From: Mark Andrews <marka@isc.org>
Date: Mon, 9 Oct 2023 23:54:16 +0000 (+1100)
Subject: Checking nxdomain-redirect against built-in RFC-1918 zone
X-Git-Tag: v9.18.26~7^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9c53bb94b0a6ede5d898fac1c2fc5550c958c204;p=thirdparty%2Fbind9.git

Checking nxdomain-redirect against built-in RFC-1918 zone

Check that RFC 1918 leak detection does not trigger an assertion
when nxdomain redirection is enabled in the server but not for the
RFC 1918 reverse namespace.

(cherry picked from commit 2789906ce40f3e38b6ae1c96c99a99e4191c3b86)
---

diff --git a/bin/tests/system/redirect/ns3/redirect.db b/bin/tests/system/redirect/ns3/redirect.db
index b5b63dad542..4f2d7a64d1e 100644
--- a/bin/tests/system/redirect/ns3/redirect.db
+++ b/bin/tests/system/redirect/ns3/redirect.db
@@ -12,5 +12,6 @@
 $TTL 300
 @ IN SOA a.root-servers.nil. hostmaster.example.net. 0 0 0 0 0
 @ IN NS a.root-servers.nil.
+10.in-addr.arpa	TXT turn off redirect
 * IN A 100.100.100.1
 * IN AAAA 2001:ffff:ffff::100.100.100.1
diff --git a/bin/tests/system/redirect/tests.sh b/bin/tests/system/redirect/tests.sh
index 09d40cf8c30..5d074907f39 100644
--- a/bin/tests/system/redirect/tests.sh
+++ b/bin/tests/system/redirect/tests.sh
@@ -518,6 +518,14 @@ n=$((n + 1))
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+echo_i "checking nxdomain-redirect against built-in RFC-1918 zone ($n)"
+ret=0
+$DIG $DIGOPTS -x 10.0.0.1 @10.53.0.4 -b 10.53.0.2 >dig.out.ns4.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns4.test$n >/dev/null || ret=1
+n=$((n + 1))
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
 ret=0
 $DIG $DIGOPTS @10.53.0.5 asdfasdfasdf >dig.out.ns5.test$n || ret=1