--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS2
+
+options {
+ query-source address 10.53.0.8;
+ notify-source 10.53.0.8;
+ transfer-source 10.53.0.8;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.8; };
+ listen-on-v6 { none; };
+ recursion yes;
+ notify no;
+ dnssec-validation yes;
+ reject-000-label no;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.8 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+statistics-channels {
+ inet 10.53.0.8 port @EXTRAPORT1@ allow { any; };
+};
+
+zone "." {
+ type hint;
+ file "root.hints";
+};
+
+include "../ns1/trusted.conf";
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. NS ns1
+ns1 A 10.53.0.1
status=0
n=1
synth_default=yes
+reject_default=yes
rm -f dig.out.*
return 0
}
-for ns in 2 4 5 6 7
+for ns in 2 4 5 6 7 8
do
case $ns in
2) ad=yes; description="<default>";;
5) ad=yes; description="yes";;
6) ad=no; description="yes; dnssec-validation no";;
7) ad=yes; description="yes; server 10.53.0.1 { broken-nsec yes; };";;
+ 8) ad=yes; description="yes; reject-000-label no;";;
*) exit 1;;
esac
echo_i "prime negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
#
sleep 1
-for ns in 2 4 5 6 7
+for ns in 2 4 5 6 7 8
do
case $ns in
- 2) ad=yes synth=${synth_default} description="<default>";;
- 4) ad=yes synth=no description="no";;
- 5) ad=yes synth=yes description="yes";;
- 6) ad=no synth=no description="yes; dnssec-validation no";;
- 7) ad=yes synth=no description="yes; server 10.53.0.1 { broken-nsec yes; };";;
+ 2) ad=yes synth=${synth_default} reject=${reject_default} description="<default>";;
+ 4) ad=yes synth=no reject=${reject_default} description="no";;
+ 5) ad=yes synth=yes reject=${reject_default} description="yes";;
+ 6) ad=no synth=no reject=${reject_default} description="yes; dnssec-validation no";;
+ 7) ad=yes synth=no reject=${reject_default} description="yes; server 10.53.0.1 { broken-nsec yes; };";;
+ 8) ad=yes synth=yes reject=no description="yes; reject-000-label no;";;
*) exit 1;;
esac
echo_i "check synthesized NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
dig_with_opts black.minimal. @10.53.0.${ns} aaaa > dig.out.ns${ns}.test$n || ret=1
check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
check_status NOERROR dig.out.ns${ns}.test$n || ret=1
- if [ ${synth} = yes ]
+ if [ ${synth} = yes -a ${reject} = no ]
then
check_synth_soa minimal. dig.out.ns${ns}.test$n || ret=1
nextpart ns1/named.run | grep black.minimal/AAAA > /dev/null && ret=1
do
case $synthesized in
NXDOMAIN) count=1;;
- no-data) count=5;;
+ no-data) if [ ${reject} = yes ]; then count=4; else count=5; fi;;
wildcard) count=2;;
esac
echo_i "check 'rndc stats' output for 'synthesized a ${synthesized} response' (synth-from-dnssec ${description};) ($n)"
do
case $synthesized in
SynthNXDOMAIN) count=1;;
- SynthNODATA) count=5;;
+ SynthNODATA) if [ $reject = yes ]; then count=4; else count=5; fi;;
SynthWILDCARD) count=2;;
esac
do
case $synthesized in
SynthNXDOMAIN) count=1;;
- SynthNODATA) count=5;;
+ SynthNODATA) if [ $reject = yes ]; then count=4; else count=5; fi;;
SynthWILDCARD) count=2;;
esac
projects / thirdparty / bind9.git / commitdiff
