Checking nxdomain-redirect against built-in RFC-1918 zone

Check that RFC 1918 leak detection does not trigger an assertion
when nxdomain redirection is enabled in the server but not for the
RFC 1918 reverse namespace.

diff --git a/bin/tests/system/redirect/ns3/redirect.db b/bin/tests/system/redirect/ns3/redirect.db
index b5b63dad542eecbee4552565e563065c38cd8aab..4f2d7a64d1ec28f966acb13f6e855f1150dd2503 100644 (file)
--- a/bin/tests/system/redirect/ns3/redirect.db
+++ b/bin/tests/system/redirect/ns3/redirect.db
@@ -12,5 +12,6 @@
 $TTL 300
 @ IN SOA a.root-servers.nil. hostmaster.example.net. 0 0 0 0 0
 @ IN NS a.root-servers.nil.
+10.in-addr.arpa        TXT turn off redirect
 * IN A 100.100.100.1
 * IN AAAA 2001:ffff:ffff::100.100.100.1

diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh
index 09d40cf8c3034bcb11c28c97e92e8f877bb96ed8..5d074907f39f7d7757aeffb777c9afd37513c447 100644 (file)
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -518,6 +518,14 @@ n=$((n + 1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+echo_i "checking nxdomain-redirect against built-in RFC-1918 zone ($n)"
+ret=0
+$DIG $DIGOPTS -x 10.0.0.1 @10.53.0.4 -b 10.53.0.2 >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+n=$((n + 1))
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
 ret=0
 $DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1