From: Aram Sargsyan <aram@isc.org>
Date: Mon, 4 May 2026 22:27:56 +0000 (+0000)
Subject: Add a catz test with invalid allow-transfer property
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4cc04dde4b404c6c4fad76acd21c077bf0125389;p=thirdparty%2Fbind9.git

Add a catz test with invalid allow-transfer property

Check that invalid/unexpected RRtypes coexisting with a valid APL
RRtype does not cause an assertion failure.

(cherry picked from commit a4f05a26ad923de94d9311b631122f6de18e7f5e)
---

diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
index 89c461e92d1..c962620f9e4 100644
--- a/bin/tests/system/catz/ns1/named.conf.in
+++ b/bin/tests/system/catz/ns1/named.conf.in
@@ -127,6 +127,16 @@ view "default" {
 		also-notify { 10.53.0.4; };
 		notify explicit;
 	};
+
+        # A catalog zone to test specific issues
+        zone "catalog-misc.example" {
+                type primary;
+                file "catalog-misc.example.db";
+                allow-transfer { any; };
+                allow-update { any; };
+                also-notify { 10.53.0.4; };
+                notify explicit;
+        };
 };
 
 view "ch" ch {
diff --git a/bin/tests/system/catz/ns4/named.conf.in b/bin/tests/system/catz/ns4/named.conf.in
index 3ac60b2dd88..f616e26e13b 100644
--- a/bin/tests/system/catz/ns4/named.conf.in
+++ b/bin/tests/system/catz/ns4/named.conf.in
@@ -34,6 +34,9 @@ options {
 	dnssec-validation no;
 
 	catalog-zones {
+                zone "catalog-misc.example"
+                        min-update-interval 1s
+                        default-primaries { 10.53.0.1; };
 		zone "catalog-tls.example"
 			min-update-interval 1s
 			default-primaries { 10.53.0.1 key tsig_key tls ephemeral; };
@@ -49,6 +52,12 @@ zone "catalog-tls.example" {
 	primaries { 10.53.0.1 key tsig_key tls ephemeral; };
 };
 
+zone "catalog-misc.example" {
+        type secondary;
+        file "catalog-misc.example.db";
+        primaries { 10.53.0.1; };
+};
+
 zone "catalog-self.example" {
 	type primary;
 	file "catalog-self.example.db";
diff --git a/bin/tests/system/catz/setup.sh b/bin/tests/system/catz/setup.sh
index c33ce7f1c16..154bdec5033 100644
--- a/bin/tests/system/catz/setup.sh
+++ b/bin/tests/system/catz/setup.sh
@@ -22,6 +22,7 @@ cp -f ns1/catalog.example.db.in ns1/catalog1.example.db
 cp -f ns3/catalog.example.db.in ns3/catalog2.example.db
 cp -f ns1/catalog.example.db.in ns1/catalog3.example.db
 cp -f ns1/catalog.example.db.in ns1/catalog4.example.db
+cp -f ns1/catalog.example.db.in ns1/catalog-misc.example.db
 cp -f ns1/catalog.example.db.in ns1/catalog-tls.example.db
 cp -f ns4/catalog.example.db.in ns4/catalog-self.example.db
 
diff --git a/bin/tests/system/catz/tests.sh b/bin/tests/system/catz/tests.sh
index 8c34b2de016..7dc88c53444 100644
--- a/bin/tests/system/catz/tests.sh
+++ b/bin/tests/system/catz/tests.sh
@@ -2654,6 +2654,56 @@ wait_for_soa @10.53.0.4 tls1.example. dig.out.test$n || ret=1
 if [ $ret -ne 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+##########################################################################
+# GL #5941
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Add a normal and a spurious allow-transfer RRs to catalog-misc zone using nsupdate ($n)"
+ret=0
+# It is important to include an RRtype with a numeric representation that is
+# less than APL. E.g., AFSDB is 18 which is less than APL's 42. Also including
+# the AMTRELAY RRtype (260) which is bigger than APL, just for completeness.
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+    server 10.53.0.1 ${PORT}
+    update add allow-transfer.ext.catalog-misc.example. 3600 IN AFSDB 0 hostname
+    update add allow-transfer.ext.catalog-misc.example. 3600 IN APL 1:10.53.0.0/24
+    update add allow-transfer.ext.catalog-misc.example. 3600 IN AMTRELAY 0 0 0 .
+    send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: catalog-misc.example: reload done: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+nextpart ns4/named.run >/dev/null
+
+n=$((n + 1))
+echo_i "Deleting the allow-query RRs from catalog-misc zone ($n)"
+ret=0
+$NSUPDATE -d <<END >>nsupdate.out.test$n 2>&1 || ret=1
+    server 10.53.0.1 ${PORT}
+    update delete allow-transfer.ext.catalog-misc.example. 3600 IN AFSDB 0 hostname
+    update delete allow-transfer.ext.catalog-misc.example. 3600 IN APL 1:10.53.0.0/24
+    update delete allow-transfer.ext.catalog-misc.example. 3600 IN AMTRELAY 0 0 0 .
+    send
+END
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "waiting for secondary to sync up ($n)"
+ret=0
+wait_for_message ns4/named.run "catz: catalog-misc.example: reload done: success" || ret=1
+if [ $ret -ne 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 ##########################################################################
 # GL #3777
 nextpart ns4/named.run >/dev/null