From: Mark Andrews Date: Fri, 26 Nov 2021 23:41:38 +0000 (+1100) Subject: Check synthesis of wildcard NODATA with 1 NSEC X-Git-Tag: v9.17.21~5^2~11 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=94935e7e345cff54e08a91588ef1f934a842914b;p=thirdparty%2Fbind9.git Check synthesis of wildcard NODATA with 1 NSEC --- diff --git a/bin/tests/system/synthfromdnssec/clean.sh b/bin/tests/system/synthfromdnssec/clean.sh index 6fb8784a068..e446e7e2a44 100644 --- a/bin/tests/system/synthfromdnssec/clean.sh +++ b/bin/tests/system/synthfromdnssec/clean.sh @@ -37,6 +37,7 @@ rm -f ./nodata.out ./insecure.nodata.out rm -f ./nxdomain.out ./insecure.nxdomain.out rm -f ./wild.out ./insecure.wild.out rm -f ./wildcname.out ./insecure.wildcname.out +rm -f ./wildnodata1nsec.out ./insecure.wildnodata1nsec.out rm -f ./minimal.nxdomain.out rm -f ./black.out rm -f ./xml.out* diff --git a/bin/tests/system/synthfromdnssec/ns1/example.db.in b/bin/tests/system/synthfromdnssec/ns1/example.db.in index 5300256590b..4cb7f57d15f 100644 --- a/bin/tests/system/synthfromdnssec/ns1/example.db.in +++ b/bin/tests/system/synthfromdnssec/ns1/example.db.in @@ -14,4 +14,5 @@ ns1 A 10.53.0.1 nodata TXT nodata *.wild-a A 1.2.3.4 *.wild-cname CNAME ns1 +*.wild-1-nsec A 1.2.3.4 dnamed DNAME dnamed. diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh index 5a614092949..41d73554da8 100644 --- a/bin/tests/system/synthfromdnssec/tests.sh +++ b/bin/tests/system/synthfromdnssec/tests.sh @@ -93,6 +93,11 @@ check_nosynth_cname() ( return 0 ) +check_auth_count() { + grep "AUTHORITY: ${1}," ${2} > /dev/null || return 1 + return 0 +} + for ns in 2 4 5 6 do case $ns in @@ -146,6 +151,18 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "prime wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + dig_with_opts a.wild-1-nsec.example. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1 + check_auth_count 4 dig.out.ns${ns}.test$n || ret=1 + [ $ns -eq 2 ] && sed 's/^a\./b./' dig.out.ns${ns}.test$n > wildnodata1nsec.out + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "prime insecure negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 dig_with_opts a.insecure.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1 @@ -190,6 +207,18 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "prime insecure wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + dig_with_opts a.wild-1-nsec.insecure.example. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag no dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1 + check_auth_count 4 dig.out.ns${ns}.test$n || ret=1 + [ $ns -eq 2 ] && cp dig.out.ns${ns}.test$n insecure.wildnodata1nsec.out + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "prime minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 dig_with_opts nxdomain.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1 @@ -327,6 +356,25 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "check synthesized wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + nextpart ns1/named.run > /dev/null + dig_with_opts b.wild-1-nsec.example. @10.53.0.${ns} AAAA > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + if [ ${synth} = yes ] + then + check_synth_soa example. dig.out.ns${ns}.test$n || ret=1 + nextpart ns1/named.run | grep b.wild-1-nsec.example/AAAA > /dev/null && ret=1 + else + check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1 + nextpart ns1/named.run | grep b.wild-1-nsec.example/AAAA > /dev/null || ret=1 + fi + digcomp wildnodata1nsec.out dig.out.ns${ns}.test$n || ret=1 + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "check insecure NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 nextpart ns1/named.run > /dev/null @@ -380,6 +428,18 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "check insecure wildcard NODATA 1 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + nextpart ns1/named.run > /dev/null + dig_with_opts b.wild-1-nsec.insecure.example. @10.53.0.${ns} AAAA > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag no dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1 + digcomp insecure.wildnodata1nsec.out dig.out.ns${ns}.test$n || ret=1 + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "check minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 nextpart ns1/named.run > /dev/null @@ -470,7 +530,7 @@ do do case $synthesized in NXDOMAIN) count=1;; - no-data) count=2;; + no-data) count=3;; wildcard) count=2;; esac echo_i "check 'rndc stats' output for 'synthesized a ${synthesized} response' (synth-from-dnssec ${description};) ($n)" @@ -531,7 +591,7 @@ do do case $synthesized in SynthNXDOMAIN) count=1;; - SynthNODATA) count=2;; + SynthNODATA) count=3;; SynthWILDCARD) count=2;; esac @@ -594,7 +654,7 @@ do do case $synthesized in SynthNXDOMAIN) count=1;; - SynthNODATA) count=2;; + SynthNODATA) count=3;; SynthWILDCARD) count=2;; esac