From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 26 Feb 2019 14:38:18 +0000 (+0100)
Subject: Add test for nxdomain-redirect ncachenxdomain
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=844d83c358ee8c2d5a4e33e0772843df8f38f62c;p=thirdparty%2Fbind9.git

Add test for nxdomain-redirect ncachenxdomain

(cherry picked from commit 8dc43bc9fe934a0b4729cb1c467e62a73a11ebad)
(cherry picked from commit 6093cc063bfe06066c59fd4b84ae7c68cf683215)
(cherry picked from commit 21c7c65b05e2a66a2cff59110ac7b95b8bb5638f)
---

diff --git a/bin/tests/system/redirect/clean.sh b/bin/tests/system/redirect/clean.sh
index c13d918dadd..0df14281c5f 100644
--- a/bin/tests/system/redirect/clean.sh
+++ b/bin/tests/system/redirect/clean.sh
@@ -27,4 +27,9 @@ rm -f ns3/dsset-signed.
 rm -f ns3/nsec3.db*
 rm -f ns3/signed.db*
 rm -f ns4/*.db
+rm -f ns5/dsset-*
+rm -f ns5/K* ns5/sign.ns5.*
+rm -f ns5/root.db ns5/root.db.signed
+rm -f ns5/signed.db ns5/signed.db.signed
+rm -f ns6/signed.db.signed
 rm -f rndc.out
diff --git a/bin/tests/system/redirect/ns1/root.db b/bin/tests/system/redirect/ns1/root.db
index 532063c05c8..7b8caea29a4 100644
--- a/bin/tests/system/redirect/ns1/root.db
+++ b/bin/tests/system/redirect/ns1/root.db
@@ -11,7 +11,7 @@ $TTL 3600
 @		SOA	a.root-servers.nil. marka.isc.org. 0 0 0 0 0
 @		NS	a.root-servers.nil.
 a.root-servers.nil.      A   10.53.0.1
-example 	NS	ns1.example.
+example		NS	ns1.example.
 ns1.example.	A	10.53.0.1
 signed		NS	ns1.example.
 ns1.signed.	A	10.53.0.1
diff --git a/bin/tests/system/redirect/ns4/named.conf.in b/bin/tests/system/redirect/ns4/named.conf.in
index 70f0df07f6c..bb421688e8f 100644
--- a/bin/tests/system/redirect/ns4/named.conf.in
+++ b/bin/tests/system/redirect/ns4/named.conf.in
@@ -16,7 +16,7 @@ controls { /* empty */ };
 acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
 
 options {
-	query-source address 10.53.0.2;	/* note this is not 10.53.0.3 */
+	query-source address 10.53.0.2;	/* note this is not 10.53.0.4 */
 	notify-source 10.53.0.4;
 	transfer-source 10.53.0.4;
 	port @PORT@;
@@ -28,7 +28,6 @@ options {
 	dnssec-enable yes;
 	dnssec-validation yes;
 	nxdomain-redirect "redirect";
-
 };
 
 key rndc_key {
diff --git a/bin/tests/system/redirect/ns5/named.conf.in b/bin/tests/system/redirect/ns5/named.conf.in
new file mode 100644
index 00000000000..b888baf4067
--- /dev/null
+++ b/bin/tests/system/redirect/ns5/named.conf.in
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS5
+
+options {
+	port @PORT@;
+	listen-on port @PORT@ { 10.53.0.5; };
+	pid-file "named.pid";
+	nxdomain-redirect signed;
+};
+
+zone "." {
+	type master;
+	file "root.db.signed";
+};
+
+// An unsigned zone that ns6 has a delegation for.
+zone "unsigned." {
+	type master;
+	file "unsigned.db";
+};
diff --git a/bin/tests/system/redirect/ns5/root.db.in b/bin/tests/system/redirect/ns5/root.db.in
new file mode 100644
index 00000000000..90c634706b3
--- /dev/null
+++ b/bin/tests/system/redirect/ns5/root.db.in
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+.			86400	IN	SOA	a.root-servers.nil. hostmaster.example.net. 2019022100 1800 900 604800 86400
+.			518400	IN	NS	a.root-servers.nil.
+a.root-servers.nil.	518400	IN	A	10.53.0.5
+signed.			172800	IN	NS	ns.signed.
+ns.signed.		172800	IN	A	10.53.0.6
+unsigned.		172800	IN	NS	ns.unsigned.
+ns.unsigned.		172800	IN	A	10.53.0.5
diff --git a/bin/tests/system/redirect/ns5/sign.sh b/bin/tests/system/redirect/ns5/sign.sh
new file mode 100644
index 00000000000..e26904a6b2d
--- /dev/null
+++ b/bin/tests/system/redirect/ns5/sign.sh
@@ -0,0 +1,43 @@
+#!/bin/sh -e
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+# We sign the zone here and move the signed zone to ns6.
+# The ns5 server actually does not serve this zone but
+# the DS and NS records are in the test root zone, and
+# delegate to ns6.
+zone=signed.
+infile=signed.db.in
+zonefile=signed.db
+
+key1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null`
+key2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null`
+
+cat $infile $key1.key $key2.key > $zonefile
+
+$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.signed.out 2>&1
+
+cp signed.db.signed ../ns6
+
+# Root zone.
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+key1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null`
+key2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null`
+
+# cat $infile $key1.key $key2.key > $zonefile
+cat $infile dsset-signed. $key1.key $key2.key > $zonefile
+
+$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.root.out 2>&1
diff --git a/bin/tests/system/redirect/ns5/signed.db.in b/bin/tests/system/redirect/ns5/signed.db.in
new file mode 100644
index 00000000000..8884120b6c5
--- /dev/null
+++ b/bin/tests/system/redirect/ns5/signed.db.in
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@			IN SOA	ns.signed. hostmaster.signed. 0 0 0 0 0
+@			IN NS	ns.signed.
+
+ns.signed.		IN A	10.0.53.6
+domain.signed.		IN A	10.0.53.1
+
+*			IN A	100.100.100.1
+*			IN AAAA	2001:ffff:ffff::100.100.100.1
diff --git a/bin/tests/system/redirect/ns5/unsigned.db b/bin/tests/system/redirect/ns5/unsigned.db
new file mode 100644
index 00000000000..0f0604d79e0
--- /dev/null
+++ b/bin/tests/system/redirect/ns5/unsigned.db
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@			IN SOA	ns.unsigned. hostmaster.unsigned. 0 0 0 0 0
+@			IN NS	ns.unsigned.
+
+ns.unsigned.		IN A	10.53.0.6
+domain.unsigned.	IN A	10.0.53.1
+
+*			IN A	100.100.100.1
+*			IN AAAA	2001:ffff:ffff::100.100.100.1
diff --git a/bin/tests/system/redirect/ns6/named.conf.in b/bin/tests/system/redirect/ns6/named.conf.in
new file mode 100644
index 00000000000..4c972c9346b
--- /dev/null
+++ b/bin/tests/system/redirect/ns6/named.conf.in
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS6
+
+options {
+	port @PORT@;
+	listen-on port @PORT@ { 10.53.0.6; };
+	pid-file "named.pid";
+	nxdomain-redirect unsigned;
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
+
+// A signed zone that ns5 has a delegation for.
+zone "signed." {
+	type master;
+	file "signed.db.signed";
+};
diff --git a/bin/tests/system/redirect/ns6/root.db b/bin/tests/system/redirect/ns6/root.db
new file mode 100644
index 00000000000..5e78d23ea21
--- /dev/null
+++ b/bin/tests/system/redirect/ns6/root.db
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+.			86400	IN	SOA	a.root-servers.nil. hostmaster.example.net. 2019022100 1800 900 604800 86400
+.			518400	IN	NS	a.root-servers.nil.
+a.root-servers.nil.	518400	IN	A	10.53.0.6
+signed.			172800	IN	NS	ns.signed.
+ns.signed.		172800	IN	A	10.53.0.6
+unsigned.		172800	IN	NS	ns.unsigned.
+ns.unsigned.		172800	IN	A	10.53.0.5
diff --git a/bin/tests/system/redirect/setup.sh b/bin/tests/system/redirect/setup.sh
index 86fbdd7be6f..5a98f3b9e3f 100644
--- a/bin/tests/system/redirect/setup.sh
+++ b/bin/tests/system/redirect/setup.sh
@@ -20,6 +20,8 @@ copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf
 
 cp ns2/redirect.db.in ns2/redirect.db
 cp ns2/example.db.in ns2/example.db
@@ -27,3 +29,4 @@ cp ns2/example.db.in ns2/example.db
 
 cp ns4/example.db.in ns4/example.db
 ( cd ns3 && $SHELL sign.sh )
+( cd ns5 && $SHELL sign.sh )
diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh
index 82fdad689a2..0879c44d02b 100644
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -518,5 +518,21 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
diff --git a/util/copyrights b/util/copyrights
index 3c61e74800f..2de5600de43 100644
--- a/util/copyrights
+++ b/util/copyrights
@@ -1800,6 +1800,13 @@
 ./bin/tests/system/redirect/ns4/example.db.in	ZONE	2015,2016,2018,2019
 ./bin/tests/system/redirect/ns4/named.conf.in	CONF-C	2015,2016,2018,2019
 ./bin/tests/system/redirect/ns4/root.hint	ZONE	2015,2016,2018,2019
+./bin/tests/system/redirect/ns5/named.conf.in	CONF-C	2019
+./bin/tests/system/redirect/ns5/root.db.in	ZONE	2019
+./bin/tests/system/redirect/ns5/sign.sh		SH	2019
+./bin/tests/system/redirect/ns5/signed.db.in	ZONE	2019
+./bin/tests/system/redirect/ns5/unsigned.db	ZONE	2019
+./bin/tests/system/redirect/ns6/named.conf.in	CONF-C	2019
+./bin/tests/system/redirect/ns6/root.db		ZONE	2019
 ./bin/tests/system/redirect/prereq.sh		SH	2014,2016,2018,2019
 ./bin/tests/system/redirect/setup.sh		SH	2011,2012,2013,2014,2015,2016,2017,2018,2019
 ./bin/tests/system/redirect/tests.sh		SH	2011,2012,2013,2014,2015,2016,2018,2019