rm -f ./ns1/insecure.example.db.signed
rm -f ./ns1/dnamed.db
rm -f ./ns1/dnamed.db.signed
+rm -f ./ns1/minimal.db
+rm -f ./ns1/minimal.db.signed
rm -f ./ns1/root.db
rm -f ./ns1/root.db.signed
rm -f ./ns1/trusted.conf
rm -f ./nxdomain.out ./insecure.nxdomain.out
rm -f ./wild.out ./insecure.wild.out
rm -f ./wildcname.out ./insecure.wildcname.out
+rm -f ./minimal.nxdomain.out
--- /dev/null
+$TTL 3600
+minimal. 3600 SOA ns1.minimal. hostmaster.minimal. (
+ 1 ; serial
+ 3600 ; refresh (1 hour)
+ 1200 ; retry (20 minutes)
+ 604800 ; expire (1 week)
+ 3600 ; minimum (1 hour)
+ )
+ 3600 NS ns1.minimal.
+ 3600 NSEC dnamed.minimal. NS SOA RRSIG NSEC DNSKEY
+dnamed.minimal. 3600 DNAME dnamed.
+ 3600 NSEC insecure.minimal. DNAME RRSIG NSEC
+insecure.minimal. 3600 NS ns1.insecure.minimal.
+ 3600 NSEC nodata.minimal. NS RRSIG NSEC
+nodata.minimal. 3600 TXT "nodata"
+ 3600 NSEC ns1.minimal. TXT RRSIG NSEC
+; incomplete chain pointing at non-existent ns2.minimal
+ns1.minimal. 3600 A 10.53.0.1
+ 3600 NSEC ns2.minimal. A RRSIG NSEC
+; minimal response for nxdomain.minimal.
+nxdomaia.minimal. 3600 NSEC nxdomaiz.minimal. RRSIG NSEC
+;
+*.wild-a.minimal. 3600 A 1.2.3.4
+ 3600 NSEC *.wild-cname.minimal. A RRSIG NSEC
+*.wild-cname.minimal. 3600 CNAME ns1.minimal.
+ 3600 NSEC minimal. CNAME RRSIG NSEC
+; glue
+ns1.insecure.minimal. 3600 A 10.53.0.1
file "dnamed.db.signed";
};
+zone "minimal" {
+ type primary;
+ file "minimal.db.signed";
+};
+
include "trusted.conf";
ns1.example A 10.53.0.1
dnamed NS ns1.dnamed
ns1.dnamed A 10.53.0.1
+minimal NS ns1.minimal
+ns1.minimal A 10.53.0.1
$SIGNER -P -o $zone $zonefile > /dev/null
+zone=minimal
+infile=minimal.db.in
+zonefile=minimal.db
+
+keyname=$($KEYGEN -q -a RSASHA256 -b 2048 -n zone $zone)
+cat "$infile" "$keyname.key" > "$zonefile"
+
+# do not regenerate NSEC chain as there in a minimal NSEC record present
+$SIGNER -P -Z nonsecify -o $zone $zonefile > /dev/null
+
zone=.
infile=root.db.in
zonefile=root.db
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+
+ echo_i "prime minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
+ ret=0
+ dig_with_opts nxdomain.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
+ check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+ check_status NXDOMAIN dig.out.ns${ns}.test$n || ret=1
+ check_nosynth_soa minimal. dig.out.ns${ns}.test$n || ret=1
+ grep "nxdomaia.minimal.*3600.IN.NSEC.nxdomaiz.minimal. RRSIG NSEC" dig.out.ns${ns}.test$n > /dev/null || ret=1
+ [ $ns -eq 2 ] && cp dig.out.ns${ns}.test$n minimal.nxdomain.out
+ n=$((n+1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
done
echo_i "prime redirect response (+nodnssec) (synth-from-dnssec <default>;) ($n)"
n=$((n+1))
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status+ret))
+
+ echo_i "check minimal NXDOMAIN response (synth-from-dnssec ${description};) ($n)"
+ ret=0
+ nextpart ns1/named.run > /dev/null
+ dig_with_opts nxdomaic.minimal. @10.53.0.${ns} a > dig.out.ns${ns}.test$n || ret=1
+ check_ad_flag $ad dig.out.ns${ns}.test$n || ret=1
+ check_status NXDOMAIN dig.out.ns${ns}.test$n || ret=1
+ check_nosynth_soa minimal. dig.out.ns${ns}.test$n || ret=1
+ nextpart ns1/named.run | grep nxdomaic.minimal/A > /dev/null || ret=1
+ digcomp minimal.nxdomain.out dig.out.ns${ns}.test$n || ret=1
+ n=$((n+1))
+ if [ $ret != 0 ]; then echo_i "failed"; fi
+ status=$((status+ret))
done
echo_i "check redirect response (+dnssec) (synth-from-dnssec <default>;) ($n)"
projects / thirdparty / bind9.git / commitdiff
