check 'update-policy 6to4-self' over IPv6

diff --git a/bin/tests/system/ifconfig.sh.in b/bin/tests/system/ifconfig.sh.in
index 0e054149f7bfb48d7520eefcf01fd58e9e475edc..ef50291672a11c4b44493b16d51e4efac6ce99c7 100755 (executable)
--- a/bin/tests/system/ifconfig.sh.in
+++ b/bin/tests/system/ifconfig.sh.in
@@ -21,6 +21,7 @@
 #       fd92:7065:b8e:99ff::{1..2}
 #       fd92:7065:b8e:ff::{1..2}
 #       fd92:7065:b8e:fffe::10.53.0.4
+#       2002:0a35:0007::1                       6to4 for 10.53.0.7
 #
 # We also set the MTU on the 1500 bytes to match the default MTU on physical
 # interfaces, so we can properly test the cases with packets bigger than
@@ -241,7 +242,7 @@ sequence() (
 max=11
 case $1 in
   start | up | stop | down)
-    for i in $(sequence 0 3); do
+    for i in $(sequence 0 4); do
       case $i in
         0) ipv6="ff" ;;
         1) ipv6="99" ;;
@@ -261,6 +262,11 @@ case $1 in
             a=
             aaaa=fd92:7065:b8e:fffe::10.53.0.$ns
             ;;
+          4)
+            [ $ns -ne 1 ] && continue
+            a=
+            aaaa=2002:0a35:0007::$ns
+            ;;
         esac
         case "$1" in
           start | up) up ;;

diff --git a/bin/tests/system/nsupdate/ns10/named.conf.in b/bin/tests/system/nsupdate/ns10/named.conf.in
index a186d14114b5b2a2a25c184ed431e200c603a39a..51a0b4f587373d972a9615687e706f07665c31e6 100644 (file)
--- a/bin/tests/system/nsupdate/ns10/named.conf.in
+++ b/bin/tests/system/nsupdate/ns10/named.conf.in
@@ -21,6 +21,7 @@ options {
        session-keyfile "session.key";
        listen-on { 10.53.0.10; };
        listen-on tls ephemeral { 10.53.0.10; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns5/named.conf.in b/bin/tests/system/nsupdate/ns5/named.conf.in
index e3c4d1b33d03b1cb3247d3f86d32f532ccce7a8a..223abd925e7fd7bb18755833d6effc40b3fc5d16 100644 (file)
--- a/bin/tests/system/nsupdate/ns5/named.conf.in
+++ b/bin/tests/system/nsupdate/ns5/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.5; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.in
index 5ed16235462a19cd18a344a88c933d2a8cc45c00..e2950aa3b7ecc192911b37414303324196897b06 100644 (file)
--- a/bin/tests/system/nsupdate/ns6/named.conf.in
+++ b/bin/tests/system/nsupdate/ns6/named.conf.in
@@ -15,10 +15,14 @@ options {
        query-source address 10.53.0.6;
        notify-source 10.53.0.6;
        transfer-source 10.53.0.6;
+       query-source-v6 address fd92:7065:b8e:ffff::6;
+       notify-source-v6 fd92:7065:b8e:ffff::6;
+       transfer-source-v6 fd92:7065:b8e:ffff::6;
        port @PORT@;
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.6; };
+       listen-on-v6 { fd92:7065:b8e:ffff::6; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns7/named1.conf.in b/bin/tests/system/nsupdate/ns7/named1.conf.in
index 28d2aeafd5aece50d5c8fac755f2835b6238b131..0fcdcab7b2e39242d1a8b8aec6e159e31047e6ab 100644 (file)
--- a/bin/tests/system/nsupdate/ns7/named1.conf.in
+++ b/bin/tests/system/nsupdate/ns7/named1.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.7; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns7/named2.conf.in b/bin/tests/system/nsupdate/ns7/named2.conf.in
index e5886e9acdd22ceb57f91541b4e8095446ce9a78..8ef779b81c0d1760681cf92cbf4fa1efcd8e006e 100644 (file)
--- a/bin/tests/system/nsupdate/ns7/named2.conf.in
+++ b/bin/tests/system/nsupdate/ns7/named2.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.7; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns8/named.conf.in b/bin/tests/system/nsupdate/ns8/named.conf.in
index f69d3adacad9363c28d168749c88a67fc6dca574..3d9913fc1f7e9dd09ee4b655e3e95e0f3e2c8add 100644 (file)
--- a/bin/tests/system/nsupdate/ns8/named.conf.in
+++ b/bin/tests/system/nsupdate/ns8/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.8; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in
index 2cdc6afa746bb7559556effa7061eb6d2e939b39..07e38d2d41a07b2df0bae59e20f2856ea185f696 100644 (file)
--- a/bin/tests/system/nsupdate/ns9/named.conf.in
+++ b/bin/tests/system/nsupdate/ns9/named.conf.in
@@ -19,6 +19,7 @@ options {
        pid-file "named.pid";
        session-keyfile "session.key";
        listen-on { 10.53.0.9; };
+       listen-on-v6 { none; };
        recursion no;
        notify yes;
        minimal-responses no;

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 6a1fb1b3cf078abda1d1671556c152b02eeddcf1..f3f97236676832e61eb93804a3a9ce385865b586 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -801,6 +801,48 @@ if test $ret -ne 0; then
   status=1
 fi
 
+n=$((n + 1))
+ret=0
+echo_i "check that 'update-policy 6to4-self' refuses update of records via UDP over IPv6 ($n)"
+REVERSE_NAME=7.0.0.0.5.3.a.0.2.0.0.2.ip6.arpa
+$NSUPDATE >nsupdate.out.$n 2>&1 <<END && ret=1
+server fd92:7065:b8e:ffff::6 ${PORT}
+local 2002:a35:7::1
+zone 2.0.0.2.ip6.arpa
+update add ${REVERSE_NAME} 600 NS localhost.
+send
+END
+grep REFUSED nsupdate.out.$n >/dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @fd92:7065:b8e:ffff::6 \
+  +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+  $REVERSE_NAME NS >dig.out.ns6.$n
+grep localhost. dig.out.ns6.$n >/dev/null 2>&1 && ret=1
+if test $ret -ne 0; then
+  echo_i "failed"
+  status=1
+fi
+
+n=$((n + 1))
+echo_i "check that 'update-policy 6to4-self' permits update of records for the client's own address via TCP over IPv6 ($n)"
+ret=0
+REVERSE_NAME=7.0.0.0.5.3.a.0.2.0.0.2.ip6.arpa
+$NSUPDATE -v >nsupdate.out.$n 2>&1 <<END || ret=1
+server fd92:7065:b8e:ffff::6 ${PORT}
+local 2002:a35:7::1
+zone 2.0.0.2.ip6.arpa
+update add ${REVERSE_NAME} 600 NS localhost.
+send
+END
+grep REFUSED nsupdate.out.$n >/dev/null 2>&1 && ret=1
+$DIG $DIGOPTS @fd92:7065:b8e:ffff::6 \
+  +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+  $REVERSE_NAME NS >dig.out.ns6.$n || ret=1
+grep localhost. dig.out.ns6.$n >/dev/null 2>&1 || ret=1
+if test $ret -ne 0; then
+  echo_i "failed"
+  status=1
+fi
+
 n=$((n + 1))
 ret=0
 echo_i "check that 'update-policy subdomain' is properly enforced ($n)"

diff --git a/bin/tests/system/org.isc.bind.system b/bin/tests/system/org.isc.bind.system
index df5c90b056851e34e607ed197ebd86bb5273b4bb..48a5756eaabf9b675c0bd3db6bd605534de9bd79 100644 (file)
--- a/bin/tests/system/org.isc.bind.system
+++ b/bin/tests/system/org.isc.bind.system
@@ -28,3 +28,4 @@ do
        ifup 2 00 $ns
 done
 /sbin/ifconfig lo0 inet6 fd92:7065:b8e:fffe::10.53.0.4 alias
+/sbin/ifconfig lo0 inet6 2002:a35:7::1 alias