upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 12:12:11 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

update the acl system test to include a blackhole test case

Browse source 
this ACL was previously untested, which allowed a regression to
go undetected.
This commit is contained in:
Evan Hunt 2020-06-17 15:30:59 -07:00
parent 3970e6e832
commit e3ee138098
2 changed files with 21 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
bin/tests/system/acl/ns2/named5.conf.in
View file

@ -31,6 +31,7 @@ options {
ixfr-from-differences yes;
check-integrity no;
allow-query-on { 10.53.0.2; };
blackhole { 10.53.0.8; };
};
key one {

20
bin/tests/system/acl/tests.sh
View file

@ -143,6 +143,26 @@ $DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.${t}
grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
echo_i "testing blackhole ACL processing"
t=`expr $t + 1`
ret=0
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.1.${t}
grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1
$DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.8 > dig.out.2.${t}
grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1
grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1
$DIG -p ${PORT} soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.3.${t}
grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1
$DIG -p ${PORT} soa example. \
@10.53.0.2 -b 10.53.0.8 > dig.out.4.${t}
grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1
grep "connection timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=`expr $status + $ret`
# AXFR tests against ns3
echo_i "testing allow-transfer ACLs against ns3 (no existing zones)"