+4405. [bug] Change 4342 introduced a regression where you could
+ not remove a delegation in a NSEC3 signed zone using
+ OPTOUT via nsupdate. [RT #42702]
+
4387. [bug] Change 4336 was not complete leading to SERVFAIL
being return as NS records expired. [RT #42683]
# Clean up after zone transfer tests.
#
-rm -f ns1/*.jnl ns2/*.jnl
+rm -f */named.memstats
+rm -f */named.run
+rm -f Kxxx.*
+rm -f dig.out.*
+rm -f jp.out.ns3.*
+rm -f ns*/named.lock
+rm -f ns1/*.jnl ns2/*.jnl ns3/*.jnl
rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/keytests.db
+rm -f ns1/example.db ns1/unixtime.db ns1/yyyymmddvv.db ns1/update.db ns1/other.db ns1/keytests.db
+rm -f ns1/many.test.db
rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
rm -f ns1/sha512.key ns1/ddns.key
-rm -f nsupdate.out
rm -f ns2/example.bk
rm -f ns2/update.bk ns2/update.alt.bk
-rm -f */named.memstats
-rm -f */named.run
-rm -f nsupdate.out*
-rm -f ns3/example.db.jnl ns3/example.db
-rm -f ns3/nsec3param.test.db.signed.jnl ns3/nsec3param.test.db ns3/nsec3param.test.db.signed ns3/dsset-nsec3param.test.
-rm -f ns3/dnskey.test.db.signed.jnl ns3/dnskey.test.db ns3/dnskey.test.db.signed ns3/dsset-dnskey.test.
+rm -f ns3/*.signed
rm -f ns3/K*
-rm -f dig.out.*
-rm -f jp.out.ns3.*
-rm -f Kxxx.*
+rm -f ns3/delegation.test.db
+rm -f ns3/dnskey.test.db
+rm -f ns3/dsset-*
+rm -f ns3/example.db
+rm -f ns3/many.test.bk
+rm -f ns3/nsec3param.test.db
+rm -f nsupdate.out*
+rm -f typelist.out.*
--- /dev/null
+; Copyright (C) 2011, 2016 Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+$TTL 10
+delegation.test. IN SOA delegation.test. hostmaster.delegation.test. 1 3600 900 2419200 3600
+delegation.test. IN NS delegation.test.
+delegation.test. IN A 10.53.0.3
allow-update { any; };
file "dnskey.test.db.signed";
};
+
+zone "delegation.test" {
+ type master;
+ allow-update { any; };
+ file "delegation.test.db.signed";
+};
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
+
+zone=delegation.test.
+infile=delegation.test.db.in
+zonefile=delegation.test.db
+
+keyname1=`$KEYGEN -q -r $RANDFILE -3 -f KSK $zone`
+keyname2=`$KEYGEN -q -r $RANDFILE -3 $zone`
+
+cat $infile $keyname1.key $keyname2.key >$zonefile
+
+$SIGNER -A -3 - -P -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
status=1
fi
+n=`expr $n + 1`
+echo "I:check adding of delegating NS records processing ($n)"
+ret=0
+$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
+server 10.53.0.3 5300
+zone delegation.test.
+update add child.delegation.test. 3600 NS foo.example.net.
+update add child.delegation.test. 3600 NS bar.example.net.
+send
+EOF
+$DIG +tcp @10.53.0.3 -p 5300 ns child.delegation.test > dig.out.ns1.test$n
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
+grep "AUTHORITY: 2" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
+[ $ret = 0 ] || { echo I:failed; status=1; }
+
+n=`expr $n + 1`
+echo "I:check deleting of delegating NS records processing ($n)"
+ret=0
+$NSUPDATE -v << EOF > nsupdate.out-$n 2>&1 || ret=1
+server 10.53.0.3 5300
+zone delegation.test.
+update del child.delegation.test. 3600 NS foo.example.net.
+update del child.delegation.test. 3600 NS bar.example.net.
+send
+EOF
+$DIG +tcp @10.53.0.3 -p 5300 ns child.delegation.test > dig.out.ns1.test$n
+grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null 2>&1 || ret=1
+[ $ret = 0 ] || { echo I:failed; status=1; }
+
echo "I:exit status: $status"
exit $status
CHECK(dns_db_createiterator(db, DNS_DB_NSEC3ONLY, &dbit));
result = dns_dbiterator_seek(dbit, hashname);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH)
goto success;
if (result != ISC_R_SUCCESS)
goto failure;
&empty, origin, hash, iterations,
salt, salt_length));
result = dns_dbiterator_seek(dbit, hashname);
- if (result == ISC_R_NOTFOUND)
+ if (result == ISC_R_NOTFOUND || result == DNS_R_PARTIALMATCH)
goto success;
if (result != ISC_R_SUCCESS)
goto failure;
dns_name_t *name, *origin;
if (rbtdbiter->result != ISC_R_SUCCESS &&
+ rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
dns_name_t *name, *origin;
if (rbtdbiter->result != ISC_R_SUCCESS &&
+ rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
if (rbtdbiter->result != ISC_R_SUCCESS &&
rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
rbtdb_dbiterator_t *rbtdbiter = (rbtdb_dbiterator_t *)iterator;
if (rbtdbiter->result != ISC_R_SUCCESS &&
+ rbtdbiter->result != ISC_R_NOTFOUND &&
+ rbtdbiter->result != DNS_R_PARTIALMATCH &&
rbtdbiter->result != ISC_R_NOMORE)
return (rbtdbiter->result);
projects / thirdparty / bind9.git / commitdiff
