file "root.hint";
};
+{% set automatic_empty_zones = automatic_empty_zones | default(False) %}
+{% if automatic_empty_zones %}
zone "1.10.in-addr.arpa" {
type primary; file "empty.db";
};
+{% else %}
+include "rfc1918.zones";
+{% endif %}
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-key rndc_key {
- algorithm @DEFAULT_HMAC@;
- secret "1234abcd8765";
-};
-
-controls {
- inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
-};
-
-options {
- query-source address 10.53.0.1;
- notify-source 10.53.0.1;
- transfer-source 10.53.0.1;
- port @PORT@;
- pid-file "named.pid";
- listen-on { 10.53.0.1; };
- listen-on-v6 { none; };
- recursion yes;
- dnssec-validation no;
- deny-answer-addresses { 192.0.2.0/24; 2001:db8:beef::/48; }
- except-from { "example.org"; };
- deny-answer-aliases { "example.org"; }
- except-from { "goodcname.example.net";
- "gooddname.example.net"; };
- allow-query {!10.53.0.8; any; };
-};
-
-zone "." {
- type hint;
- file "root.hint";
-};
-
-include "rfc1918.zones";
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-. ../conf.sh
-
-copy_setports ns1/named1.conf.in ns1/named.conf
+++ /dev/null
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-DIGOPTS="-p ${PORT}"
-RNDCCMD="$RNDC -c ../_common/rndc.conf -p ${CONTROLPORT} -s"
-
-status=0
-n=0
-
-n=$((n + 1))
-echo_i "check that switching to automatic empty zones works ($n)"
-ret=0
-rndc_reload ns1 10.53.0.1
-
-copy_setports ns1/named2.conf.in ns1/named.conf
-$RNDCCMD 10.53.0.1 reload >/dev/null || ret=1
-sleep 5
-
-$DIG $DIGOPTS +vc version.bind txt ch @10.53.0.1 >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-n=$((n + 1))
-echo_i "check that allow-transfer { none; } works ($n)"
-ret=0
-$DIG $DIGOPTS axfr 10.in-addr.arpa @10.53.0.1 +all >dig.out.test$n || ret=1
-grep "status: REFUSED" dig.out.test$n >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1
--- /dev/null
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import dns.message
+
+import isctest
+
+
+def test_emptyzones(servers, templates):
+ # check that switching to automatic empty zones works
+ ns1 = servers["ns1"]
+ ns1.rndc("reload")
+ templates.render("ns1/named.conf", {"automatic_empty_zones": True})
+ ns1.rndc("reload")
+ msg = dns.message.make_query("version.bind", "TXT", "CH")
+ res = isctest.query.tcp(msg, "10.53.0.1")
+ isctest.check.noerror(res)
+
+ # check that allow-transfer { none; } works
+ msg = dns.message.make_query("10.in-addr.arpa", "AXFR")
+ res = isctest.query.tcp(msg, "10.53.0.1")
+ isctest.check.refused(res)
+++ /dev/null
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-import pytest
-
-pytestmark = pytest.mark.extra_artifacts(
- [
- "dig.out.*",
- ]
-)
-
-
-def test_emptyzones(run_tests_sh):
- run_tests_sh()
projects / thirdparty / bind9.git / commitdiff
