named was asserting when the notify source address was not available
and TSIG was being used. Check this scenario by adding a nameserver
to the zone which is configured to uses a non-existent source address
and a blackholed destination address and a TSIG using a server clause
for that destination address.
(cherry picked from commit
f99d7f421767bf709859f72368e5c0ac6bce2e6a)
zone x19 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
zone x20 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; };
zone x21 { type primary; file "x21.db"; allow-update { any; }; also-notify { x21; }; };
+
+key 10.53.0.53 {
+ algorithm hmac-sha256;
+ secret "aaaabbbbccccddddeeeeffffgggghhhhiiii";
+};
+
+server 10.53.0.53 {
+ notify-source 198.51.100.0; // non existant / not configured
+ keys 10.53.0.53;
+};
+
+zone "change-ns" {
+ type primary;
+ file "change-ns.db";
+ allow-update { any; };
+};
cp -f ns2/example1.db ns2/example.db
cp -f ns2/generic.db ns2/x21.db
+cp -f ns2/generic.db ns2/change-ns.db
wait_for_log 30 'retries exceeded' ns3/named.run || ret=1
test_end
+test_start "checking notify with bad notify source address and tsig"
+$NSUPDATE <<EOF
+server 10.53.0.2 ${PORT}
+zone change-ns
+update add change-ns 0 NS ns53.change-ns
+update add ns53.change-ns 0 A 10.53.0.53
+send
+EOF
+wait_for_log 10 "zone change-ns/IN: sending notify to 10.53.0.53#${PORT} : TSIG (10.53.0.53)" ns2/named.run
+dig_plus_opts ns change-ns @10.53.0.2 >dig.out.test$n || ret=1
+grep "ns2.change-ns." dig.out.test$n >/dev/null || ret=1
+test_end
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
[
"awk.out.*",
"dig.out.*",
+ "ns2/change-ns.db",
+ "ns2/change-ns.db.jnl",
"ns2/example.db",
"ns2/named-tls.conf",
"ns2/x21.db*",
projects / thirdparty / bind9.git / commitdiff
