" { + type secondary; + file "catalog-bad3.example.db"; + primaries { 10.53.0.1; }; + }; + +}; + +view "ch" ch { + # removed catalog-zone option, otherwise this is # identical to named1.conf.in -}; -zone "dom-existing.example" { - type primary; - file "dom-existing.example.db"; -}; + zone "catalog-bad5.example" ch { + type secondary; + file "catalog-bad5.example.db"; + primaries { 10.53.0.1; }; + }; -zone "catalog1.example" { - type secondary; - file "catalog1.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog2.example" { - type secondary; - file "catalog2.example.db"; - primaries { 10.53.0.3; }; -}; - -zone "catalog3.example" { - type secondary; - file "catalog3.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog4.example" { - type secondary; - file "catalog4.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog-bad1.example" { - type secondary; - file "catalog-bad1.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog-bad2.example" { - type secondary; - file "catalog-bad2.example.db"; - primaries { 10.53.0.1; }; -}; - -zone "catalog-bad3.example" { - type secondary; - file "catalog-bad3.example.db"; - primaries { 10.53.0.1; }; }; key tsig_key. { diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 807fb14bc0..18e718c5e5 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -108,6 +108,15 @@ wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad3.example' is if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +n=$((n+1)) +echo_i "checking that catalog-bad5.example (non-IN class) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "'catalog-zones' option is only supported for views with class IN" && +wait_for_message ns2/named.run "all zones loaded" || ret=1 +grep -F "catz: dns_catz_add_zone catalog-bad5.example" ns2/named.run && ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + nextpart ns2/named.run >/dev/null ########################################################################## @@ -129,7 +138,7 @@ echo "foo 3600 IN TXT some content here" >> ns1/dom1.example.db echo "bar 3600 IN TXT some content here" >> ns1/dom1.example.db echo "xxx 3600 IN TXT some content here" >> ns1/dom1.example.db echo "yyy 3600 IN TXT some content here" >> ns1/dom1.example.db -rndccmd 10.53.0.1 addzone dom1.example. '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1 +rndccmd 10.53.0.1 addzone dom1.example. in default '{ type primary; file "dom1.example.db"; allow-update { any; }; notify explicit; also-notify { 10.53.0.2; }; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -157,7 +166,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom1.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom1.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom1.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -171,7 +180,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "checking that zone-directory is populated ($n)" ret=0 -wait_for_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1 +wait_for_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -204,7 +213,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "check that journal was created for cleanup test ($n)" ret=0 -test -f ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl || ret=1 +test -f ns2/zonedir/__catz__default_catalog1.example_dom1.example.db.jnl || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -276,7 +285,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom1.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -290,8 +299,8 @@ status=$((status+ret)) n=$((n+1)) echo_i "checking that zone-directory is emptied ($n)" ret=0 -wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db" || ret=1 -wait_for_no_zonefile "ns2/zonedir/__catz___default_catalog1.example_dom1.example.db.jnl" || ret=1 +wait_for_no_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db" || ret=1 +wait_for_no_zonefile "ns2/zonedir/__catz__default_catalog1.example_dom1.example.db.jnl" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -305,7 +314,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom2.example.db echo "@ IN NS invalid." >> ns1/dom2.example.db echo "@ IN A 192.0.2.1" >> ns1/dom2.example.db -rndccmd 10.53.0.1 addzone dom2.example. '{type primary; file "dom2.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom2.example. in default '{type primary; file "dom2.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -324,7 +333,7 @@ echo_i "adding domain dom4.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom4.example.db echo "@ IN NS invalid." >> ns1/dom4.example.db -rndccmd 10.53.0.1 addzone dom4.example. '{type primary; file "dom4.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom4.example. in default '{type primary; file "dom4.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -367,7 +376,7 @@ ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom3.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom4.example' from catalog 'catalog2.example'" && -wait_for_message ns2/named.run "transfer of 'dom4.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom4.example/IN/default' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -390,7 +399,7 @@ echo_i "adding a domain dom3.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom3.example.db echo "@ IN NS invalid." >> ns1/dom3.example.db -rndccmd 10.53.0.1 addzone dom3.example. '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 +rndccmd 10.53.0.1 addzone dom3.example. in default '{type primary; file "dom3.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -404,8 +413,8 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && -wait_for_message ns2/named.run "transfer of 'dom3.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom2.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" && +wait_for_message ns2/named.run "transfer of 'dom3.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -530,7 +539,7 @@ ret=0 wait_for_message ns2/named.run "catz: zone 'dom2.example' change of ownership from 'catalog1.example' to 'catalog2.example'" && wait_for_message ns2/named.run "catz: deleting zone 'dom2.example' from catalog 'catalog1.example' - success" && wait_for_message ns2/named.run "catz: adding zone 'dom2.example' from catalog 'catalog2.example'" && -wait_for_message ns2/named.run "transfer of 'dom2.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom2.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -645,7 +654,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom-existing.example.db echo "@ IN NS invalid." >> ns1/dom-existing.example.db echo "@ IN A 192.0.2.1" >> ns1/dom-existing.example.db -rndccmd 10.53.0.1 addzone dom-existing.example. '{type primary; file "dom-existing.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 +rndccmd 10.53.0.1 addzone dom-existing.example. in default '{type primary; file "dom-existing.example.db"; also-notify { 10.53.0.2; }; notify explicit; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -738,7 +747,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom5.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom5.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom5.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -764,7 +773,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom5.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -795,7 +804,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom6.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom6.example/IN' from " > /dev/null || ret=1 +wait_for_message ns2/named.run "transfer of 'dom6.example/IN/default' from " > /dev/null || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -822,7 +831,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom6.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -889,12 +898,12 @@ echo_i "adding domains dom7.example. and dom8.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom7.example.db echo "@ IN NS invalid." >> ns1/dom7.example.db -rndccmd 10.53.0.1 addzone dom7.example. '{type primary; file "dom7.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom7.example. in default '{type primary; file "dom7.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom8.example.db echo "@ IN NS invalid." >> ns1/dom8.example.db -rndccmd 10.53.0.1 addzone dom8.example. '{type primary; file "dom8.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom8.example. in default '{type primary; file "dom8.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -923,7 +932,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom7.example' from catalog 'catalog1.example'" > /dev/null && -wait_for_message ns2/named.run "transfer of 'dom7.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom7.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -966,7 +975,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: update_from_db: new zone merged" && -wait_for_message ns2/named.run "transfer of 'dom8.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom8.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1055,7 +1064,7 @@ echo_i "adding a domain dom9.example. to primary via RNDC, with transfers allowe ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom9.example.db echo "@ IN NS invalid." >> ns1/dom9.example.db -rndccmd 10.53.0.1 addzone dom9.example. '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1 +rndccmd 10.53.0.1 addzone dom9.example. in default '{type primary; file "dom9.example.db"; allow-transfer { key tsig_key; }; };' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1085,7 +1094,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom9.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom9.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom9.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1180,19 +1189,19 @@ do case "$special" in this.is.a.very.very.long.long.long.domain.that.will.cause.catalog.zones.to.generate.hash.instead.of.using.regular.filename.dom10.example) hash=825f48b1ce1b4cf5a041d20255a0c8e98d114858 - db=__catz__4d70696f2335687069467f11f5d5378c480383f97782e553fb2d04a7bb2a23ed.db + db=__catz__a35e0a044ff9f37436068e1e83e9b99fb9da51b0fe7b699bdb404f7755d68276.db ;; this.zone/domain.has.a.slash.dom10.example) hash=e64cc64c99bf52d0a77fb16dd7ed57cf925a36aa - db=__catz__46ba3e1b28d5955e5313d5fee61bedc78c71d08035aa7ea2f7bf0b8228ab3acc.db + db=__catz__765197c8050c794f4ec5bbf5dbdf64d0551459c08a91a4217768fcd16cd3b7ce.db ;; this.zone\\\\domain.has.backslash.dom10.example) hash=91e27e02153d38cf656a9b376d7747fbcd19f985 - db=__catz__b667f7ff802c0895e0506699951cff9a1cab68c5ef8546aa0d07425f244ed870.db + db=__catz__0f2f3beaf2ef70e0086063ae28a69444cdf3847cb85e668bfe52c89f7f756b29.db ;; this.zone:domain.has.a.colon.dom.10.example) hash=8b7238bf4c34045834c573ba4116557ebb24d33c - db=__catz__5c721f7872913a4e7fa8ad42589cce5dd6e551a4c9e6ab3f86e77c0bbc7c2ca6.db + db=__catz__ba75ab860533508a62b0937c5c6b8537e4186e4d5e7685161287260d07418251.db ;; esac @@ -1208,7 +1217,7 @@ do ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom10.example.db echo "@ IN NS invalid." >> ns1/dom10.example.db - rndccmd 10.53.0.1 addzone '"'"${special}"'"' '{type primary; file "dom10.example.db";};' || ret=1 + rndccmd 10.53.0.1 addzone '"'"${special}"'"' in default '{type primary; file "dom10.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1236,7 +1245,7 @@ END echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone '$special' from catalog 'catalog1.example'" && - wait_for_message ns2/named.run "transfer of '$special/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 + wait_for_message ns2/named.run "transfer of '$special/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1268,7 +1277,7 @@ END n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 - wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN: shutting down" || ret=1 + wait_for_message ns2/named.run "zone_shutdown: zone ${special}/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1302,7 +1311,7 @@ echo_i "Adding a domain dom11.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom11.example.db echo "@ IN NS invalid." >> ns1/dom11.example.db -rndccmd 10.53.0.1 addzone dom11.example. '{type primary; file "dom11.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom11.example. in default '{type primary; file "dom11.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1330,7 +1339,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom11.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom11.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1353,7 +1362,7 @@ echo_i "Adding a domain subdomain.of.dom11.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/subdomain.of.dom11.example.db echo "@ IN NS invalid." >> ns1/subdomain.of.dom11.example.db -rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone subdomain.of.dom11.example. in default '{type primary; file "subdomain.of.dom11.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1381,7 +1390,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'subdomain.of.dom11.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'subdomain.of.dom11.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1406,7 +1415,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom11.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1438,7 +1447,7 @@ status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone subdomain.of.dom11.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1463,7 +1472,7 @@ echo_i "Adding a domain dom12.example. to primary via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom12.example.db echo "@ IN NS invalid." >> ns1/dom12.example.db -rndccmd 10.53.0.1 addzone dom12.example. '{type primary; file "dom12.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom12.example. in default '{type primary; file "dom12.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1508,7 +1517,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom12.example' from catalog 'catalog4.example'" && -wait_for_message ns2/named.run "transfer of 'dom12.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom12.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1576,7 +1585,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom13.example.db echo "@ IN NS invalid." >> ns1/dom13.example.db echo "@ IN A 192.0.2.1" >> ns1/dom13.example.db -rndccmd 10.53.0.1 addzone dom13.example. '{type primary; file "dom13.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom13.example. in default '{type primary; file "dom13.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1623,7 +1632,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom13.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom13.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom13.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1734,7 +1743,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom14.example.db echo "@ IN NS invalid." >> ns1/dom14.example.db echo "@ IN A 192.0.2.1" >> ns1/dom14.example.db -rndccmd 10.53.0.1 addzone dom14.example. '{type primary; file "dom14.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom14.example. in default '{type primary; file "dom14.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1767,14 +1776,14 @@ nextpart ns2/named.run >/dev/null n=$((n+1)) echo_i "Adding domain dom14.example. with rndc with ns1 as primary ($n)" ret=0 -rndccmd 10.53.0.2 addzone dom14.example. '{type secondary; primaries {10.53.0.1;};};' || ret=1 +rndccmd 10.53.0.2 addzone dom14.example. in default '{type secondary; primaries {10.53.0.1;};};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 -wait_for_message ns2/named.run "transfer of 'dom14.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom14.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1858,7 +1867,7 @@ echo_i "Adding a domain dom15.example. to primary ns1 via RNDC ($n)" ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom15.example.db echo "@ IN NS invalid." >> ns1/dom15.example.db -rndccmd 10.53.0.1 addzone dom15.example. '{type primary; file "dom15.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom15.example. in default '{type primary; file "dom15.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1940,7 +1949,7 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom16.example.db echo "@ IN NS invalid." >> ns1/dom16.example.db echo "@ IN A 192.0.2.1" >> ns1/dom16.example.db -rndccmd 10.53.0.1 addzone dom16.example. '{type primary; file "dom16.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom16.example. in default '{type primary; file "dom16.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1969,7 +1978,7 @@ n=$((n+1)) echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: adding zone 'dom16.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom16.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom16.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -1987,7 +1996,7 @@ nextpart ns2/named.run >/dev/null echo_i "Deleting dom16.example. from secondary ns2 via RNDC ($n)" ret=0 -rndccmd 10.53.0.2 delzone dom16.example. >/dev/null 2>&1 || ret=1 +rndccmd 10.53.0.2 delzone dom16.example. in default >/dev/null 2>&1 || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2071,13 +2080,13 @@ ret=0 echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom17.example.db echo "@ IN NS invalid." >> ns1/dom17.example.db echo "@ IN A 192.0.2.1" >> ns1/dom17.example.db -rndccmd 10.53.0.1 addzone dom17.example. '{type primary; file "dom17.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom17.example. in default '{type primary; file "dom17.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" > ns1/dom18.example.db echo "@ IN NS invalid." >> ns1/dom18.example.db echo "@ IN A 192.0.2.1" >> ns1/dom18.example.db -rndccmd 10.53.0.1 addzone dom18.example. '{type primary; file "dom18.example.db";};' || ret=1 +rndccmd 10.53.0.1 addzone dom18.example. in default '{type primary; file "dom18.example.db";};' || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2161,8 +2170,8 @@ ret=0 wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.dom17.zones.catalog1.example IN A (failure) - ignoring" && wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog1.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog1.example'" && -wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" && -wait_for_message ns2/named.run "transfer of 'dom18.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom17.example/IN/default' from 10.53.0.1#${PORT}: Transfer status: success" && +wait_for_message ns2/named.run "transfer of 'dom18.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2211,8 +2220,8 @@ echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: deleting zone 'dom17.example' from catalog 'catalog1.example' - success" && wait_for_message ns2/named.run "catz: deleting zone 'dom18.example' from catalog 'catalog1.example' - success" && -wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN: shutting down" && -wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN/default: shutting down" && +wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2252,8 +2261,8 @@ ret=0 wait_for_message ns2/named.run "catz: invalid record in catalog zone - primaries.ext.dom18.zones.catalog2.example IN A (failure) - ignoring" && wait_for_message ns2/named.run "catz: adding zone 'dom17.example' from catalog 'catalog2.example'" && wait_for_message ns2/named.run "catz: adding zone 'dom18.example' from catalog 'catalog2.example'" && -wait_for_message ns2/named.run "transfer of 'dom17.example/IN' from 10.53.0.3#${PORT}: Transfer status: success" && -wait_for_message ns2/named.run "transfer of 'dom18.example/IN' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 +wait_for_message ns2/named.run "transfer of 'dom17.example/IN/default' from 10.53.0.3#${PORT}: Transfer status: success" && +wait_for_message ns2/named.run "transfer of 'dom18.example/IN/default' from 10.53.0.1#${EXTRAPORT1}: Transfer status: success" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -2302,8 +2311,8 @@ echo_i "waiting for secondary to sync up ($n)" ret=0 wait_for_message ns2/named.run "catz: deleting zone 'dom17.example' from catalog 'catalog2.example' - success" && wait_for_message ns2/named.run "catz: deleting zone 'dom18.example' from catalog 'catalog2.example' - success" && -wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN: shutting down" && -wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN: shutting down" || ret=1 +wait_for_message ns2/named.run "zone_shutdown: zone dom17.example/IN/default: shutting down" && +wait_for_message ns2/named.run "zone_shutdown: zone dom18.example/IN/default: shutting down" || ret=1 if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) From a8f9d4e418fb053160a8a12d3a6b4b0770051c93 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Fri, 15 Apr 2022 15:34:19 +0000 Subject: [PATCH 5/6] Add new catz system test to check a version property with invalid type There is already a check for the missing version property case (catalog-bad1.example), and this new test should result in the same outcome, but differs in a way that there exists a version record in the zone, but it is of a wrong type (A instead of the expected TXT). (cherry picked from commit 5bfe655835490de9e198605618ae938c0a684a75) --- bin/tests/system/catz/ns1/catalog-bad4.example.db | 14 ++++++++++++++ bin/tests/system/catz/ns1/named.conf.in | 9 +++++++++ bin/tests/system/catz/ns2/named1.conf.in | 14 ++++++++++++++ bin/tests/system/catz/ns2/named2.conf.in | 13 ++++++++++++- bin/tests/system/catz/tests.sh | 9 +++++++++ 5 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 bin/tests/system/catz/ns1/catalog-bad4.example.db diff --git a/bin/tests/system/catz/ns1/catalog-bad4.example.db b/bin/tests/system/catz/ns1/catalog-bad4.example.db new file mode 100644 index 0000000000..d04bab321c --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad4.example.db @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN A 10.53.0.1 diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in index 5bfac4694f..142128131c 100644 --- a/bin/tests/system/catz/ns1/named.conf.in +++ b/bin/tests/system/catz/ns1/named.conf.in @@ -95,6 +95,15 @@ view "default" { notify explicit; }; + # Type A "version" property + zone "catalog-bad4.example" { + type primary; + file "catalog-bad4.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; }; view "ch" ch { diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in index 961b4c5712..c52205aab3 100644 --- a/bin/tests/system/catz/ns2/named1.conf.in +++ b/bin/tests/system/catz/ns2/named1.conf.in @@ -62,6 +62,9 @@ view "default" { zone "catalog-bad3.example" default-masters { 10.53.0.1; } in-memory yes; + zone "catalog-bad4.example" + default-masters { 10.53.0.1; } + in-memory yes; }; # A faulty dlz configuration to check if named and catz survive a certain class @@ -101,24 +104,34 @@ view "default" { primaries { 10.53.0.1; }; }; + # No "version" property zone "catalog-bad1.example" { type secondary; file "catalog-bad1.example.db"; primaries { 10.53.0.1; }; }; + # Unsupported "version" property zone "catalog-bad2.example" { type secondary; file "catalog-bad2.example.db"; primaries { 10.53.0.1; }; }; + # Two RRs in TXT RRset for the "version" property zone "catalog-bad3.example" { type secondary; file "catalog-bad3.example.db"; primaries { 10.53.0.1; }; }; + # Type A "version" property + zone "catalog-bad4.example" { + type secondary; + file "catalog-bad4.example.db"; + primaries { 10.53.0.1; }; + }; + }; view "ch" ch { @@ -129,6 +142,7 @@ view "ch" ch { in-memory yes; }; + # Non-IN class catalog zone zone "catalog-bad5.example" ch { type secondary; file "catalog-bad5.example.db"; diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in index 927aa04810..89c15c71af 100644 --- a/bin/tests/system/catz/ns2/named2.conf.in +++ b/bin/tests/system/catz/ns2/named2.conf.in @@ -64,31 +64,42 @@ view "default" { primaries { 10.53.0.1; }; }; + # No "version" property zone "catalog-bad1.example" { type secondary; file "catalog-bad1.example.db"; primaries { 10.53.0.1; }; }; + # Unsupported "version" property zone "catalog-bad2.example" { type secondary; file "catalog-bad2.example.db"; primaries { 10.53.0.1; }; }; + # Two RRs in TXT RRset for the "version" property zone "catalog-bad3.example" { type secondary; file "catalog-bad3.example.db"; primaries { 10.53.0.1; }; }; + # Type A "version" property + zone "catalog-bad4.example" { + type secondary; + file "catalog-bad4.example.db"; + primaries { 10.53.0.1; }; + }; + }; view "ch" ch { - # removed catalog-zone option, otherwise this is + # Removed catalog-zone option, otherwise this is # identical to named1.conf.in + # Non-IN class catalog zone zone "catalog-bad5.example" ch { type secondary; file "catalog-bad5.example.db"; diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 18e718c5e5..c973dc020c 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -108,6 +108,15 @@ wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad3.example' is if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status+ret)) +n=$((n+1)) +echo_i "checking that catalog-bad4.example (with only spurious type A version record) has failed to load ($n)" +ret=0 +wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.catalog-bad4.example IN A (failure) - ignoring" && +wait_for_message ns2/named.run "catz: zone 'catalog-bad4.example' version is not set" && +wait_for_message ns2/named.run "catz: new catalog zone 'catalog-bad4.example' is broken and will not be processed" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + n=$((n+1)) echo_i "checking that catalog-bad5.example (non-IN class) has failed to load ($n)" ret=0 From 2dac9b119a800a3e18c080f00d1a6d1e6ab92e56 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Fri, 15 Apr 2022 15:50:43 +0000 Subject: [PATCH 6/6] Remove reduntant checks of 'rdclass' in catz.c We check the `rdclass` to be of type IN in `dns_catz_update_process()` function, and all the other static functions where similar checks exist are called after (and in the result of) that function being called, so they are effectively redundant. (cherry picked from commit 84d3aba4f3e87cd293e765b9ba5b070d4156cdce) --- lib/dns/catz.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/lib/dns/catz.c b/lib/dns/catz.c index 3b55a552ce..70a1251559 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -1034,10 +1034,6 @@ catz_process_zones(dns_catz_zone_t *zone, dns_rdataset_t *value, REQUIRE(DNS_RDATASET_VALID(value)); REQUIRE(ISC_MAGIC_VALID(name, DNS_NAME_MAGIC)); - if (value->rdclass != dns_rdataclass_in) { - return (ISC_R_FAILURE); - } - if (name->labels == 0) { return (ISC_R_FAILURE); } @@ -1073,8 +1069,7 @@ catz_process_coo(dns_catz_zone_t *zone, dns_label_t *mhash, return (ISC_R_FAILURE); } - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_ptr) { + if (value->type != dns_rdatatype_ptr) { return (ISC_R_FAILURE); } @@ -1145,8 +1140,7 @@ catz_process_zones_entry(dns_catz_zone_t *zone, dns_rdataset_t *value, dns_rdata_ptr_t ptr; dns_catz_entry_t *entry = NULL; - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_ptr) { + if (value->type != dns_rdatatype_ptr) { return (ISC_R_FAILURE); } @@ -1211,8 +1205,7 @@ catz_process_version(dns_catz_zone_t *zone, dns_rdataset_t *value) { REQUIRE(DNS_CATZ_ZONE_VALID(zone)); REQUIRE(DNS_RDATASET_VALID(value)); - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_txt) { + if (value->type != dns_rdatatype_txt) { return (ISC_R_FAILURE); } @@ -1311,10 +1304,6 @@ catz_process_primaries(dns_catz_zone_t *zone, dns_ipkeylist_t *ipkl, * - label and IN A/IN AAAA * - label and IN TXT - TSIG key name */ - if (value->rdclass != dns_rdataclass_in) { - return (ISC_R_FAILURE); - } - if (name->labels > 0) { isc_sockaddr_t sockaddr; size_t i; @@ -1478,8 +1467,7 @@ catz_process_apl(dns_catz_zone_t *zone, isc_buffer_t **aclbp, REQUIRE(DNS_RDATASET_VALID(value)); REQUIRE(dns_rdataset_isassociated(value)); - if (value->rdclass != dns_rdataclass_in || - value->type != dns_rdatatype_apl) { + if (value->type != dns_rdatatype_apl) { return (ISC_R_FAILURE); }