Add test for RPZ wildcard passthru ignored fix

bin/tests/system/rpzrecurse/ns1/example.com.db

+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+@ IN SOA ns.example.com. root.example.com. 1 3600 3600 3600 3600
+@    NS	 ns.example.com.
+
+ns.example.com.     A   10.53.0.1
+@                   A   1.2.3.4
+www                 A   1.2.3.5

bin/tests/system/rpzrecurse/ns1/named.conf.in

@@ -65,3 +65,8 @@ zone "test2.example.net" {
      type master;
      file "test2.example.net.db";
 };
+
+zone "example.com" {
+     type master;
+     file "example.com.db";
+};

bin/tests/system/rpzrecurse/ns2/db.given

+$ORIGIN given.zone.
+$TTL 3600
+@               IN SOA ns.given.zone.  hostmaster.given.zone. 1 600 300 604800 3600
+                IN NS  ns.given.zone.
+
+ns IN A  127.0.0.1
+; this should be ignores as it matches earlier passthru entry.
+example.com CNAME .
+; this should be ignored as it matches earlier wildcard passthru entry.
+www.example.com CNAME .

bin/tests/system/rpzrecurse/ns2/db.passthru

+$ORIGIN passthru.zone.
+$TTL 3600
+@               IN SOA ns.passthru.zone.  hostmaster.passthru.zone. 1 600 300 604800 3600
+                IN NS  ns.passthru.zone.
+
+ns IN A 127.0.0.1
+example.com     CNAME rpz-passthru.
+*.example.com   CNAME rpz-passthru.

bin/tests/system/rpzrecurse/ns2/named.wildcard4.conf

+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# common configuration
+include "named.conf.header";
+
+view "recursive" {
+	# policy configuration to be tested
+	response-policy {
+		zone "passthru.zone" policy passthru;
+		zone "given.zone" policy given;
+	};
+
+	# policy zones to be tested
+	zone "passthru.zone" { type master; file "db.passthru"; };
+	zone "given.zone" { type master; file "db.given"; };
+
+	zone "." {
+		type hint;
+		file "root.hint";
+	};
+
+	recursion yes;
+	dnssec-validation yes;
+};

bin/tests/system/rpzrecurse/tests.sh

@@ -390,5 +390,19 @@ if test $p1 -le $p2; then ret=1; fi
 if test $ret != 0; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+t=`expr $t + 1`
+echo_i "testing wildcard passthru before explicit drop (${t})"
+run_server wildcard4
+$DIG $DIGOPTS example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.1
+grep "status: NOERROR" dig.out.${t}.1 > /dev/null || {
+	echo_i "test ${t} failed"
+	status=1
+}
+$DIG $DIGOPTS www.example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.2
+grep "status: NOERROR" dig.out.${t}.2 > /dev/null || {
+	echo_i "test ${t} failed"
+	status=1
+}
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

bin/tests/system/run.sh

@@ -230,6 +230,8 @@ elif [ "$assertion_failures" -ne 0 ]; then
 elif [ "$sanitizer_summaries" -ne 0 ]; then
     echoinfo "I:$systest:$sanitizer_summaries sanitizer report(s) found"
     echofail "R:$systest:FAIL"
+elif [ "$status" != 0 ]; then
+    echofail "R:$systest:FAIL"
 else
     echopass "R:$systest:PASS"
     if $clean; then