--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+server 10.0.0/24 {
+ broken-nsec yes;
+};
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS2
+
+options {
+ query-source address 10.53.0.7;
+ notify-source 10.53.0.7;
+ transfer-source 10.53.0.7;
+ port @PORT@;
+ pid-file "named.pid";
+ listen-on { 10.53.0.7; };
+ listen-on-v6 { none; };
+ recursion yes;
+ notify no;
+ dnssec-validation yes;
+};
+
+server 10.53.0.1 {
+ broken-nsec yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+
+controls {
+ inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+statistics-channels {
+ inet 10.53.0.7 port @EXTRAPORT1@ allow { any; };
+};
+
+zone "." {
+ type hint;
+ file "root.hints";
+};
+
+include "../ns1/trusted.conf";
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. NS ns1
+ns1 A 10.53.0.1
copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
copy_setports ns6/named.conf.in ns6/named.conf
+copy_setports ns7/named.conf.in ns7/named.conf
(
cd ns1
return 0
}
-for ns in 2 4 5 6
+for ns in 2 4 5 6 7
do
case $ns in
2) ad=yes; description="<default>";;
4) ad=yes; description="no";;
5) ad=yes; description="yes";;
6) ad=no; description="yes; dnssec-validation no";;
+ 7) ad=yes; description="yes; server 10.53.0.1 { broken-nsec yes; };";;
*) exit 1;;
esac
echo_i "prime negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
#
sleep 1
-for ns in 2 4 5 6
+for ns in 2 4 5 6 7
do
case $ns in
2) ad=yes synth=${synth_default} description="<default>";;
4) ad=yes synth=no description="no";;
5) ad=yes synth=yes description="yes";;
6) ad=no synth=no description="yes; dnssec-validation no";;
+ 7) ad=yes synth=no description="yes; server 10.53.0.1 { broken-nsec yes; };";;
*) exit 1;;
esac
echo_i "check synthesized NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
count=$(grep "cache NSEC auxiliary database nodes" ns${ns}/named.stats | wc -l)
test $count = 2 || ret=1
zero=$(grep "0 cache NSEC auxiliary database nodes" ns${ns}/named.stats | wc -l)
- if [ ${ad} = yes ]
+ if [ ${ad} = no -o $ns = 7 ]
then
- test $zero = 1 || ret=1
- else
test $zero = 2 || ret=1
+ else
+ test $zero = 1 || ret=1
fi
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
count=$(echo "$counter" | grep CacheNSECNodes | wc -l)
test $count = 1 || ret=1
zero=$(echo "$counter" | grep ">0<" | wc -l)
- if [ ${ad} = yes ]
+ if [ ${ad} = no -o $ns = 7 ]
then
- test $zero = 0 || ret=1
- else
test $zero = 1 || ret=1
+ else
+ test $zero = 0 || ret=1
fi
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
count=$(grep '"CacheNSECNodes":' $json | wc -l)
test $count = 2 || ret=1
zero=$(grep '"CacheNSECNodes":0' $json | wc -l)
- if [ ${ad} = yes ]
+ if [ ${ad} = no -o $ns = 7 ]
then
- test $zero = 1 || ret=1
- else
test $zero = 2 || ret=1
+ else
+ test $zero = 1 || ret=1
fi
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
projects / thirdparty / bind9.git / commitdiff
