test: DS query against broken NODATA responses

This is a regresssion test for GL #4621 where the NODATA responses
are SOA records that match the QNAME rather than the zone name. In
particular for NS queries.

diff --git a/bin/tests/system/resolver/ans2/ans.pl b/bin/tests/system/resolver/ans2/ans.pl
index aa1d51b57a651b672c5ba52aa46707e109c3c04a..b17fd6ec2e1a54b92c9424bbf65ed521694a4cce 100644 (file)
--- a/bin/tests/system/resolver/ans2/ans.pl
+++ b/bin/tests/system/resolver/ans2/ans.pl
@@ -133,6 +133,38 @@ for (;;) {
                $packet->push("additional", new Net::DNS::RR("ns.broken 300 A 10.53.0.4"));
        } elsif ($qname =~ /\.partial-formerr/) {
                $packet->header->rcode("FORMERR");
+       } elsif ($qname eq "gl6412") {
+               if ($qtype eq "SOA") {
+                       $packet->push("answer",
+                             new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+               } elsif ($qtype eq "NS") {
+                       $packet->push("answer",
+                             new Net::DNS::RR($qname . " 300 NS ns2" . $qname));
+                       $packet->push("answer",
+                             new Net::DNS::RR($qname . " 300 NS ns3" . $qname));
+               } else {
+                       $packet->push("authority",
+                             new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+               }
+       } elsif ($qname eq "a.gl6412" || $qname eq "a.a.gl6412") {
+               $packet->push("authority",
+                             new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+       } elsif ($qname eq "ns2.gl6412") {
+               if ($qtype eq "A") {
+                       $packet->push("answer",
+                                     new Net::DNS::RR($qname . " 300 A 10.53.0.2"));
+               } else {
+                       $packet->push("authority",
+                                     new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+               }
+       } elsif ($qname eq "ns3.gl6412") {
+               if ($qtype eq "A") {
+                       $packet->push("answer",
+                                     new Net::DNS::RR($qname . " 300 A 10.53.0.3"));
+               } else {
+                       $packet->push("authority",
+                                     new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+               }
        } else {
                # Data for the "bogus referrals" test
                $packet->push("authority", new Net::DNS::RR("below.www.example.com 300 NS ns.below.www.example.com"));

diff --git a/bin/tests/system/resolver/ans3/ans.pl b/bin/tests/system/resolver/ans3/ans.pl
index 893c9ed8d5908f6043295a58c617058d097ab9a5..98f4ec04b5fc57c4c1ae8c70f4f7498120c4403e 100644 (file)
--- a/bin/tests/system/resolver/ans3/ans.pl
+++ b/bin/tests/system/resolver/ans3/ans.pl
@@ -142,6 +142,38 @@ sub handleQuery {
        } elsif ($qname =~ /\.partial-formerr/) {
                $packet->push("answer",
                              new Net::DNS::RR($qname .  " 1 A 10.53.0.3"));
+       } elsif ($qname eq "gl6412") {
+                if ($qtype eq "SOA") {
+                        $packet->push("answer",
+                              new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                } elsif ($qtype eq "NS") {
+                        $packet->push("answer",
+                              new Net::DNS::RR($qname . " 300 NS ns2" . $qname));
+                        $packet->push("answer",
+                              new Net::DNS::RR($qname . " 300 NS ns3" . $qname));
+                } else {
+                        $packet->push("authority",
+                              new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                }
+        } elsif ($qname eq "a.gl6412" || $qname eq "a.a.gl6412") {
+                $packet->push("authority",
+                              new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+        } elsif ($qname eq "ns2.gl6412") {
+                if ($qtype eq "A") {
+                        $packet->push("answer",
+                                      new Net::DNS::RR($qname . " 300 A 10.53.0.2"));
+                } else {
+                        $packet->push("authority",
+                                      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                }
+        } elsif ($qname eq "ns3.gl6412") {
+                if ($qtype eq "A") {
+                        $packet->push("answer",
+                                      new Net::DNS::RR($qname . " 300 A 10.53.0.3"));
+                } else {
+                        $packet->push("authority",
+                                      new Net::DNS::RR($qname . " 300 SOA . . 0 0 0 0 0"));
+                }
        } else {
                $packet->push("answer", new Net::DNS::RR("www.example.com 300 A 1.2.3.4"));
        }

diff --git a/bin/tests/system/resolver/ns6/root.db b/bin/tests/system/resolver/ns6/root.db
index 096381c3ce9ed8590afc3afbb3e1318d8cd70da6..35962fedf66743be7a4e0076d0364ca74d9ee127 100644 (file)
--- a/bin/tests/system/resolver/ns6/root.db
+++ b/bin/tests/system/resolver/ns6/root.db
@@ -34,3 +34,11 @@ edns-version.tld.    NS      ns.edns-version.tld.
 ns.edns-version.tld.   A       10.53.0.7
 v4only.net.            NS      v4.nameserver.
 v4.nameserver.         A       10.53.0.4
+;
+; Servers for regression test for GL #6412
+; They return broken NODATA responses (incorrect SOA) for the test zone.
+;
+gl6412.                        NS      ns2.gl6412.
+gl6412.                        NS      ns3.gl6412.
+ns2.gl6412.            A       10.53.0.2
+ns3.gl6412.            A       10.53.0.3

diff --git a/bin/tests/system/resolver/tests.sh b/bin/tests/system/resolver/tests.sh
index 65ef9b928b383a5ebc5ca48b328bf042382f2b4a..c4461971263b26d7cf8c931db0e22054a3526b7f 100755 (executable)
--- a/bin/tests/system/resolver/tests.sh
+++ b/bin/tests/system/resolver/tests.sh
@@ -829,6 +829,14 @@ grep "status: NOERROR" dig.out.${n} >/dev/null || ret=1
 nextpart ns5/named.run | grep "$msg" >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 
+n=$((n + 1))
+echo_i "GL#4612 regression test: DS query against broken NODATA responses (${n})"
+# servers ns2 and ns3 return authority SOA which matches QNAME rather than the zone
+ret=0
+dig_with_opts @10.53.0.7 a.a.gl6412 DS >dig.out.${n} || ret=1
+grep "status: SERVFAIL" dig.out.${n} >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+
 status=$((status + ret))
 
 echo_i "exit status: $status"