From: Alessio Podda Date: Mon, 4 May 2026 07:43:01 +0000 (+0200) Subject: Add DNS64 DNAME restart regression test X-Git-Tag: v9.21.23~2^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4997d4ae6f90fc4bc206fc54009a31a3e90165be;p=thirdparty%2Fbind9.git Add DNS64 DNAME restart regression test Exercise a recursive AAAA query below a DNAME owner that also has a partially excluded AAAA RRset. This covers the query_filter64() path where the response already contains the owner name and DNS64 attaches a filtered AAAA rdataset to it. --- diff --git a/bin/tests/system/dns64_dname/ns1/hack.db b/bin/tests/system/dns64_dname/ns1/hack.db new file mode 100644 index 00000000000..4cbc9aa3043 --- /dev/null +++ b/bin/tests/system/dns64_dname/ns1/hack.db @@ -0,0 +1,8 @@ +$TTL 300 +@ SOA ns.hack. hostmaster.hack. 1 300 300 300 300 +@ NS ns +ns A 10.53.0.1 + +d DNAME hack. +d AAAA ::ffff:192.0.2.1 +d AAAA 2001:db8::64 diff --git a/bin/tests/system/dns64_dname/ns1/named.conf.j2 b/bin/tests/system/dns64_dname/ns1/named.conf.j2 new file mode 100644 index 00000000000..c65897087af --- /dev/null +++ b/bin/tests/system/dns64_dname/ns1/named.conf.j2 @@ -0,0 +1,21 @@ +// NS1 + +options { + query-source address 10.53.0.1; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.1; }; + listen-on-v6 { none; }; + recursion no; + dnssec-validation no; +}; + +zone "." { + type primary; + file "root.db"; +}; + +zone "hack" { + type primary; + file "hack.db"; +}; diff --git a/bin/tests/system/dns64_dname/ns1/root.db b/bin/tests/system/dns64_dname/ns1/root.db new file mode 100644 index 00000000000..f7e7b10a9a1 --- /dev/null +++ b/bin/tests/system/dns64_dname/ns1/root.db @@ -0,0 +1,6 @@ +$TTL 300 +@ SOA a.root-servers.nil. hostmaster.root. 1 300 300 300 300 +@ NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 +hack. NS ns.hack. +ns.hack. A 10.53.0.1 diff --git a/bin/tests/system/dns64_dname/ns2/named.conf.j2 b/bin/tests/system/dns64_dname/ns2/named.conf.j2 new file mode 100644 index 00000000000..f785ba3c835 --- /dev/null +++ b/bin/tests/system/dns64_dname/ns2/named.conf.j2 @@ -0,0 +1,20 @@ +// NS2 + +options { + query-source address 10.53.0.2; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.2; }; + listen-on-v6 { none; }; + recursion yes; + allow-recursion { any; }; + dnssec-validation no; + qname-minimization off; + + dns64 64:ff9b::/96 { }; +}; + +zone "." { + type hint; + file "root.hint"; +}; diff --git a/bin/tests/system/dns64_dname/ns2/root.hint b/bin/tests/system/dns64_dname/ns2/root.hint new file mode 100644 index 00000000000..f0a5d52f70a --- /dev/null +++ b/bin/tests/system/dns64_dname/ns2/root.hint @@ -0,0 +1,2 @@ +. NS a.root-servers.nil. +a.root-servers.nil. A 10.53.0.1 diff --git a/bin/tests/system/dns64_dname/tests_dns64_dname.py b/bin/tests/system/dns64_dname/tests_dns64_dname.py new file mode 100644 index 00000000000..799a38774a0 --- /dev/null +++ b/bin/tests/system/dns64_dname/tests_dns64_dname.py @@ -0,0 +1,55 @@ +#!/usr/bin/python3 + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import dns.name +import dns.rdataclass +import dns.rdatatype +import pytest + +import isctest + +pytestmark = pytest.mark.extra_artifacts([]) + + +def _answer_rrset(response, owner, rdtype): + rrset = response.get_rrset( + response.answer, + dns.name.from_text(owner), + dns.rdataclass.IN, + dns.rdatatype.from_text(rdtype), + ) + assert rrset is not None, response + return rrset + + +def _rrset_text(rrset): + return {rdata.to_text() for rdata in rrset} + + +@pytest.mark.requires_zones_loaded("ns1", "ns2") +def test_dns64_partial_exclude_after_dname_restart(ns2): + # The query name is strictly below d.hack.; resolving the synthesized + # DNAME CNAME restarts lookup at d.hack., where DNS64 filters a mixed + # AAAA RRset containing one default-excluded mapped address. + msg = isctest.query.create("d.d.hack.", "AAAA") + response = isctest.query.udp(msg, ns2.ip, attempts=1) + isctest.check.noerror(response) + + dname = _answer_rrset(response, "d.hack.", "DNAME") + assert _rrset_text(dname) == {"hack."}, response + + cname = _answer_rrset(response, "d.d.hack.", "CNAME") + assert _rrset_text(cname) == {"d.hack."}, response + + aaaa = _answer_rrset(response, "d.hack.", "AAAA") + assert _rrset_text(aaaa) == {"2001:db8::64"}, response