From: Mark Andrews Date: Fri, 10 Apr 2026 03:05:31 +0000 (+1000) Subject: Checking invalid TSIG key name in a catalog zone X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=213e59ccf56f4d66cf65f363be4563f2e853d12f;p=thirdparty%2Fbind9.git Checking invalid TSIG key name in a catalog zone --- diff --git a/bin/tests/system/catz/ns1/catalog-bad6.example.db b/bin/tests/system/catz/ns1/catalog-bad6.example.db new file mode 100644 index 00000000000..bc5ca704929 --- /dev/null +++ b/bin/tests/system/catz/ns1/catalog-bad6.example.db @@ -0,0 +1,7 @@ +@ 3600 SOA . . 1 86400 3600 86400 3600 +@ 3600 IN NS invalid. +version IN TXT "2" +deadbeef.zones IN PTR member.example. +mykey.primaries.ext.deadbeef.zones IN A 192.0.2.1 +; bad key name label too big +mykey.primaries.ext.deadbeef.zones IN TXT "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.example.com" diff --git a/bin/tests/system/catz/ns1/named.conf.j2 b/bin/tests/system/catz/ns1/named.conf.j2 index 146aa5b1125..703060d596d 100644 --- a/bin/tests/system/catz/ns1/named.conf.j2 +++ b/bin/tests/system/catz/ns1/named.conf.j2 @@ -115,6 +115,16 @@ view "default" { notify explicit; }; + # Bad TSIG key name + zone "catalog-bad6.example" { + type primary; + file "catalog-bad6.example.db"; + allow-transfer { any; }; + allow-update { any; }; + also-notify { 10.53.0.2; }; + notify explicit; + }; + # A catalog zone that requires TLS to be used zone "catalog-tls.example" { type primary; diff --git a/bin/tests/system/catz/ns2/named.conf.j2 b/bin/tests/system/catz/ns2/named.conf.j2 index be0d052fccb..4f354d2bb93 100644 --- a/bin/tests/system/catz/ns2/named.conf.j2 +++ b/bin/tests/system/catz/ns2/named.conf.j2 @@ -88,6 +88,10 @@ view "default" { default-masters { 10.53.0.1; } min-update-interval 1s in-memory yes; + zone "catalog-bad6.example" + default-masters { 10.53.0.1; } + min-update-interval 1s + in-memory yes; }; {% if bad_dlz %} @@ -193,6 +197,12 @@ view "default" { primaries { 10.53.0.1; }; }; + # Bad TSIG key name + zone "catalog-bad6.example" { + type secondary; + file "catalog-bad6.example.db"; + primaries { 10.53.0.1; }; + }; }; key tsig_key. { diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh index 0e964d457f7..e90b606d82c 100644 --- a/bin/tests/system/catz/tests.sh +++ b/bin/tests/system/catz/tests.sh @@ -116,6 +116,12 @@ wait_for_message ns2/named.run "catz: invalid record in catalog zone - version.c if [ $ret -ne 0 ]; then echo_i "failed"; fi status=$((status + ret)) +echo_i "checking that catalog-bad6.example (invalid TSIG key name) is handled ($n)" +ret=0 +wait_for_message ns2/named.run "catz: invalid record in catalog zone - mykey.primaries.ext.deadbeef.zones.catalog-bad6.example IN TXT (label too long) - ignoring" || ret=1 +if [ $ret -ne 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + nextpart ns2/named.run >/dev/null ##########################################################################