rm -f ns3/nsec3.db*
rm -f ns3/signed.db*
rm -f ns4/*.db
+rm -f ns5/dsset-*
+rm -f ns5/K* ns5/sign.ns5.*
+rm -f ns5/root.db ns5/root.db.signed
+rm -f ns5/signed.db ns5/signed.db.signed
+rm -f ns6/signed.db.signed
rm -f rndc.out
rm -f ns*/managed-keys.bind*
@ SOA a.root-servers.nil. marka.isc.org. 0 0 0 0 0
@ NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1
-example NS ns1.example.
+example NS ns1.example.
ns1.example. A 10.53.0.1
signed NS ns1.example.
ns1.signed. A 10.53.0.1
acl rfc1918 { 10/8; 192.168/16; 172.16/12; };
options {
- query-source address 10.53.0.2; /* note this is not 10.53.0.3 */
+ query-source address 10.53.0.2; /* note this is not 10.53.0.4 */
notify-source 10.53.0.4;
transfer-source 10.53.0.4;
port @PORT@;
notify yes;
dnssec-validation yes;
nxdomain-redirect "redirect";
-
};
key rndc_key {
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS5
+
+options {
+ port @PORT@;
+ listen-on port @PORT@ { 10.53.0.5; };
+ pid-file "named.pid";
+ nxdomain-redirect signed;
+};
+
+zone "." {
+ type master;
+ file "root.db.signed";
+};
+
+// An unsigned zone that ns6 has a delegation for.
+zone "unsigned." {
+ type master;
+ file "unsigned.db";
+};
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 86400 IN SOA a.root-servers.nil. hostmaster.example.net. 2019022100 1800 900 604800 86400
+. 518400 IN NS a.root-servers.nil.
+a.root-servers.nil. 518400 IN A 10.53.0.5
+signed. 172800 IN NS ns.signed.
+ns.signed. 172800 IN A 10.53.0.6
+unsigned. 172800 IN NS ns.unsigned.
+ns.unsigned. 172800 IN A 10.53.0.5
--- /dev/null
+#!/bin/sh -e
+#
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+# We sign the zone here and move the signed zone to ns6.
+# The ns5 server actually does not serve this zone but
+# the DS and NS records are in the test root zone, and
+# delegate to ns6.
+zone=signed.
+infile=signed.db.in
+zonefile=signed.db
+
+key1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null`
+key2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null`
+
+cat $infile $key1.key $key2.key > $zonefile
+
+$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.signed.out 2>&1
+
+cp signed.db.signed ../ns6
+
+# Root zone.
+zone=.
+infile=root.db.in
+zonefile=root.db
+
+key1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS $zone 2> /dev/null`
+key2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -fk $zone 2> /dev/null`
+
+# cat $infile $key1.key $key2.key > $zonefile
+cat $infile dsset-signed. $key1.key $key2.key > $zonefile
+
+$SIGNER -P -g -O full -o $zone $zonefile > sign.ns5.root.out 2>&1
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@ IN SOA ns.signed. hostmaster.signed. 0 0 0 0 0
+@ IN NS ns.signed.
+
+ns.signed. IN A 10.0.53.6
+domain.signed. IN A 10.0.53.1
+
+* IN A 100.100.100.1
+* IN AAAA 2001:ffff:ffff::100.100.100.1
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300
+@ IN SOA ns.unsigned. hostmaster.unsigned. 0 0 0 0 0
+@ IN NS ns.unsigned.
+
+ns.unsigned. IN A 10.53.0.6
+domain.unsigned. IN A 10.0.53.1
+
+* IN A 100.100.100.1
+* IN AAAA 2001:ffff:ffff::100.100.100.1
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+// NS6
+
+options {
+ port @PORT@;
+ listen-on port @PORT@ { 10.53.0.6; };
+ pid-file "named.pid";
+ nxdomain-redirect unsigned;
+};
+
+zone "." {
+ type master;
+ file "root.db";
+};
+
+// A signed zone that ns5 has a delegation for.
+zone "signed." {
+ type master;
+ file "signed.db.signed";
+};
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 86400 IN SOA a.root-servers.nil. hostmaster.example.net. 2019022100 1800 900 604800 86400
+. 518400 IN NS a.root-servers.nil.
+a.root-servers.nil. 518400 IN A 10.53.0.6
+signed. 172800 IN NS ns.signed.
+ns.signed. 172800 IN A 10.53.0.6
+unsigned. 172800 IN NS ns.unsigned.
+ns.unsigned. 172800 IN A 10.53.0.5
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns4/named.conf.in ns4/named.conf
+copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf
cp ns2/redirect.db.in ns2/redirect.db
cp ns2/example.db.in ns2/example.db
cp ns4/example.db.in ns4/example.db
( cd ns3 && $SHELL sign.sh )
+( cd ns5 && $SHELL sign.sh )
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
+echo_i "checking tld nxdomain-redirect against signed root zone ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.5 asdfasdfasdf > dig.out.ns5.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns5.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+echo_i "checking tld nxdomain-redirect against unsigned root zone ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.6 asdfasdfasdf > dig.out.ns6.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns6.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
./bin/tests/system/redirect/clean.sh SH 2011,2012,2013,2014,2015,2016,2018,2019
./bin/tests/system/redirect/ns1/sign.sh SH 2011,2012,2014,2016,2017,2018,2019
./bin/tests/system/redirect/ns3/sign.sh SH 2015,2016,2017,2018,2019
+./bin/tests/system/redirect/ns5/sign.sh SH 2019
./bin/tests/system/redirect/setup.sh SH 2011,2012,2013,2014,2015,2016,2017,2018,2019
./bin/tests/system/redirect/tests.sh SH 2011,2012,2013,2014,2015,2016,2018,2019
./bin/tests/system/resolver/ans2/ans.pl PERL 2000,2001,2004,2007,2009,2010,2012,2016,2018,2019
projects / thirdparty / bind9.git / commitdiff
