diff --git a/bin/tests/system/notify/ns2/named.conf.j2 b/bin/tests/system/notify/ns2/named.conf.j2 index 6ef327398d..3fe8caa390 100644 --- a/bin/tests/system/notify/ns2/named.conf.j2 +++ b/bin/tests/system/notify/ns2/named.conf.j2 @@ -97,3 +97,19 @@ zone x18 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; }; zone x19 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; }; zone x20 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; }; zone x21 { type primary; file "x21.db"; allow-update { any; }; also-notify { x21; }; }; + +key 10.53.0.53 { + algorithm hmac-sha256; + secret "aaaabbbbccccddddeeeeffffgggghhhhiiii"; +}; + +server 10.53.0.53 { + notify-source 198.51.100.0; // non existant / not configured + keys 10.53.0.53; +}; + +zone "change-ns" { + type primary; + file "change-ns.db"; + allow-update { any; }; +}; diff --git a/bin/tests/system/notify/setup.sh b/bin/tests/system/notify/setup.sh index 5948652d13..4c8c104be1 100644 --- a/bin/tests/system/notify/setup.sh +++ b/bin/tests/system/notify/setup.sh @@ -15,3 +15,4 @@ cp -f ns2/example1.db ns2/example.db cp -f ns2/generic.db ns2/x21.db +cp -f ns2/generic.db ns2/change-ns.db diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh index 3beb52ae9a..668573bdce 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh @@ -237,5 +237,18 @@ nextpartreset ns3/named.run wait_for_log 30 'retries exceeded' ns3/named.run || ret=1 test_end +test_start "checking notify with bad notify source address and tsig" +$NSUPDATE <dig.out.test$n || ret=1 +grep "ns2.change-ns." dig.out.test$n >/dev/null || ret=1 +test_end + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/notify/tests_sh_notify.py b/bin/tests/system/notify/tests_sh_notify.py index 74c626b76b..f4a425533b 100644 --- a/bin/tests/system/notify/tests_sh_notify.py +++ b/bin/tests/system/notify/tests_sh_notify.py @@ -15,6 +15,8 @@ pytestmark = pytest.mark.extra_artifacts( [ "awk.out.*", "dig.out.*", + "ns2/change-ns.db", + "ns2/change-ns.db.jnl", "ns2/example.db", "ns2/named-tls.conf", "ns2/x21.db*", diff --git a/lib/dns/notify.c b/lib/dns/notify.c index 0ceb5b30d7..98396c25aa 100644 --- a/lib/dns/notify.c +++ b/lib/dns/notify.c @@ -464,7 +464,8 @@ again: isc_tlsctx_cache_detach(&zmgr_tlsctx_cache); - if (result == ISC_R_SUCCESS) { + switch (result) { + case ISC_R_SUCCESS: if (isc_sockaddr_pf(¬ify->dst) == AF_INET) { dns__zone_stats_increment( notify->zone, dns_zonestatscounter_notifyoutv4); @@ -472,14 +473,25 @@ again: dns__zone_stats_increment( notify->zone, dns_zonestatscounter_notifyoutv6); } - } else if (result == ISC_R_SHUTTINGDOWN || result == ISC_R_CANCELED) { - goto cleanup_key; - } else if ((notify->flags & DNS_NOTIFY_TCP) == 0) { + break; + case ISC_R_SHUTTINGDOWN: + case ISC_R_CANCELED: + case ISC_R_ADDRNOTAVAIL: + case DNS_R_BLACKHOLED: + case ISC_R_FAMILYNOSUPPORT: notify_log(notify, ISC_LOG_NOTICE, - "notify(%s) to %s failed: %s: retrying over TCP", - typebuf, addrbuf, isc_result_totext(result)); - notify->flags |= DNS_NOTIFY_TCP; - goto again; + "notify(%s) to %s failed: %s", typebuf, addrbuf, + isc_result_totext(result)); + break; + default: + if ((notify->flags & DNS_NOTIFY_TCP) == 0) { + notify_log(notify, ISC_LOG_NOTICE, + "notify(%s) to %s failed: %s: retrying over " + "TCP", + typebuf, addrbuf, isc_result_totext(result)); + notify->flags |= DNS_NOTIFY_TCP; + goto again; + } } cleanup_key: diff --git a/lib/dns/request.c b/lib/dns/request.c index 93c868ecfd..64a4602e62 100644 --- a/lib/dns/request.c +++ b/lib/dns/request.c @@ -632,6 +632,7 @@ again: cleanup: if (result != ISC_R_SUCCESS) { + dns_message_settsigkey(message, NULL); req_cleanup(request); dns_request_detach(&request); req_log(ISC_LOG_DEBUG(3), "%s: failed %s", __func__,