Check SOA without DNSKEY behaviour

diff --git a/bin/tests/system/synthfromdnssec/clean.sh b/bin/tests/system/synthfromdnssec/clean.sh
index 12e5ca13882aa80a5b6f754daabbb30443bb61b2..e4a0ad86ebcdcbccbe3ad4af8a26efbe3780116b 100644 (file)
--- a/bin/tests/system/synthfromdnssec/clean.sh
+++ b/bin/tests/system/synthfromdnssec/clean.sh
@@ -30,6 +30,8 @@ rm -f ./ns1/minimal.db
 rm -f ./ns1/minimal.db.signed
 rm -f ./ns1/root.db
 rm -f ./ns1/root.db.signed
+rm -f ./ns1/soa-without-dnskey.db
+rm -f ./ns1/soa-without-dnskey.db.signed
 rm -f ./ns1/trusted.conf
 rm -f ./ns2/named_dump.db
 rm -f ./ns*/managed-keys.bind*

diff --git a/bin/tests/system/synthfromdnssec/ns1/named.conf.in b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
index 7f157df3ff59f580c9bc33b5e0ed179a32419a43..136a98bf6ebf7753dde47bb1dee66d43df8a7a11 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns1/named.conf.in
+++ b/bin/tests/system/synthfromdnssec/ns1/named.conf.in
@@ -62,4 +62,9 @@ zone "minimal" {
        file "minimal.db.signed";
 };
 
+zone "soa-without-dnskey" {
+       type primary;
+       file "soa-without-dnskey.db.signed";
+};
+
 include "trusted.conf";

diff --git a/bin/tests/system/synthfromdnssec/ns1/root.db.in b/bin/tests/system/synthfromdnssec/ns1/root.db.in
index 3ef5f9702d6440c748d7735206ddcfae57de09ec..9c63514846b96ba72872558301d21b0775082276 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns1/root.db.in
+++ b/bin/tests/system/synthfromdnssec/ns1/root.db.in
@@ -17,3 +17,5 @@ dnamed                NS      ns1.dnamed
 ns1.dnamed     A       10.53.0.1
 minimal                NS      ns1.minimal
 ns1.minimal    A       10.53.0.1
+soa-without-dnskey NS  ns1.soa-without-dnskey
+ns1.soa-without-dnskey A 10.53.0.1

diff --git a/bin/tests/system/synthfromdnssec/ns1/sign.sh b/bin/tests/system/synthfromdnssec/ns1/sign.sh
index ee517b0a09978ec82f498f336efea519bb5fb135..572dadaa6617506da737b3200d3944780ae5cb6a 100644 (file)
--- a/bin/tests/system/synthfromdnssec/ns1/sign.sh
+++ b/bin/tests/system/synthfromdnssec/ns1/sign.sh
@@ -51,6 +51,16 @@ cat "$infile" "$keyname.key" > "$zonefile"
 # do not regenerate NSEC chain as there in a minimal NSEC record present
 $SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null
 
+zone=soa-without-dnskey
+infile=soa-without-dnskey.db.in
+zonefile=soa-without-dnskey.db
+
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+cat "$infile" "$keyname.key" > "$zonefile"
+
+# do not regenerate NSEC chain as there in a minimal NSEC record present
+$SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null
+
 zone=.
 infile=root.db.in
 zonefile=root.db

diff --git a/bin/tests/system/synthfromdnssec/ns1/soa-without-dnskey.db.in b/bin/tests/system/synthfromdnssec/ns1/soa-without-dnskey.db.in
new file mode 100644 (file)
index 0000000..6e51db2
--- /dev/null
+++ b/bin/tests/system/synthfromdnssec/ns1/soa-without-dnskey.db.in
@@ -0,0 +1,12 @@
+$TTL 3600
+soa-without-dnskey.    3600    SOA     ns1.soa-without-dnskey. hostmaster.soa-without-dnskey. (
+                                       1          ; serial
+                                       3600       ; refresh (1 hour)
+                                       1200       ; retry (20 minutes)
+                                       604800     ; expire (1 week)
+                                       3600       ; minimum (1 hour)
+                                       )
+                       3600    NS      ns1.soa-without-dnskey.
+                       3600    NSEC    ns1.soa-without-dnskey. NS SOA RRSIG NSEC
+ns1.soa-without-dnskey.        3600    A       10.53.0.1
+                       3600    NSEC    soa-without-dnskey. A RRSIG NSEC

diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh
index 7bceeaf6c20374f6c3a40656808f55988ab65a8a..614a1145ccdb115580747b1e8da291fd6ac295f8 100644 (file)
--- a/bin/tests/system/synthfromdnssec/tests.sh
+++ b/bin/tests/system/synthfromdnssec/tests.sh
@@ -302,6 +302,18 @@ do
     n=$((n+1))
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
+
+    echo_i "prime SOA without DNSKEY bad type map NODATA response (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    dig_with_opts soa-without-dnskey. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1
+    check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+    check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+    check_nosynth_soa soa-without-dnskey. dig.out.ns${ns}.test$n || ret=1
+    grep 'soa-without-dnskey.*3600.IN.NSEC.ns1.soa-without-dnskey. NS SOA RRSIG NSEC$' dig.out.ns${ns}.test$n > /dev/null || ret=1
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
 done
 
 echo_i "prime redirect response (+nodnssec) (synth-from-dnssec <default>;) ($n)"
@@ -616,6 +628,17 @@ do
     if [ $ret != 0 ]; then echo_i "failed"; fi
     status=$((status+ret))
 
+    echo_i "check SOA without DNSKEY bad type map NODATA response (synth-from-dnssec ${description};) ($n)"
+    ret=0
+    dig_with_opts soa-without-dnskey. @10.53.0.${ns} A > dig.out.ns${ns}.test$n || ret=1
+    check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+    check_status NOERROR dig.out.ns${ns}.test$n || ret=1
+    check_nosynth_soa soa-without-dnskey. dig.out.ns${ns}.test$n || ret=1
+    grep 'soa-without-dnskey.*3600.IN.NSEC.ns1.soa-without-dnskey. NS SOA RRSIG NSEC$' dig.out.ns${ns}.test$n > /dev/null || ret=1
+    n=$((n+1))
+    if [ $ret != 0 ]; then echo_i "failed"; fi
+    status=$((status+ret))
+
     echo_i "check 'rndc stats' output for 'covering nsec returned' (synth-from-dnssec ${description};) ($n)"
     ret=0
     ${RNDCCMD} 10.53.0.${ns} stats 2>&1 | sed 's/^/ns6 /' | cat_i