Commit c5a4bc8b authored by Diego dos Santos Fronza's avatar Diego dos Santos Fronza Committed by Evan Hunt

Add test for RPZ wildcard passthru ignored fix

parent c2928c2e
; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
;
; See the COPYRIGHT file distributed with this work for additional
; information regarding copyright ownership.
$TTL 3600
@ IN SOA ns.example.com. root.example.com. 1 3600 3600 3600 3600
@ NS ns.example.com.
ns.example.com. A 10.53.0.1
@ A 1.2.3.4
www A 1.2.3.5
......@@ -58,11 +58,16 @@ zone "l2.l1.l0" {
};
zone "test1.example.net" {
type master;
file "test1.example.net.db";
type master;
file "test1.example.net.db";
};
zone "test2.example.net" {
type master;
file "test2.example.net.db";
type master;
file "test2.example.net.db";
};
zone "example.com" {
type master;
file "example.com.db";
};
$ORIGIN given.zone.
$TTL 3600
@ IN SOA ns.given.zone. hostmaster.given.zone. 1 600 300 604800 3600
IN NS ns.given.zone.
ns.given.zone. IN A 127.0.0.1
; this should be ignored as it matches an earlier passthru entry.
example.com CNAME .
; this should be ignored as it matches an earlier wildcard passthru entry.
www.example.com CNAME .
$ORIGIN passthru.zone.
$TTL 3600
@ IN SOA ns.passthru.zone. hostmaster.passthru.zone. 1 600 300 604800 3600
IN NS ns.passthru.zone.
ns.passthru.zone. IN A 127.0.0.1
example.com CNAME rpz-passthru.
*.example.com CNAME rpz-passthru.
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
# common configuration
include "named.conf.header";
view "recursive" {
# policy configuration to be tested
response-policy {
zone "passthru.zone" policy passthru;
zone "given.zone" policy given;
} qname-wait-recurse yes
nsdname-enable yes
nsip-enable yes;
# policy zones to be tested
zone "passthru.zone" { type master; file "db.passthru"; };
zone "given.zone" { type master; file "db.given"; };
zone "." {
type hint;
file "root.hint";
};
recursion yes;
dnssec-validation yes;
};
......@@ -473,6 +473,21 @@ for mode in native dnsrps; do
status=1
}
t=`expr $t + 1`
echo_i "testing wildcard passthru before explicit drop (${t})"
add_test_marker 10.53.0.2
run_server wildcard4
$DIG $DIGOPTS example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.1
grep "status: NOERROR" dig.out.${t}.1 > /dev/null || {
echo_i "test ${t} failed"
status=1
}
$DIG $DIGOPTS www.example.com a @10.53.0.2 -p ${PORT} > dig.out.${t}.2
grep "status: NOERROR" dig.out.${t}.2 > /dev/null || {
echo_i "test ${t} failed"
status=1
}
if [ "$mode" = "native" ]; then
# Check for invalid prefix length error
t=`expr $t + 1`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment