From: Mark Andrews <marka@isc.org>
Date: Mon, 9 Oct 2023 23:54:16 +0000 (+1100)
Subject: Checking nxdomain-redirect against built-in RFC-1918 zone
X-Git-Tag: v9.19.23~10^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2789906ce40f3e38b6ae1c96c99a99e4191c3b86;p=thirdparty%2Fbind9.git

Checking nxdomain-redirect against built-in RFC-1918 zone

Check that RFC 1918 leak detection does not trigger an assertion
when nxdomain redirection is enabled in the server but not for the
RFC 1918 reverse namespace.
---

diff --git a/bin/tests/system/redirect/ns3/redirect.db b/bin/tests/system/redirect/ns3/redirect.db
index b5b63dad542..4f2d7a64d1e 100644
--- a/bin/tests/system/redirect/ns3/redirect.db
+++ b/bin/tests/system/redirect/ns3/redirect.db
@@ -12,5 +12,6 @@
 $TTL 300
 @ IN SOA a.root-servers.nil. hostmaster.example.net. 0 0 0 0 0
 @ IN NS a.root-servers.nil.
+10.in-addr.arpa	TXT turn off redirect
 * IN A 100.100.100.1
 * IN AAAA 2001:ffff:ffff::100.100.100.1
diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh
index 09d40cf8c30..5d074907f39 100644
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -518,6 +518,14 @@ n=$((n + 1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+echo_i "checking nxdomain-redirect against built-in RFC-1918 zone ($n)"
+ret=0
+$DIG $DIGOPTS -x 10.0.0.1 @10.53.0.4 -b 10.53.0.2 >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+n=$((n + 1))
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
 ret=0
 $DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1