if [ $ret -ne 0 ]; then echo_i "failed"; fi
status=$((status + ret))
+##########################################################################
+# GL #5801
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Add empty APL allow-query to catalog-misc zone using nsupdate ($n)"
+ret=0
+# Using "\# 0" form as a workaround for nsupdate not parsing zero length rdata
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+ server 10.53.0.1 ${PORT}
+ update add allow-query.ext.catalog-misc.example. 3600 IN APL \# 0
+ send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: catalog-misc.example: reload done: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "Adding a domain check-allow-query.example. to primary via RNDC ($n)"
+ret=0
+echo "@ 3600 IN SOA . . 1 3600 3600 3600 3600" >ns1/check-allow-query.example.db
+echo "@ 3600 IN NS invalid." >>ns1/check-allow-query.example.db
+rndccmd 10.53.0.1 addzone check-allow-query.example. in default '{ type primary; file "check-allow-query.example.db"; allow-transfer { any; }; allow-update { any; }; notify explicit; also-notify { 10.53.0.4; }; };' || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "checking that check-allow-query.example. is now served by primary ($n)"
+ret=0
+wait_for_soa @10.53.0.1 check-allow-query.example. dig.out.test$n || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Adding domain check-allow-query.example. to catalog-misc zone ($n)"
+ret=0
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+ server 10.53.0.1 ${PORT}
+ update add check-allow-query.zones.catalog-misc.example. 3600 IN PTR check-allow-query.example.
+ update add primaries.ext.check-allow-query.zones.catalog-misc.example. 3600 IN A 10.53.0.1
+ send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: adding zone 'check-allow-query.example' from catalog 'catalog-misc.example'" \
+ && wait_for_message ns4/named.run "transfer of 'check-allow-query.example/IN' from 10.53.0.1#${PORT}: Transfer status: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "checking that check-allow-query.example. is not served by secondary ($n)"
+ret=0
+wait_for_soa @10.53.0.4 check-allow-query.example. dig.out.test$n && ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Deleting empty allow-query property from catalog-misc zone ($n)"
+ret=0
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+ server 10.53.0.1 ${PORT}
+ update delete allow-query.ext.catalog-misc.example. 3600 IN APL
+ send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: catalog-misc.example: reload done: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "checking that check-allow-query.example. is now served by secondary ($n)"
+ret=0
+wait_for_soa @10.53.0.4 check-allow-query.example. dig.out.test$n || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
##########################################################################
# GL #5658
projects / thirdparty / bind9.git / commitdiff
