+++ /dev/null
-
-; <<>> DiG 8.2 <<>> -p @10.53.0.3 +norec data.child.example txt
-; (1 server found)
-;; res options: init defnam dnsrch
-;; got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 216
-;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
-;; QUERY SECTION:
-;; data.child.example, type = TXT, class = IN
-
-;; AUTHORITY SECTION:
-child.example. 5M IN NS ns2.child.example.
-
-;; ADDITIONAL SECTION:
-ns2.child.example. 5M IN A 10.53.0.2
-
-;; Total query time: 3 msec
-;; FROM: draco to SERVER: 10.53.0.3
-;; WHEN: Wed Jun 21 10:58:37 2000
-;; MSG SIZE sent: 36 rcvd: 70
-
+++ /dev/null
-
-; <<>> DiG 8.2 <<>> -p @10.53.0.3 data.child.example txt
-; (1 server found)
-;; res options: init recurs defnam dnsrch
-;; got answer:
-;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
-;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
-;; QUERY SECTION:
-;; data.child.example, type = TXT, class = IN
-
-;; ANSWER SECTION:
-data.child.example. 5M IN TXT "some" "test" "data"
-
-;; Total query time: 8 msec
-;; FROM: draco to SERVER: 10.53.0.3
-;; WHEN: Wed Jun 21 10:58:54 2000
-;; MSG SIZE sent: 36 rcvd: 97
-
minimal-responses no;
};
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm @DEFAULT_HMAC@;
+};
+
+controls {
+ inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
zone "." {
type hint;
file "../../_common/root.hint";
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-DIGOPTS="+tcp -p ${PORT}"
-
-status=0
-echo_i "check that the stub zone has been saved to disk"
-for i in 1 2 3 4 5 6 7 8 9 20; do
- [ -f ns3/child.example.st ] && break
- sleep 1
-done
-[ -f ns3/child.example.st ] || {
- status=1
- echo_i "failed"
-}
-
-for pass in 1 2; do
-
- echo_i "trying an axfr that should be denied (NOTAUTH) (pass=$pass)"
- ret=0
- $DIG $DIGOPTS child.example. @10.53.0.3 axfr >dig.out.ns3 || ret=1
- grep "; Transfer failed." dig.out.ns3 >/dev/null || ret=1
- [ $ret = 0 ] || {
- status=1
- echo_i "failed"
- }
-
- echo_i "look for stub zone data without recursion (should not be found) (pass=$pass)"
- for i in 1 2 3 4 5 6 7 8 9; do
- ret=0
- $DIG $DIGOPTS +norec data.child.example. \
- @10.53.0.3 txt >dig.out.ns3 || ret=1
- grep "status: NOERROR" dig.out.ns3 >/dev/null || ret=1
- [ $ret = 0 ] && break
- sleep 1
- done
- digcomp knowngood.dig.out.norec dig.out.ns3 || ret=1
- [ $ret = 0 ] || {
- status=1
- echo_i "failed"
- }
-
- echo_i "look for stub zone data with recursion (should be found) (pass=$pass)"
- ret=0
- $DIG $DIGOPTS +noauth +noadd data.child.example. @10.53.0.3 txt >dig.out.ns3 || ret=1
- digcomp knowngood.dig.out.rec dig.out.ns3 || ret=1
- [ $ret = 0 ] || {
- status=1
- echo_i "failed"
- }
-
- [ $pass = 1 ] && {
- echo_i "stopping stub server"
- stop_server ns3
-
- echo_i "re-starting stub server"
- start_server --noclean --restart --port ${PORT} ns3
- }
-done
-
-echo_i "check that glue record is correctly transferred from primary when minimal-responses is on"
-ret=0
-# First ensure that zone data was transfered.
-for i in 1 2 3 4 5 6 7; do
- [ -f ns5/example.db ] && break
- sleep 1
-done
-
-if [ -f ns5/example.db ]; then
- # If NS glue wasn't transferred, this query would fail.
- $DIG $DIGOPTS +nodnssec @10.53.0.5 target.example. txt >dig.out.ns5 || ret=1
- grep 'target\.example.*TXT.*"test"' dig.out.ns5 >/dev/null || ret=1
- # Ensure both ipv4 and ipv6 glue records were transferred.
- grep -E 'ns4.example.[[:space:]]+300 IN A[[:space:]]+10.53.0.4' ns5/example.db >/dev/null || ret=1
- grep -E 'ns4.example.[[:space:]]+300 IN AAAA[[:space:]]+fd92:7065:b8e:ffff::4' ns5/example.db >/dev/null || ret=1
- [ $ret = 0 ] || {
- status=1
- echo_i "failed"
- }
-else
- status=1
- echo_i "failed: stub zone transfer failed ns4(primary) <---> ns5/example.db"
-fi
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1
+++ /dev/null
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-import pytest
-
-pytestmark = pytest.mark.extra_artifacts(
- [
- "dig.out.*",
- "ns3/child.example.st",
- "ns5/example.db",
- ]
-)
-
-
-def test_stub(run_tests_sh):
- run_tests_sh()
--- /dev/null
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+
+import os
+
+import dns.message
+import pytest
+
+import isctest
+
+pytestmark = pytest.mark.extra_artifacts(
+ [
+ "dig.out.*",
+ "ns3/child.example.st",
+ "ns5/example.db",
+ ]
+)
+
+
+def test_stub_zones_availability(servers):
+ # check that the stub zone has been saved to disk
+ assert os.path.exists("ns3/child.example.st")
+
+ # try an AXFR that should be denied (NOTAUTH)
+ def axfr_denied():
+ msg = dns.message.make_query("child.example.", "AXFR")
+ res = isctest.query.tcp(msg, "10.53.0.3")
+ isctest.check.notauth(res)
+
+ # look for stub zone data without recursion (should not be found)
+ def stub_zone_lookout_without_recursion():
+ # drop all flags (dns.flags.RD is set by default)
+ msg = dns.message.make_query("data.child.example.", "TXT")
+ msg.flags = 0
+ res = isctest.query.tcp(msg, "10.53.0.3")
+ isctest.check.noerror(res)
+ assert not res.answer
+ assert res.authority[0] == dns.rrset.from_text(
+ "child.example.", "300", "IN", "NS", "ns2.child.example."
+ )
+ assert res.additional[0] == dns.rrset.from_text(
+ "ns2.child.example.", "300", "IN", "A", "10.53.0.2"
+ )
+
+ # look for stub zone data with recursion (should be found)
+ def stub_zone_lookout_with_recursion():
+ # dns.flags.RD is set by default
+ msg = dns.message.make_query("data.child.example.", "TXT")
+ res = isctest.query.tcp(msg, "10.53.0.3")
+ isctest.check.noerror(res)
+ assert res.answer[0] == dns.rrset.from_text(
+ "data.child.example.", "300", "IN", "TXT", '"some" "test" "data"'
+ )
+
+ axfr_denied()
+ stub_zone_lookout_without_recursion()
+ stub_zone_lookout_with_recursion()
+
+ servers["ns3"].stop()
+ servers["ns3"].start(["--noclean", "--restart", "--port", os.environ["PORT"]])
+
+ axfr_denied()
+ stub_zone_lookout_without_recursion()
+ stub_zone_lookout_with_recursion()
+
+
+# check that glue record is correctly transferred from primary when the "minimal-responses" option is on
+def test_stub_glue_record_with_minimal_response():
+ # ensure zone data were transfered
+ assert os.path.exists("ns5/example.db")
+
+ # this query would fail if NS glue wasn't transferred
+ msg_txt = dns.message.make_query("target.example.", "TXT", want_dnssec=False)
+ res_txt = isctest.query.tcp(msg_txt, "10.53.0.5")
+ isctest.check.noerror(res_txt)
+ assert res_txt.answer[0] == dns.rrset.from_text(
+ "target.example.", "300", "IN", "TXT", '"test"'
+ )
+
+ # ensure both IPv4 and IPv6 glue records were transferred
+ msg_a = dns.message.make_query("ns4.example.", "A")
+ res_a = isctest.query.tcp(msg_a, "10.53.0.5")
+ assert res_a.answer[0] == dns.rrset.from_text(
+ "ns4.example.", "300", "IN", "A", "10.53.0.4"
+ )
+
+ msg_aaaa = dns.message.make_query("ns4.example.", "AAAA")
+ res_aaaa = isctest.query.tcp(msg_aaaa, "10.53.0.5")
+ assert res_aaaa.answer[0] == dns.rrset.from_text(
+ "ns4.example.", "300", "IN", "AAAA", "fd92:7065:b8e:ffff::4"
+ )
projects / thirdparty / bind9.git / commitdiff
