Commit 2fbadaee authored by Matthijs Mekking's avatar Matthijs Mekking 🏡 Committed by Ondřej Surý

Add test for nxdomain-redirect ncachenxdomain

(cherry picked from commit 2d65626630c19bb8159a025accb18e5179da5dc3)
(cherry picked from commit 05d29443)
parent 9b67f3d3
......@@ -27,5 +27,10 @@ rm -f ns3/dsset-signed.
rm -f ns3/nsec3.db*
rm -f ns3/signed.db*
rm -f ns4/*.db
rm -f ns5/dsset-*
rm -f ns5/K* ns5/sign.ns5.*
rm -f ns5/root.db ns5/root.db.signed
rm -f ns5/signed.db ns5/signed.db.signed
rm -f ns6/signed.db.signed
rm -f rndc.out
rm -f ns*/managed-keys.bind*
......@@ -11,7 +11,7 @@ $TTL 3600
@ SOA a.root-servers.nil. marka.isc.org. 0 0 0 0 0
@ NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
example NS ns1.example.
example NS ns1.example.
ns1.example. A 10.53.0.1
signed NS ns1.example.
ns1.signed. A 10.53.0.1
......@@ -16,7 +16,7 @@ controls { /* empty */ };
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
options {
query-source address 10.53.0.2; /* note this is not 10.53.0.3 */
query-source address 10.53.0.2; /* note this is not 10.53.0.4 */
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port @PORT@;
......@@ -27,7 +27,6 @@ options {
notify yes;
dnssec-validation yes;
nxdomain-redirect "redirect";
};
key rndc_key {
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS5
options {
port @PORT@;
listen-on port @PORT@ { 10.53.0.5; };
pid-file "named.pid";
nxdomain-redirect signed;
};
zone "." {
type master;
file "root.db.signed";
};
// An unsigned zone that ns6 has a delegation for.
zone "unsigned." {
type master;
file "unsigned.db";
};
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
. 86400 IN SOA a.root-servers.nil. hostmaster.example.net. 2019022100 1800 900 604800 86400
. 518400 IN NS a.root-servers.nil.
a.root-servers.nil. 518400 IN A 10.53.0.5
signed. 172800 IN NS ns.signed.
ns.signed. 172800 IN A 10.53.0.6
unsigned. 172800 IN NS ns.unsigned.
ns.unsigned. 172800 IN A 10.53.0.5
#!/bin/sh -e
#
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# We sign the zone here and move the signed zone to ns6.
# The ns5 server actually does not serve this zone but
# the DS and NS records are in the test root zone, and
# delegate to ns6.
zone=signed.
infile=signed.db.in
zonefile=signed.db
key1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null`
key2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null`
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.signed.out 2>&1
cp signed.db.signed ../ns6
# Root zone.
zone=.
infile=root.db.in
zonefile=root.db
key1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null`
key2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null`
# cat $infile $key1.key $key2.key > $zonefile
cat $infile dsset-signed. $key1.key $key2.key > $zonefile
$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.root.out 2>&1
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300
@ IN SOA ns.signed. hostmaster.signed. 0 0 0 0 0
@ IN NS ns.signed.
ns.signed. IN A 10.0.53.6
domain.signed. IN A 10.0.53.1
* IN A 100.100.100.1
* IN AAAA 2001:ffff:ffff::100.100.100.1
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 300
@ IN SOA ns.unsigned. hostmaster.unsigned. 0 0 0 0 0
@ IN NS ns.unsigned.
ns.unsigned. IN A 10.53.0.6
domain.unsigned. IN A 10.0.53.1
* IN A 100.100.100.1
* IN AAAA 2001:ffff:ffff::100.100.100.1
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
// NS6
options {
port @PORT@;
listen-on port @PORT@ { 10.53.0.6; };
pid-file "named.pid";
nxdomain-redirect unsigned;
};
zone "." {
type master;
file "root.db";
};
// A signed zone that ns5 has a delegation for.
zone "signed." {
type master;
file "signed.db.signed";
};
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
. 86400 IN SOA a.root-servers.nil. hostmaster.example.net. 2019022100 1800 900 604800 86400
. 518400 IN NS a.root-servers.nil.
a.root-servers.nil. 518400 IN A 10.53.0.6
signed. 172800 IN NS ns.signed.
ns.signed. 172800 IN A 10.53.0.6
unsigned. 172800 IN NS ns.unsigned.
ns.unsigned. 172800 IN A 10.53.0.5
......@@ -18,6 +18,8 @@ copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
copy_setports ns6/named.conf.in ns6/named.conf
cp ns2/redirect.db.in ns2/redirect.db
cp ns2/example.db.in ns2/example.db
......@@ -25,3 +27,4 @@ cp ns2/example.db.in ns2/example.db
cp ns4/example.db.in ns4/example.db
( cd ns3 && $SHELL sign.sh )
( cd ns5 && $SHELL sign.sh )
......@@ -517,5 +517,21 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)"
ret=0
$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1
grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -914,6 +914,7 @@
./bin/tests/system/redirect/clean.sh SH 2011,2012,2013,2014,2015,2016,2018,2019
./bin/tests/system/redirect/ns1/sign.sh SH 2011,2012,2014,2016,2017,2018,2019
./bin/tests/system/redirect/ns3/sign.sh SH 2015,2016,2017,2018,2019
./bin/tests/system/redirect/ns5/sign.sh SH 2019
./bin/tests/system/redirect/setup.sh SH 2011,2012,2013,2014,2015,2016,2017,2018,2019
./bin/tests/system/redirect/tests.sh SH 2011,2012,2013,2014,2015,2016,2018,2019
./bin/tests/system/resolver/ans2/ans.pl PERL 2000,2001,2004,2007,2009,2010,2012,2016,2018,2019
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment