Commit 04da28bd authored by Mark Andrews's avatar Mark Andrews

test max records policy

parent 919a9ece
......@@ -60,3 +60,5 @@ rm -f update.out.*
rm -f check.out.*
rm -f update.out.*
rm -f ns*/managed-keys.bind* ns*/*.mkeys*
rm -f nextpart.out.*
rm -f */named.run.prev
......@@ -34,5 +34,5 @@ controls {
zone "in-addr.arpa" {
type master;
file "in-addr.db";
update-policy { grant * tcp-self . PTR; };
update-policy { grant * tcp-self . PTR(1) ANY(2) A; };
};
......@@ -1031,6 +1031,65 @@ grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo_i "failed"; status=1; }
n=`expr $n + 1`
ret=0
echo_i "check that max records is enforced ($n)"
nextpart ns6/named.run > /dev/null
$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
server 10.53.0.6 ${PORT}
local 10.53.0.5
update del 5.0.53.10.in-addr.arpa.
update add 5.0.53.10.in-addr.arpa. 600 PTR localhost.
update add 5.0.53.10.in-addr.arpa. 600 PTR other.
send
END
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
-x 10.53.0.5 > dig.out.ns6.$n
# the policy is 'grant * tcp-self . PTR(1) ANY(2) A;' so only the
# first PTR record should be added.
grep localhost. dig.out.ns6.$n > /dev/null 2>&1 || ret=1
grep other. dig.out.ns6.$n > /dev/null 2>&1 && ret=1
nextpart ns6/named.run > nextpart.out.$n
grep "attempt to add more records than permitted by policy" nextpart.out.$n > /dev/null || ret=1
if test $ret -ne 0
then
echo_i "failed"; status=1
fi
n=`expr $n + 1`
ret=0
echo_i "check that max records for ANY is enforced ($n)"
nextpart ns6/named.run > /dev/null
$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
server 10.53.0.6 ${PORT}
local 10.53.0.5
update del 5.0.53.10.in-addr.arpa.
update add 5.0.53.10.in-addr.arpa. 600 A 1.2.3.4
update add 5.0.53.10.in-addr.arpa. 600 A 1.2.3.3
update add 5.0.53.10.in-addr.arpa. 600 A 1.2.3.2
update add 5.0.53.10.in-addr.arpa. 600 AAAA ::ffff:1.2.3.4
update add 5.0.53.10.in-addr.arpa. 600 AAAA ::ffff:1.2.3.3
update add 5.0.53.10.in-addr.arpa. 600 AAAA ::ffff:1.2.3.2
send
END
$DIG $DIGOPTS @10.53.0.6 \
+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
ANY -x 10.53.0.5 > dig.out.ns6.test$n
nextpart ns6/named.run > nextpart.out.test$n
grep "attempt to add more records than permitted by policy" nextpart.out.test$n > /dev/null || ret=1
# the policy is 'grant * tcp-self . PTR(1) ANY(2) A;' so all the A
# records should have been added as there is no limit and the first 2
# of the AAAA records added as they match ANY(2).
c1=$(awk '$4 == "A" { print }' dig.out.ns6.test$n | wc -l)
c2=$(awk '$4 == "AAAA" { print }' dig.out.ns6.test$n | wc -l)
test "$c1" -eq 3 -a "$c2" -eq 2 || ret=1
grep "::ffff:1.2.3.2" dig.out.ns6.test$n && ret=1
if test $ret -ne 0
then
echo_i "failed"; status=1
fi
if $FEATURETEST --gssapi ; then
n=`expr $n + 1`
ret=0
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment