--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+. 120 NS ns.
+ns. 120 A 10.53.0.1
--- /dev/null
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ query-source address 10.53.0.10;
+ notify-source 10.53.0.10;
+ transfer-source 10.53.0.10;
+ port @PORT@;
+ pid-file "named.pid";
+ session-keyfile "session.key";
+ listen-on { 10.53.0.10; };
+ listen-on-v6 { none; };
+ notify no;
+ minimal-responses no;
+ recursion yes;
+ dnssec-validation yes;
+};
+
+key rndc_key {
+ secret "1234abcd8765";
+ algorithm hmac-sha256;
+};
+controls {
+ inet 10.53.0.10 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+include "../trusted.conf";
+zone "." { type hint; file "hints"; };
+
+# grafted on zones using stub and static-stub
+zone "stub-nomatch." {type primary; file "stub.db"; };
+zone "static-stub-nomatch." {type primary; file "stub.db"; };
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ rewrite responses from this zone
+
+$TTL 120
+@ SOA ns hostmaster.ns ( 1 3600 1200 604800 60 )
+ NS ns
+ns A 10.53.0.10
+
+a3-1 A 10.53.99.99
+
+a4-1 A 10.53.99.99
zone "bl.tld2." {type primary; file "bl.tld2.db";
notify yes; notify-delay 0;};
+
+# grafted on zones using stub and static-stub
+zone "stub." {type primary; file "stub.db"; };
+zone "static-stub." {type primary; file "stub.db"; };
--- /dev/null
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ rewrite responses from this zone
+
+$TTL 120
+@ SOA tld2. hostmaster.ns.tld2. ( 1 3600 1200 604800 60 )
+ NS ns.sub1.tld2.
+
+a3-1 A 10.53.99.99
+
+a4-1 A 10.53.99.99
primaries { 10.53.0.5; };
notify no;
};
+
+zone "stub." {
+ type stub;
+ primaries { 10.53.0.2; };
+};
+
+zone "static-stub." {
+ type static-stub;
+ server-addresses { 10.53.0.2; };
+};
+
+zone "stub-nomatch." {
+ type stub;
+ primaries { 10.53.0.10; };
+};
+
+zone "static-stub-nomatch." {
+ type static-stub;
+ server-addresses { 10.53.0.10; };
+};
copy_setports ns7/named.conf.in ns7/named.conf
copy_setports ns8/named.conf.in ns8/named.conf
copy_setports ns9/named.conf.in ns9/named.conf
+copy_setports ns10/named.conf.in ns10/named.conf
copy_setports dnsrpzd.conf.in dnsrpzd.conf
ns6=$ns.6 # a forwarding server
ns7=$ns.7 # another rewriting resolver
ns8=$ns.8 # another rewriting resolver
+ns9=$ns.9 # another rewriting resolver
+ns10=$ns.10 # authoritative server
HAVE_CORE=
ckresult "$*" ${DIGNM}_OK && clean_result ${DIGNM}_OK
}
+nochange_ns10 () {
+ make_dignm
+ digcmd $* >$DIGNM
+ digcmd $* @$ns10 >${DIGNM}_OK
+ ckresult "$*" ${DIGNM}_OK && clean_result ${DIGNM}_OK
+}
+
# check against a 'here document'
here () {
make_dignm
# these tests assume "min-ns-dots 0"
start_group "NSDNAME rewrites" test3
+ nextpart ns3/named.run > /dev/null
nochange a3-1.tld2 # 1
nochange a3-1.tld2 +dnssec # 2 this once caused problems
nxdomain a3-1.sub1.tld2 # 3 NXDOMAIN *.sub1.tld2 by NSDNAME
addr 127.0.0.1 a3-1.sub3.tld2 # 10 prefer policy for largest NSDNAME
addr 127.0.0.2 a3-1.subsub.sub3.tld2 # 11
nxdomain xxx.crash1.tld2 # 12 dns_db_detachnode() crash
+
+ nxdomain a3-1.stub # 13
+ nxdomain a3-1.static-stub # 14
+ nochange_ns10 a3-1.stub-nomatch # 15
+ nochange_ns10 a3-1.static-stub-nomatch # 16
if [ "$mode" = dnsrps ]; then
- addr 12.12.12.12 as-ns.tld5. # 13 qname-as-ns
+ addr 12.12.12.12 as-ns.tld5. # 17 qname-as-ns
fi
+ nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" &&
+ setret "seen: unrecognized NS rpz_rrset_find() failed: glue"
end_group
if [ "$mode" = dnsrps ]; then
- ckstats $ns3 test3 ns3 8
+ ckstats $ns3 test3 ns3 10
else
- ckstats $ns3 test3 ns3 7
+ ckstats $ns3 test3 ns3 9
fi
# these tests assume "min-ns-dots 0"
start_group "NSIP rewrites" test4
+ nextpart ns3/named.run > /dev/null
nxdomain a3-1.tld2 # 1 NXDOMAIN for all of tld2
nochange a3-2.tld2. # 2 exempt rewrite by name
nochange a0-1.tld2. # 3 exempt rewrite by address block
nochange a3-1.tld4 # 4 different NS IP address
+ nxdomain a4-1.stub # 5
+ nxdomain a4-1.static-stub # 6
+ nochange_ns10 a4-1.stub-nomatch # 7
+ nochange_ns10 a4-1.static-stub-nomatch # 8
if [ "$mode" = dnsrps ]; then
- addr 12.12.12.12 as-ns.tld5. # 5 ip-as-ns
+ addr 12.12.12.12 as-ns.tld5. # 9 ip-as-ns
fi
+ nextpart ns3/named.run | grep -q "unrecognized NS rpz_rrset_find() failed: glue" &&
+ setret "seen: unrecognized NS rpz_rrset_find() failed: glue"
end_group
start_group "walled garden NSIP rewrites" test4a
EOF
end_group
if [ "$mode" = dnsrps ]; then
- ckstats $ns3 test4 ns3 5
+ ckstats $ns3 test4 ns3 7
else
- ckstats $ns3 test4 ns3 4
+ ckstats $ns3 test4 ns3 6
fi
# policies in ./test5 overridden by response-policy{} in ns3/named.conf
fi
# Ensure ns3 manages to transfer the fast-expire zone before shutdown.
+ nextpartreset ns3/named.run
wait_for_log 20 "zone fast-expire/IN: transferred serial 1" ns3/named.run
# reconfigure the ns5 primary server without the fast-expire zone, so
projects / thirdparty / bind9.git / commitdiff
