--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 0 NS ns.rootservers.utld.
+ns.rootservers.utld. 0 A 10.53.0.1
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { fd92:7065:b8e:ffff::5; };
+ recursion yes;
+ dnssec-validation no;
+ notify yes;
+ dns64 64:ff9b::/96 {
+ clients { any; };
+ exclude { any; };
+ mapped { any; };
+ };
+ filter-aaaa-on-v4 break-dnssec;
+ filter-aaaa { any; };
+ minimal-responses no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.5 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "." { type hint; file "hints"; };
copy_setports ns2/named1.conf.in ns2/named.conf
copy_setports ns3/named1.conf.in ns3/named.conf
copy_setports ns4/named1.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
(cd ns1 && $SHELL -e sign.sh)
(cd ns4 && $SHELL -e sign.sh)
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+# We don't check for the AAAA record here as configuration in ns5 does
+# not make sense. The AAAA record is wanted by filter-aaaa but discarded
+# by the dns64 configuration. We just want to ensure the server stays
+# running.
+n=`expr $n + 1`
+echo_i "checking filter-aaaa with dns64 ($n)"
+ret=0
+$DIG $DIGOPTS aaaa aaaa-only.unsigned @10.53.0.5 > dig.out.ns5.test$n || ret=1
+grep "status: NOERROR" dig.out.ns5.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
return (query_done(qctx));
}
- result = query_filter_aaaa(qctx);
- if (result != ISC_R_COMPLETE)
- return (result);
/*
* Check to see if the AAAA RRset has non-excluded addresses
* in it. If not look for a A RRset.
+ *
+ * Note: the order of dns64_aaaaok() and query_filter_aaaa() is
+ * important. query_filter_aaaa() calls query_recurse() but
+ * continues so that the AAAA records are added. If the
+ * order is reversed client->query.fetch will be non-NULL
+ * when query_lookup() is called leading to a assertion.
*/
INSIST(qctx->client->query.dns64_aaaaok == NULL);
return (query_lookup(qctx));
}
+ result = query_filter_aaaa(qctx);
+ if (result != ISC_R_COMPLETE)
+ return (result);
+
if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) {
sigrdatasetp = &qctx->sigrdataset;
}
./bin/tests/system/filter-aaaa/ns4/sign.sh SH 2010,2012,2014,2016,2018
./bin/tests/system/filter-aaaa/ns4/signed.db.in ZONE 2010,2012,2016,2017,2018
./bin/tests/system/filter-aaaa/ns4/unsigned.db ZONE 2010,2012,2016,2017,2018
+./bin/tests/system/filter-aaaa/ns5/hints ZONE 2018
+./bin/tests/system/filter-aaaa/ns5/named.conf.in CONF-C 2018
./bin/tests/system/filter-aaaa/setup.sh SH 2010,2012,2014,2016,2017,2018
./bin/tests/system/filter-aaaa/tests.sh SH 2010,2012,2015,2016,2018
./bin/tests/system/formerr/clean.sh SH 2013,2014,2015,2016,2018
projects / thirdparty / bind9.git / commitdiff
