update the acl system test to include a blackhole test case

this ACL was previously untested, which allowed a regression to
go undetected.

diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
index 4b4e05027aad474bb5f7bc6473ca3e588fb4a81b..7e20bac49dc2f4e9b346fb4b97272ce6cf6e7238 100644 (file)
--- a/bin/tests/system/acl/ns2/named5.conf.in
+++ b/bin/tests/system/acl/ns2/named5.conf.in
@@ -31,6 +31,7 @@ options {
        ixfr-from-differences yes;
        check-integrity no;
        allow-query-on { 10.53.0.2; };
+       blackhole { 10.53.0.8; };
 };
 
 key one {

diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
index 6f291bfc612ee8c3c3d1015aca91970cc6d4023e..4d915244ba129b18fc45e90339b26b719f4a6740 100644 (file)
--- a/bin/tests/system/acl/tests.sh
+++ b/bin/tests/system/acl/tests.sh
@@ -143,6 +143,26 @@ $DIG -p ${PORT} +tcp soa example. \
        @10.53.0.2 -b 10.53.0.3 > dig.out.${t}
 grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
 
+echo_i "testing blackhole ACL processing"
+t=`expr $t + 1`
+ret=0
+$DIG -p ${PORT} +tcp soa example. \
+       @10.53.0.2 -b 10.53.0.3 > dig.out.1.${t}
+grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1
+$DIG -p ${PORT} +tcp soa example. \
+       @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t}
+grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1
+grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1
+$DIG -p ${PORT} soa example. \
+       @10.53.0.2 -b 10.53.0.3 > dig.out.3.${t}
+grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1
+$DIG -p ${PORT} soa example. \
+       @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t}
+grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1
+grep "connection timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1
+[ $ret -eq 0 ] || echo_i "failed"
+status=`expr $status + $ret`
+
 # AXFR tests against ns3
 
 echo_i "testing allow-transfer ACLs against ns3 (no existing zones)"