Commit d811a7d9 authored by Mark Andrews's avatar Mark Andrews
Browse files

4405. [bug] Change 4342 introduced a regression where you could

                        not remove a delegation in a NSEC3 signed zone using
                        OPTOUT via nsupdate. [RT #42702]
parent 44cb1a48
4405. [bug] Change 4342 introduced a regression where you could
not remove a delegation in a NSEC3 signed zone using
OPTOUT via nsupdate. [RT #42702]
4404. [misc] Allow krb5-config to be used when configuring gssapi.
[RT #42580]
......
......@@ -10,24 +10,26 @@
# Clean up after zone transfer tests.
#
rm -f ns1/*.jnl ns2/*.jnl
rm -f */named.memstats
rm -f */named.run
rm -f Kxxx.*
rm -f dig.out.*
rm -f jp.out.ns3.*
rm -f ns*/named.lock
rm -f ns1/*.jnl ns2/*.jnl ns3/*.jnl
rm -f ns1/example.db ns1/unixtime.db ns1/yyyymmddvv.db ns1/update.db ns1/other.db ns1/keytests.db
rm -f ns1/many.test.db
rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
rm -f ns1/sha512.key ns1/ddns.key
rm -f nsupdate.out
rm -f ns2/example.bk
rm -f ns2/update.bk ns2/update.alt.bk
rm -f */named.memstats
rm -f */named.run
rm -f nsupdate.out*
rm -f ns3/example.db.jnl ns3/example.db
rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test.
rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test.
rm -f ns3/*.signed
rm -f ns3/K*
rm -f dig.out.*
rm -f jp.out.ns3.*
rm -f Kxxx.*
rm -f ns3/delegation.test.db
rm -f ns3/dnskey.test.db
rm -f ns3/dsset-*
rm -f ns3/example.db
rm -f ns3/many.test.bk
rm -f ns3/nsec3param.test.db
rm -f nsupdate.out*
rm -f typelist.out.*
rm -f ns1/many.test.db ns3/many.test.db.jnl
rm -f ns3/many.test.bk ns3/many.test.bk.jnl
rm -f ns*/named.lock
; Copyright (C) 2011, 2016 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
$TTL 10
delegation.test. IN SOA delegation.test. hostmaster.delegation.test. 1 3600 900 2419200 3600
delegation.test. IN NS delegation.test.
delegation.test. IN A 10.53.0.3
......@@ -59,3 +59,9 @@ zone "many.test" {
allow-update-forwarding { any; };
file "many.test.bk";
};
zone "delegation.test" {
type master;
allow-update { any; };
file "delegation.test.db.signed";
};
......@@ -30,3 +30,14 @@ keyname2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
zone=delegation.test.
infile=delegation.test.db.in
zonefile=delegation.test.db
keyname1=`$KEYGEN -q -r $RANDFILE -3 -f KSK $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -3 $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -A -3 - -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
......@@ -647,5 +647,34 @@ grep "bad name" nsupdate.out4-$n > /dev/null && ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:check adding of delegating NS records processing ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
server 10.53.0.3 5300
zone delegation.test.
update add child.delegation.test. 3600 NS foo.example.net.
update add child.delegation.test. 3600 NS bar.example.net.
send
EOF
$DIG +tcp @10.53.0.3 -p 5300 ns child.delegation.test > dig.out.ns1.test$n
grep "status: NOERROR" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
n=`expr $n + 1`
echo "I:check deleting of delegating NS records processing ($n)"
ret=0
$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
server 10.53.0.3 5300
zone delegation.test.
update del child.delegation.test. 3600 NS foo.example.net.
update del child.delegation.test. 3600 NS bar.example.net.
send
EOF
$DIG +tcp @10.53.0.3 -p 5300 ns child.delegation.test > dig.out.ns1.test$n
grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
[ $ret = 0 ] || { echo I:failed; status=1; }
echo "I:exit status: $status"
[ $status -eq 0 ] || exit 1
......@@ -1330,7 +1330,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
CHECK(dns_db_createiterator(db, DNS_DB_NSEC3ONLY, &dbit));
result = dns_dbiterator_seek(dbit, hashname);
if (result == ISC_R_NOTFOUND)
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH)
goto success;
if (result != ISC_R_SUCCESS)
goto failure;
......@@ -1435,7 +1435,7 @@ dns_nsec3_delnsec3(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
&empty, origin, hash, iterations,
salt, salt_length));
result = dns_dbiterator_seek(dbit, hashname);
if (result == ISC_R_NOTFOUND)
if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH)
goto success;
if (result != ISC_R_SUCCESS)
goto failure;
......
......@@ -9082,6 +9082,8 @@ dbiterator_first(dns_dbiterator_t *iterator) {
dns_name_t *name, *origin;
if (rbtdbiter->result != ISC_R_SUCCESS &&
rbtdbiter->result != ISC_R_NOTFOUND &&
rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
......@@ -9135,6 +9137,8 @@ dbiterator_last(dns_dbiterator_t *iterator) {
dns_name_t *name, *origin;
if (rbtdbiter->result != ISC_R_SUCCESS &&
rbtdbiter->result != ISC_R_NOTFOUND &&
rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
......@@ -9185,6 +9189,7 @@ dbiterator_seek(dns_dbiterator_t *iterator, dns_name_t *name) {
if (rbtdbiter->result != ISC_R_SUCCESS &&
rbtdbiter->result != ISC_R_NOTFOUND &&
rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
......@@ -9410,6 +9415,8 @@ dbiterator_pause(dns_dbiterator_t *iterator) {
rbtdb_dbiterator_t *rbtdbiter = (rbtdb_dbiterator_t *)iterator;
if (rbtdbiter->result != ISC_R_SUCCESS &&
rbtdbiter->result != ISC_R_NOTFOUND &&
rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment