From: Matthijs Mekking <matthijs@isc.org>
Date: Thu, 28 May 2026 09:46:39 +0000 (+0200)
Subject: Test checkconf and addzone with bad templates
X-Git-Tag: v9.21.23~22^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c713e83948306771a2bc55fc3c29ffc7f2331ef7;p=thirdparty%2Fbind9.git

Test checkconf and addzone with bad templates

named-checkconf should reject a template that has options that must be
non-zero (max-refresh-time, max-retry-time, min-refresh-time,
min-retry-time).

rndc addzone with a zone that refers to such template should fail
cleanly.
---

diff --git a/bin/tests/system/addzone/ns2/named.conf.j2 b/bin/tests/system/addzone/ns2/named.conf.j2
index eb0bebe2af8..0b39c98dd58 100644
--- a/bin/tests/system/addzone/ns2/named.conf.j2
+++ b/bin/tests/system/addzone/ns2/named.conf.j2
@@ -21,6 +21,15 @@ template primary {
 	initial-file "added.db";
 };
 
+template bad {
+	type secondary;
+	primaries { 10.53.0.1; };
+	max-refresh-time 0;
+	max-retry-time 0;
+	min-refresh-time 0;
+	min-retry-time 0;
+};
+
 zone "." {
 	type hint;
 	file "../../_common/root.hint";
diff --git a/bin/tests/system/addzone/tests_rndc_addzone_template.py b/bin/tests/system/addzone/tests_rndc_addzone_template.py
new file mode 100644
index 00000000000..dc6566ceb4a
--- /dev/null
+++ b/bin/tests/system/addzone/tests_rndc_addzone_template.py
@@ -0,0 +1,45 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import pytest
+
+pytestmark = pytest.mark.extra_artifacts(
+    [
+        "ns*/*.nzf*",
+        "ns*/*.nzd*",
+        "ns1/redirect.db",
+        "ns2/new-zones",
+        "ns2/redirect.db",
+        "ns3/redirect.db",
+    ]
+)
+
+
+def test_rndc_addzone_bad_template(ns2):
+    """
+    Confirm "rndc addzone" fails for a zone that refers to a badly configured template.
+    """
+    zone = "badtemplate.example"
+    cmd = ns2.rndc(
+        "addzone badtemplate.example {template bad;};",
+        raise_on_exception=False,
+    )
+    assert cmd.rc == 1
+
+    assert "'max-retry-time' must not be zero" in ns2.log
+    assert "'min-retry-time' must not be zero" in ns2.log
+    assert "'max-refresh-time' must not be zero" in ns2.log
+    assert "'min-refresh-time' must not be zero" in ns2.log
+
+    # Confirm that the addzone failed to add the zone
+    cmd = ns2.rndc(f"showzone {zone}", raise_on_exception=False)
+    assert cmd.rc == 1
+    assert f"no matching zone '{zone}' in any view" in cmd.err
diff --git a/bin/tests/system/checkconf/bad-template-non-zero-check.conf b/bin/tests/system/checkconf/bad-template-non-zero-check.conf
new file mode 100644
index 00000000000..b7589a8a283
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-template-non-zero-check.conf
@@ -0,0 +1,12 @@
+template "a" {
+	type secondary;
+	primaries { 10.53.0.1; };
+	max-refresh-time 0;
+	max-retry-time 0;
+	min-refresh-time 0;
+	min-retry-time 0;
+};
+
+zone example {
+	template a;
+};