From: Evan Hunt Date: Wed, 17 Jun 2020 22:30:59 +0000 (-0700) Subject: update the acl system test to include a blackhole test case X-Git-Tag: v9.17.3~25^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e3ee138098897e0f53b2950dfe8a234543ec134e;p=thirdparty%2Fbind9.git update the acl system test to include a blackhole test case this ACL was previously untested, which allowed a regression to go undetected. --- diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in index 4b4e05027aa..7e20bac49dc 100644 --- a/bin/tests/system/acl/ns2/named5.conf.in +++ b/bin/tests/system/acl/ns2/named5.conf.in @@ -31,6 +31,7 @@ options { ixfr-from-differences yes; check-integrity no; allow-query-on { 10.53.0.2; }; + blackhole { 10.53.0.8; }; }; key one { diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh index 6f291bfc612..4d915244ba1 100644 --- a/bin/tests/system/acl/tests.sh +++ b/bin/tests/system/acl/tests.sh @@ -143,6 +143,26 @@ $DIG -p ${PORT} +tcp soa example. \ @10.53.0.2 -b 10.53.0.3 > dig.out.${t} grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; } +echo_i "testing blackhole ACL processing" +t=`expr $t + 1` +ret=0 +$DIG -p ${PORT} +tcp soa example. \ + @10.53.0.2 -b 10.53.0.3 > dig.out.1.${t} +grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1 +$DIG -p ${PORT} +tcp soa example. \ + @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t} +grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1 +grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1 +$DIG -p ${PORT} soa example. \ + @10.53.0.2 -b 10.53.0.3 > dig.out.3.${t} +grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1 +$DIG -p ${PORT} soa example. \ + @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t} +grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1 +grep "connection timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1 +[ $ret -eq 0 ] || echo_i "failed" +status=`expr $status + $ret` + # AXFR tests against ns3 echo_i "testing allow-transfer ACLs against ns3 (no existing zones)"