add hijack test

diff --git a/regression-tests.recursor/config.sh b/regression-tests.recursor/config.sh
index decaa7194d56d0511e2b4a12fce355076e2b4efb..cfdcae436f1160899b2d336244922a4acae3655b 100755 (executable)
--- a/regression-tests.recursor/config.sh
+++ b/regression-tests.recursor/config.sh
@@ -77,6 +77,10 @@ ghost.example.net.       3600 IN NS  ns.ghost.example.net.
 ns.ghost.example.net.    3600 IN A   $PREFIX.17
 ford.example.net.        3600 IN NS  ns.ford.example.net.
 ns.ford.example.net.     3600 IN A   $PREFIX.12
+hijackme.example.net.    3600 IN NS  ns.hijackme.example.net.
+ns.hijackme.example.net. 3600 IN A   $PREFIX.20
+hijacker.example.net.    3600 IN NS  ns.hijacker.example.net.
+ns.hijacker.example.net. 3600 IN A   $PREFIX.21
 EOF
 
 mkdir $PREFIX.11
@@ -298,6 +302,32 @@ function prequery ( dnspacket )
 end
 EOF
 
+### plain domain as target for hijacking
+mkdir $PREFIX.20
+cat > $PREFIX.20/hijackme.example.net.zone <<EOF
+hijackme.example.net.    3600 IN SOA $SOA
+hijackme.example.net.      20 IN NS  ns.hijackme.example.net.
+ns.hijackme.example.net.   20 IN A   $PREFIX.20
+www.hijackme.example.net.  20 IN A   192.0.2.20
+EOF
+
+### domain designed to hijack the A of ns.hijackme.example.net
+mkdir $PREFIX.21
+cat > $PREFIX.21/hijacker.example.net.zone <<EOF
+hijacker.example.net.    3600 IN SOA $SOA
+hijacker.example.net.      20 IN NS  ns.hijackme.example.net.
+;ns.hijackme.example.net.   20 IN A   $PREFIX.21
+
+EOF
+
+cat > $PREFIX.21/hijackme.example.net.zone <<EOF
+hijackme.example.net.    3600 IN SOA $SOA
+hijackme.example.net.      20 IN NS  ns.hijackme.example.net.
+ns.hijackme.example.net.   20 IN A   $PREFIX.21
+www.hijackme.example.net.  20 IN A   192.0.2.21
+
+EOF
+
 for dir in $PREFIX.*
 do
     cat > $dir/pdns.conf <<EOF

diff --git a/regression-tests.recursor/hijack-1/command b/regression-tests.recursor/hijack-1/command
new file mode 100755 (executable)
index 0000000..2733d94
--- /dev/null
+++ b/regression-tests.recursor/hijack-1/command
@@ -0,0 +1,5 @@
+#!/bin/sh
+. vars
+cleandig hijacker.example.net ns | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
+cleandig www.hijackme.example.net a | sed 's/\(.*\tIN\t[A-Z0-9]\+\t\)\([0-9]\+\)/\13600/'
+sleep 5
\ No newline at end of file

diff --git a/regression-tests.recursor/hijack-1/description b/regression-tests.recursor/hijack-1/description
new file mode 100644 (file)
index 0000000..35cb0b0
--- /dev/null
+++ b/regression-tests.recursor/hijack-1/description
@@ -0,0 +1,2 @@
+Check that we don't accept overrides for A records from out-of-bailiwick
+servers.

diff --git a/regression-tests.recursor/hijack-1/expected_result b/regression-tests.recursor/hijack-1/expected_result
new file mode 100644 (file)
index 0000000..97ffdb7
--- /dev/null
+++ b/regression-tests.recursor/hijack-1/expected_result
@@ -0,0 +1,6 @@
+0      hijacker.example.net.   IN      NS      3600    ns.hijackme.example.net.
+Rcode: 0, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='hijacker.example.net.', qtype=NS
+0      www.hijackme.example.net.       IN      A       3600    192.0.2.20
+Rcode: 0, RD: 1, QR: 1, TC: 0, AA: 0, opcode: 0
+Reply to question for qname='www.hijackme.example.net.', qtype=A