From: Mark Andrews Date: Sat, 27 Nov 2021 22:46:01 +0000 (+1100) Subject: Check synthesis of wildcard NODATA with 2 NSEC X-Git-Tag: v9.17.21~5^2~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b25ff302ac7e43639817182c6db9fb041430d083;p=thirdparty%2Fbind9.git Check synthesis of wildcard NODATA with 2 NSEC --- diff --git a/bin/tests/system/synthfromdnssec/clean.sh b/bin/tests/system/synthfromdnssec/clean.sh index e446e7e2a44..dc76acdb06b 100644 --- a/bin/tests/system/synthfromdnssec/clean.sh +++ b/bin/tests/system/synthfromdnssec/clean.sh @@ -38,6 +38,7 @@ rm -f ./nxdomain.out ./insecure.nxdomain.out rm -f ./wild.out ./insecure.wild.out rm -f ./wildcname.out ./insecure.wildcname.out rm -f ./wildnodata1nsec.out ./insecure.wildnodata1nsec.out +rm -f ./wildnodata2nsec.out ./insecure.wildnodata2nsec.out rm -f ./minimal.nxdomain.out rm -f ./black.out rm -f ./xml.out* diff --git a/bin/tests/system/synthfromdnssec/ns1/example.db.in b/bin/tests/system/synthfromdnssec/ns1/example.db.in index 4cb7f57d15f..d9f149c3395 100644 --- a/bin/tests/system/synthfromdnssec/ns1/example.db.in +++ b/bin/tests/system/synthfromdnssec/ns1/example.db.in @@ -15,4 +15,6 @@ nodata TXT nodata *.wild-a A 1.2.3.4 *.wild-cname CNAME ns1 *.wild-1-nsec A 1.2.3.4 +*.wild-2-nsec A 1.2.3.4 +_x.wild-2-nsec TXT a name beween wild-2-nsec and a.wild-2-nsec dnamed DNAME dnamed. diff --git a/bin/tests/system/synthfromdnssec/tests.sh b/bin/tests/system/synthfromdnssec/tests.sh index 41d73554da8..452653b440e 100644 --- a/bin/tests/system/synthfromdnssec/tests.sh +++ b/bin/tests/system/synthfromdnssec/tests.sh @@ -163,6 +163,18 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "prime wildcard NODATA 2 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + dig_with_opts a.wild-2-nsec.example. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1 + check_auth_count 6 dig.out.ns${ns}.test$n || ret=1 + [ $ns -eq 2 ] && sed 's/^a\./b./' dig.out.ns${ns}.test$n > wildnodata2nsec.out + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "prime insecure negative NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 dig_with_opts a.insecure.example. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1 @@ -219,6 +231,18 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "prime insecure wildcard NODATA 2 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + dig_with_opts a.wild-2-nsec.insecure.example. @10.53.0.${ns} TXT > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag no dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1 + check_auth_count 6 dig.out.ns${ns}.test$n || ret=1 + [ $ns -eq 2 ] && cp dig.out.ns${ns}.test$n insecure.wildnodata2nsec.out + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "prime minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 dig_with_opts nxdomain.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1 @@ -375,6 +399,25 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "check synthesized wildcard NODATA 2 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + nextpart ns1/named.run > /dev/null + dig_with_opts b.wild-2-nsec.example. @10.53.0.${ns} AAAA > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + if [ ${synth} = yes ] + then + check_synth_soa example. dig.out.ns${ns}.test$n || ret=1 + nextpart ns1/named.run | grep b.wild-2-nsec.example/AAAA > /dev/null && ret=1 + else + check_nosynth_soa example. dig.out.ns${ns}.test$n || ret=1 + nextpart ns1/named.run | grep b.wild-2-nsec.example/AAAA > /dev/null || ret=1 + fi + digcomp wildnodata2nsec.out dig.out.ns${ns}.test$n || ret=1 + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "check insecure NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 nextpart ns1/named.run > /dev/null @@ -440,6 +483,18 @@ do if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) + echo_i "check insecure wildcard NODATA 2 NSEC response (synth-from-dnssec ${description};) ($n)" + ret=0 + nextpart ns1/named.run > /dev/null + dig_with_opts b.wild-2-nsec.insecure.example. @10.53.0.${ns} AAAA > dig.out.ns${ns}.test$n || ret=1 + check_ad_flag no dig.out.ns${ns}.test$n || ret=1 + check_status NOERROR dig.out.ns${ns}.test$n || ret=1 + check_nosynth_soa insecure.example. dig.out.ns${ns}.test$n || ret=1 + digcomp insecure.wildnodata2nsec.out dig.out.ns${ns}.test$n || ret=1 + n=$((n+1)) + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status+ret)) + echo_i "check minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)" ret=0 nextpart ns1/named.run > /dev/null @@ -530,7 +585,7 @@ do do case $synthesized in NXDOMAIN) count=1;; - no-data) count=3;; + no-data) count=4;; wildcard) count=2;; esac echo_i "check 'rndc stats' output for 'synthesized a ${synthesized} response' (synth-from-dnssec ${description};) ($n)" @@ -591,7 +646,7 @@ do do case $synthesized in SynthNXDOMAIN) count=1;; - SynthNODATA) count=3;; + SynthNODATA) count=4;; SynthWILDCARD) count=2;; esac @@ -654,7 +709,7 @@ do do case $synthesized in SynthNXDOMAIN) count=1;; - SynthNODATA) count=3;; + SynthNODATA) count=4;; SynthWILDCARD) count=2;; esac