test max records policy

diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
index ef5ec56e6559885257c9c7fb437846eec7ea1016..9b8af4a7ff0f0df5f4e9a02552ba32cf932946da 100644 (file)
--- a/bin/tests/system/nsupdate/clean.sh
+++ b/bin/tests/system/nsupdate/clean.sh
@@ -60,3 +60,5 @@ rm -f update.out.*
 rm -f check.out.*
 rm -f update.out.*
 rm -f ns*/managed-keys.bind* ns*/*.mkeys*
+rm -f nextpart.out.*
+rm -f */named.run.prev

diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.in
index da64d061e42a23937d17b7b23559924c2f4176d5..b4ec11a326293adea0c6f5cfa2751c7a46b164ee 100644 (file)
--- a/bin/tests/system/nsupdate/ns6/named.conf.in
+++ b/bin/tests/system/nsupdate/ns6/named.conf.in
@@ -34,5 +34,5 @@ controls {
 zone "in-addr.arpa" {
        type master;
        file "in-addr.db";
-       update-policy { grant * tcp-self . PTR; };
+       update-policy { grant * tcp-self . PTR(1) ANY(2) A; };
 };

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 1cbe04b15e718b3bd3a3ea6cb0b52ffa02271eb2..4c5b739113132f32fbf27f61b1c5b8922d3a4c60 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -1031,6 +1031,65 @@ grep "UPDATE, status: NOERROR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
 grep "UPDATE, status: FORMERR" nsupdate.out-$n > /dev/null 2>&1 || ret=1
 [ $ret = 0 ] || { echo_i "failed"; status=1; }
 
+n=`expr $n + 1`
+ret=0
+echo_i "check that max records is enforced ($n)"
+nextpart ns6/named.run > /dev/null
+$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
+server 10.53.0.6 ${PORT}
+local 10.53.0.5
+update del 5.0.53.10.in-addr.arpa.
+update add 5.0.53.10.in-addr.arpa. 600 PTR localhost.
+update add 5.0.53.10.in-addr.arpa. 600 PTR other.
+send
+END
+$DIG $DIGOPTS @10.53.0.6 \
+        +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+        -x 10.53.0.5 > dig.out.ns6.$n
+# the policy is 'grant * tcp-self . PTR(1) ANY(2) A;' so only the
+# first PTR record should be added.
+grep localhost. dig.out.ns6.$n > /dev/null 2>&1 || ret=1
+grep other. dig.out.ns6.$n > /dev/null 2>&1 && ret=1
+nextpart ns6/named.run > nextpart.out.$n
+grep "attempt to add more records than permitted by policy" nextpart.out.$n > /dev/null || ret=1
+if test $ret -ne 0
+then
+echo_i "failed"; status=1
+fi
+
+n=`expr $n + 1`
+ret=0
+echo_i "check that max records for ANY is enforced ($n)"
+nextpart ns6/named.run > /dev/null
+$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
+server 10.53.0.6 ${PORT}
+local 10.53.0.5
+update del 5.0.53.10.in-addr.arpa.
+update add 5.0.53.10.in-addr.arpa. 600 A 1.2.3.4
+update add 5.0.53.10.in-addr.arpa. 600 A 1.2.3.3
+update add 5.0.53.10.in-addr.arpa. 600 A 1.2.3.2
+update add 5.0.53.10.in-addr.arpa. 600 AAAA ::ffff:1.2.3.4
+update add 5.0.53.10.in-addr.arpa. 600 AAAA ::ffff:1.2.3.3
+update add 5.0.53.10.in-addr.arpa. 600 AAAA ::ffff:1.2.3.2
+send
+END
+$DIG $DIGOPTS @10.53.0.6 \
+        +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+        ANY -x 10.53.0.5 > dig.out.ns6.test$n
+nextpart ns6/named.run > nextpart.out.test$n
+grep "attempt to add more records than permitted by policy" nextpart.out.test$n > /dev/null || ret=1
+# the policy is 'grant * tcp-self . PTR(1) ANY(2) A;' so all the A
+# records should have been added as there is no limit and the first 2
+# of the AAAA records added as they match ANY(2).
+c1=$(awk '$4 == "A" { print }' dig.out.ns6.test$n | wc -l)
+c2=$(awk '$4 == "AAAA" { print }' dig.out.ns6.test$n | wc -l)
+test "$c1" -eq 3 -a "$c2" -eq 2 || ret=1
+grep "::ffff:1.2.3.2" dig.out.ns6.test$n && ret=1
+if test $ret -ne 0
+then
+echo_i "failed"; status=1
+fi
+
 if $FEATURETEST --gssapi ; then
   n=`expr $n + 1`
   ret=0